www.netwrix.com Open in urlscan Pro
18.213.173.120 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.netwrix.com/zerologon_attack.html
Submission: On March 30 via manual (March 30th 2023, 1:03:59 pm UTC) from IN — Scanned from DE

Summary HTTP 133 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 36 IPs in 5 countries across 30 domains to perform 133 HTTP transactions. The main IP is 18.213.173.120, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.netwrix.com. The Cisco Umbrella rank of the primary domain is 247257.
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on July 29th 2022. Valid for: a year.

This is the only time www.netwrix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	18.213.173.120 18.213.173.120	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	13.32.121.52 13.32.121.52	16509 (AMAZON-02) (AMAZON-02)
1	162.159.138.60 162.159.138.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
16	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.2.173.2 23.2.173.2	16625 (AKAMAI-AS) (AKAMAI-AS)
1	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a02:26f0:480... 2a02:26f0:480:c::210:f19f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:480... 2a02:26f0:480:e::210:f113	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:4f:1... 2620:1ec:4f:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:223... 2600:9000:223e:3000:15:a0d3:77c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20eb:2e00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	151.101.64.143 151.101.64.143	54113 (FASTLY) (FASTLY)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
2	13.56.154.116 13.56.154.116	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	169.48.219.66 169.48.219.66	36351 (SOFTLAYER) (SOFTLAYER)
2	20.114.190.119 20.114.190.119	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
11	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1 2	20.125.62.241 20.125.62.241	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
133	36

18 18.213.173.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-173-120.compute-1.amazonaws.com

www.netwrix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 13.32.121.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-52.fra60.r.cloudfront.net

img.netwrix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.2.173.2 (Haarlem, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-2-173-2.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.21 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:c::210:f19f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:e::210:f113 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:4f:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223e:3000:15:a0d3:77c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:2e00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.64.143 (United States)

ASN54113 (FASTLY, US)

s.swiftypecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.56.154.116 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-56-154-116.us-west-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

130-man-089.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.48.219.66 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 42.db.30a9.ip4.static.sl-reverse.com

cc.swiftype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.114.190.119 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

x.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.125.62.241 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	netwrix.com www.netwrix.com — Cisco Umbrella Rank: 247257 img.netwrix.com — Cisco Umbrella Rank: 418076	385 KB
18	6sc.co j.6sc.co — Cisco Umbrella Rank: 7318 c.6sc.co — Cisco Umbrella Rank: 10831 ipv6.6sc.co — Cisco Umbrella Rank: 7836 b.6sc.co — Cisco Umbrella Rank: 5453	18 KB
11	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 444	30 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1078 x.clarity.ms — Cisco Umbrella Rank: 8360 c.clarity.ms — Cisco Umbrella Rank: 1636	23 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2284	67 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 400 www.linkedin.com — Cisco Umbrella Rank: 579 px4.ads.linkedin.com — Cisco Umbrella Rank: 6196	3 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 407 c.bing.com — Cisco Umbrella Rank: 252	15 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5216	669 B
3	google.com www.google.com — Cisco Umbrella Rank: 2	669 B
3	swiftypecdn.com s.swiftypecdn.com — Cisco Umbrella Rank: 11107	149 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 stats.g.doubleclick.net — Cisco Umbrella Rank: 100	2 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	13 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	2 KB
2	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 284	741 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	234 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 12431	589 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 161	136 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3441	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	177 KB
1	swiftype.com cc.swiftype.com — Cisco Umbrella Rank: 12002	279 B
1	mktoresp.com 130-man-089.mktoresp.com — Cisco Umbrella Rank: 812284	318 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 687	396 B
1	t.co t.co — Cisco Umbrella Rank: 525	377 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1000	376 B
1	clickcease.com www.clickcease.com — Cisco Umbrella Rank: 10837	54 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 853	5 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 701	15 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 429	822 B
1	vimeo.com player.vimeo.com — Cisco Umbrella Rank: 2032	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 756	31 KB
133	30

	Domain	Requested by
29	img.netwrix.com	www.netwrix.com
18	www.netwrix.com	www.netwrix.com
12	b.6sc.co	www.netwrix.com
11	js-agent.newrelic.com	www.netwrix.com
5	www.google-analytics.com	www.netwrix.com
3	www.google.de	www.netwrix.com
3	www.google.com	www.netwrix.com
3	s.swiftypecdn.com	www.netwrix.com
3	bat.bing.com	www.netwrix.com
3	www.clarity.ms	www.netwrix.com
3	c.6sc.co	www.netwrix.com
3	cdnjs.cloudflare.com	www.netwrix.com
3	fonts.googleapis.com	www.netwrix.com
2	bam.nr-data.net	www.netwrix.com
2	c.clarity.ms	1 redirects
2	x.clarity.ms	www.netwrix.com
2	www.facebook.com	www.netwrix.com
2	epsilon.6sense.com	www.netwrix.com
2	stats.g.doubleclick.net	www.netwrix.com
2	px.ads.linkedin.com	2 redirects
2	connect.facebook.net	www.netwrix.com
2	ipv6.6sc.co	www.netwrix.com
2	munchkin.marketo.net	www.netwrix.com
2	www.googletagmanager.com	www.netwrix.com
1	c.bing.com	1 redirects
1	cc.swiftype.com	www.netwrix.com
1	130-man-089.mktoresp.com	munchkin.marketo.net
1	region1.google-analytics.com	www.googletagmanager.com
1	analytics.twitter.com	www.netwrix.com
1	t.co	www.netwrix.com
1	px4.ads.linkedin.com	www.netwrix.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	www.netwrix.com
1	www.clickcease.com	www.netwrix.com
1	googleads.g.doubleclick.net	www.netwrix.com
1	snap.licdn.com	www.netwrix.com
1	static.ads-twitter.com	www.netwrix.com
1	secure.adnxs.com	www.netwrix.com
1	j.6sc.co	www.netwrix.com
1	player.vimeo.com	www.netwrix.com
1	code.jquery.com	www.netwrix.com
133	41

This site contains links to these domains. Also see Links.

Domain
kb.netwrix.com
helpcenter.netwrix.com
security.netwrix.com
blog.netwrix.com
www.netwrix.de
www.netwrix.fr
www.netwrix.it
www.netwrix.es
www.secura.com
docs.microsoft.com
en.wikipedia.org
github.com
attack.mitre.org
msrc.microsoft.com
library.cyentia.com
support.microsoft.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com
community.spiceworks.com
www.instagram.com

Subject Issuer	Validity	Valid
*.netwrix.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-07-29` - `2023-08-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
6sc.co R3	`2023-03-11` - `2023-06-09`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-06` - `2023-04-06`	3 months	crt.sh
clickcease.com Amazon RSA 2048 M02	`2022-10-27` - `2023-11-25`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
s.swiftypecdn.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-28` - `2023-10-30`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-02-10` - `2023-06-30`	5 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
*.swiftype.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-07` - `2023-06-30`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.netwrix.com/zerologon_attack.html
Frame ID: 22A346BA99565E582E62E562418096A5
Requests: 131 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 96A9539DE3893F6C7AFC701F5B39F32B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Zerologon Exploit Attack

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HeadJS (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

head\.(?:core|load)(?:\.min)?\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

133
Requests

98 %
HTTPS

51 %
IPv6

30
Domains

41
Subdomains

36
IPs

5
Countries

1139 kB
Transfer

3127 kB
Size

39
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://kb.netwrix.com/
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://helpcenter.netwrix.com/
Title: Online Documentation

Search URL Search Domain Scan URL

URL: https://security.netwrix.com/
Title: Security Center

Search URL Search Domain Scan URL

URL: https://blog.netwrix.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.netwrix.de/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.netwrix.fr/
Title: Français

Search URL Search Domain Scan URL

URL: https://www.netwrix.it/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://www.netwrix.es/
Title: Español

Search URL Search Domain Scan URL

URL: https://www.secura.com/blog/zero-logon
Title: Secura announced a new vulnerability they named Zerologon

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/2d776bfc-e81f-4c8f-9da8-4c2920f65413
Title: Netlogon Remote Protocol

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/13db7494-6d2c-4448-be8f-cb5ba03e95d6
Title: ComputeNetLogonCredential

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)
Title: 8-bit cipher feedback mode

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz/wiki
Title: mimikatz

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0004/
Title: Privilege Escalation

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1068/
Title: Exploitation for Privilege Escalation

Search URL Search Domain Scan URL

URL: https://github.com/cobbr/Covenant
Title: Covenant

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/troubleshoot/windows-client/windows-security/enable-debug-logging-netlogon-service
Title: Netlogon debug logging

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472
Title: patches released by Microsoft in August of 2020

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/f61c3f4a-53ff-4f30-9006-6d93a2162ef8#_Hlk46243016:~:text=If%20none%20of%20the%20first%205,further%20processing%20of%20the%20following%20steps.%3C77%3E
Title: first 5 bytes of the clientStoredCredential are not unique

Search URL Search Domain Scan URL

URL: https://library.cyentia.com/report/report_005955.html
Title: Zerologon: Unauthenticated Domain Controller Compromise by Subverting Netlogon Cryptography (CVE-2020-1472)

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e
Title: How to manage the changes in Netlogon secure channel connection associated with CVE-2020-1472

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f
Title: Netlogon Remote Protocol

Search URL Search Domain Scan URL

URL: https://github.com/dirkjanm/CVE-2020-1472
Title: PoC for Zerologon: CVE-2020-1472

Search URL Search Domain Scan URL

URL: https://github.com/SecuraBV/CVE-2020-1472
Title: Zerologon testing script

Search URL Search Domain Scan URL

URL: https://github.com/BC-SECURITY/Invoke-ZeroLogon
Title: Invoke-ZeroLogon

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/455932/

Search URL Search Domain Scan URL

URL: https://twitter.com/netwrix

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Netwrix

Search URL Search Domain Scan URL

URL: https://www.youtube.com/Netwrix

Search URL Search Domain Scan URL

URL: https://community.spiceworks.com/pages/NetWrix

Search URL Search Domain Scan URL

URL: https://www.instagram.com/netwrix/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D79820%26time%3D1680181433820%26url%3Dhttps%253A%252F%252Fwww.netwrix.com%252Fzerologon_attack.html%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&liSync=true&e_ipv6=AQIav8AVaRHMWgAAAYcynheoQL11NgxWv9BUwZR3EAiScZ-AS3PFjbS44B9Yd254SALqMNtwnGJiYQ

Request Chain 115

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=E2B3DD348EB6467B8D2BDE7CFD2BD45C&RedC=c.clarity.ms&MXFR=05E86600BE3363BE38B174E4BA336DBD HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=E2B3DD348EB6467B8D2BDE7CFD2BD45C&MUID=11EE9E372282610418708CD323826078

133 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request zerologon_attack.html Show response
www.netwrix.com/ 175 KB
45 KB 574ms
325ms Document
text/html 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5a49ddb697bf0937c9ff812ed8c1e4838cc8eefc26ab9e42453dfd0bb4ff47c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
content-type: text/html; charset=UTF-8
date: Thu, 30 Mar 2023 13:03:53 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 bootstrap.min.css
www.netwrix.com/bootstrap/css/ 126 KB
27 KB 105ms
103ms Stylesheet
text/css 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/bootstrap/css/bootstrap.min.css

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

754d4d06248c6667197c692bc30fac801eb0a9687138250d289727029cb13472

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:30:56 GMT
server: nginx
content-encoding: gzip
etag: W/"637b7d90-1f863"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: text/css
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 mainResp.css
www.netwrix.com/css/views/layouts/css/ 60 KB
13 KB 104ms
102ms Stylesheet
text/css 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

461c064ff45824618545423a2ddae80d2423f66eeb189297ae13d13bfc5465e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 28 Mar 2023 15:21:47 GMT
server: nginx
content-encoding: gzip
etag: W/"6423060b-ee45"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: text/css
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
948 B 56ms
21ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

42fc207ebec992c03f7e8b3bf2f56ed07d798add6da0d4e91777eef7c9262875

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 11:27:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
722 B 57ms
22ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1afbf02ff203dd3afa888e73449b44a0ce303f21ece8ee6e8277ec354cc1d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 12:20:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
652 B 57ms
23ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans+Condensed:700

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2dd310aa86824e25ec3e4ebcc7509dfebf350bd819b4e3f252d1d3f2fe6f608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 12:31:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 prism.css
www.netwrix.com/assets/5fd6a786/ 2 KB
1 KB 103ms
101ms Stylesheet
text/css 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/5fd6a786/prism.css?v=1651153075

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

536e51234b82560e9c8e674cd14234699b7970d43af513669986a155e10850b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 28 Apr 2022 13:37:55 GMT
server: nginx
content-encoding: gzip
etag: W/"626a98b3-773"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: text/css
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 attackPage.css
www.netwrix.com/assets/d1f8222c/ 22 KB
4 KB 103ms
102ms Stylesheet
text/css 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/d1f8222c/attackPage.css?v=1680016936

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

64f5f4d87811f0c306863e7cc632b41cef45db97f8371b4608c51aff53e5b717

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 28 Mar 2023 15:22:16 GMT
server: nginx
content-encoding: gzip
etag: W/"64230628-5838"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: text/css
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 thunderboltWidget.css
www.netwrix.com/assets/e39987e2/ 7 KB
2 KB 102ms
100ms Stylesheet
text/css 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/e39987e2/thunderboltWidget.css?v=1680016903

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

74907d9980cda90b070d2f04935cea5a7d1389bde0b5c684dc41f49c6b9deb6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 28 Mar 2023 15:21:43 GMT
server: nginx
content-encoding: gzip
etag: W/"64230607-1cfb"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: text/css
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 jquery-3.6.4.min.js Show response
code.jquery.com/ 88 KB
31 KB 53ms
11ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.4.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15ec3"
vary: Accept-Encoding
x-hw: 1680181433.dop263.fr8.t,1680181433.cds320.fr8.hn,1680181433.cds057.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 31011

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/ 17 KB
7 KB 59ms
28ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/prism.min.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb38beea12a3a708c8dd789701ec714cf96cafb77c0385c20fb7b46ac1ca069a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 158339
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6003
last-modified: Thu, 16 Sep 2021 16:38:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6143730b-1773"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gdg6Ia%2FrM1BOTCBVFvrwCrzoQSnUshBKKCspBCNSLD6C80ru4rVJ2IdscVgJp82MxPX5WdATNx5a%2B3End1ek9o25n%2BbPjut9nQH4QKol0%2BLavJ%2FQMq9Ao3AAR1nh9vsbza5y3G0QJ6A4TA%2BEq9KNb9dS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b008e26baffb8d0-AMS
expires: Tue, 19 Mar 2024 13:03:53 GMT

GET
H2 200 prism-powershell.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/components/ 2 KB
1 KB 115ms
84ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/components/prism-powershell.min.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69c0bbc5ebb6f829c0118b09256f962874a7ed4f85247af5ee24561bd69ddb4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1107
last-modified: Thu, 16 Sep 2021 16:38:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6143730b-453"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PfVXoOAUCh1vfkPxq6cnwtx%2BwHr7lZGuV1G8%2BD5eyPEuSs2SPL9ao3Pi%2Bqcfia8olrNd2EE3hDZ4bA5fp%2FuBh6PEU5GOMzr9P5Loq8HsjlJE1fpnp2dMJ5V%2FEYyhxjlcgN08v83RvMM1IRPqyBQ7RktQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b008e26bb03b8d0-AMS
expires: Tue, 19 Mar 2024 13:03:53 GMT

GET
H2 200 Win_copy_%D0%BA%D0%BE%D0%BF%D0%B8%D1%8F_5.svg
img.netwrix.com/elements/thunderbolt/icons/ 862 B
1 KB 81ms
16ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/thunderbolt/icons/Win_copy_%D0%BA%D0%BE%D0%BF%D0%B8%D1%8F_5.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

b40cf974fa00ef7247f6990c1072e2a8a316f75160fc3d2b3c6e149e5bcd4373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 21:28:12 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 56433
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 862
last-modified: Thu, 16 Feb 2023 03:44:21 GMT
server: nginx
etag: "63eda695-35e"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: rQcY0Dl0ofI-tYfprsEuDXMhK1ZNQ2zQh8M4x1kL8MSmbb1Rv_ECKQ==

GET
H2 200 netwrix_logo.svg
img.netwrix.com/elements/ 2 KB
1 KB 67ms
15ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/netwrix_logo.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

6bd647825de4f7588aa090f25e832c3261a6f37d728226806618dca77ed99dad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 07:52:03 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 28 May 2019 15:24:31 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"5ced52af-894"
age: 18718
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 4bis9sW509965p4WJ7z_L7mpKqUojnYDzsXBE28z90bq_1j3Lu0vKA==

GET
H2 200 nwx-auditor.svg
img.netwrix.com/products/icons/24/ 2 KB
903 B 79ms
27ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-auditor.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

8a3e7f5b5fa2d9a77648c9ffb2df6fa33589b7b7b0dc259bbeea56621843a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 14:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:30 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211a-61d"
age: 80078
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Cp_OkKb5GXpzwN-jJcE_qTwKAr1Xgb8EBaYaRQKUAj4OjV0Qj3x1pg==

GET
H2 200 nwx-change-tracker.svg
img.netwrix.com/products/icons/24/ 1 KB
898 B 78ms
26ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-change-tracker.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

b7be94f069d1fcdfe18b9379b65b256901666e435469ab6a63b3d6072a2151c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 08:05:58 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:30 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211a-4c1"
age: 21715
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: hFePfHxrcynJFSrmig7zMExcsMGeni__5R43XvvQiTV1aPQWcdYx-g==

GET
H2 200 nwx-data-classification.svg
img.netwrix.com/products/icons/24/ 1 KB
996 B 68ms
16ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-data-classification.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

6a256d3ca9981bff0b64d708293ecd06e3856bda7cd47d32aaa71a8129c0f09c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 07:09:55 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:31 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211b-551"
age: 21261
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: uEQiVAZmwHt4N9WlHRBotxoPTY_wSfNyZD59A3bol-QEXt5gr86F9A==

GET
H2 200 nwx-password-policy-enforcer.svg
img.netwrix.com/products/icons/24/ 1 KB
946 B 67ms
15ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-password-policy-enforcer.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

566492fdc66f5b44ec285f3932a2a0894bbfca2ad8761e6b70babcd595b30d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 16:24:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:31 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211b-5d8"
age: 74384
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2jBFgWAdWOu4nJr_PO-s2mxODBY8tpbI0wXO_n6erYVdsj7xs_AFiw==

GET
H2 200 nwx-password-secure.svg
img.netwrix.com/products/icons/24/ 1 KB
987 B 22ms
20ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-password-secure.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

c7b9eebc784a36557686dbf3e115da48ce1f4dc81b9dc582f580ece410c5bb38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 07:29:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 10 Oct 2022 09:28:18 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"6343e5b2-5d0"
age: 21714
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: eOVNdFxFBoxLDmHUVeCyR-U5J1sOnK4JLAOvMSOl1gbm4e0sKlw3GA==

GET
H2 200 nwx-password-reset.svg
img.netwrix.com/products/icons/24/ 1 KB
912 B 23ms
21ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-password-reset.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

412d3bcc7a85690d5fe1a5e11158cd521b135b64f2b36638a8cf3939ee960594

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 10:03:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:31 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211b-4c1"
age: 10803
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: xfx_c4GJwgEsxJKOVxx0Dkq4Lazd9rJGbGaydimNOykelMA3hP06iQ==

GET
H2 200 nwx-policypak.svg
img.netwrix.com/products/icons/24/ 1 KB
945 B 32ms
30ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-policypak.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

025c8af9e79542f6893310a9f8f767bc5186de2afa031295d3788c533ffae997

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 12:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:32 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211c-515"
age: 1914
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: EFlO2al1lfm4ZxDbIKIR_ifQPRhDjNh6O_0pCWS1p7skNDQnYTjNdw==

GET
H2 200 nwx-sbPAM.svg
img.netwrix.com/products/icons/24/ 671 B
1 KB 25ms
23ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-sbPAM.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

6f7c88873d16fc6f132e8346ced23114f5dc7a3f62b1a251b4009967af5fd507

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 09:52:52 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 74384
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 671
last-modified: Wed, 29 Jun 2022 09:53:32 GMT
server: nginx
etag: "62bc211c-29f"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: x2p5CIfBTKWtPp_veg6tw0w6y8KxGN9KjCIz54r85LeNwyS4xEMgvg==

GET
H2 200 nwx-stealthAUDIT.svg
img.netwrix.com/products/icons/24/ 960 B
1 KB 32ms
30ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-stealthAUDIT.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

339885de9e24a113e0a54afc27a47f333cdce70adaec23a86ee7519c27ff4e8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 10:38:04 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 8749
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 960
last-modified: Wed, 29 Jun 2022 09:53:32 GMT
server: nginx
etag: "62bc211c-3c0"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: bmV6dqDsyNpDI4-79q8cvM_U0pIX5ypaHjVfB16WDhlIJFjQ2ijv_w==

GET
H2 200 nwx-stealthDEFEND.svg
img.netwrix.com/products/icons/24/ 1 KB
935 B 25ms
23ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-stealthDEFEND.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

c657791041857a648ac958f02f9486e7684e3c1c4361526b65cbeda30c762c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 07:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:32 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211c-428"
age: 20054
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: bzkH9GhHj3F4m-kqlhrM-6KUCJ5elnZt9wxIuYGEqd9-cY6VvzEZWg==

GET
H2 200 nwx-stealthINTERCEPT.svg
img.netwrix.com/products/icons/24/ 1 KB
916 B 31ms
29ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-stealthINTERCEPT.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

8ae708af464cb002c171ef2baed5583836e7dd9c66d084d88c62fe0f35ee1476

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 02:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:33 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211d-49c"
age: 74384
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: xXTf1A9IeMZK0blIsOa6ZUqJIH2U9W0CdI4BRjmXuWmEDpjHmFpvew==

GET
H2 200 nwx-stealthRECOVER.svg
img.netwrix.com/products/icons/24/ 1 KB
904 B 26ms
24ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-stealthRECOVER.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

5e214c13306df879d9baf6c53d645defa14b30e4db562f6fcc16b86600c28c51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 09:58:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Jun 2022 09:53:33 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"62bc211d-42b"
age: 11193
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: u0K-qNPL3a8Rdi20hvTNr8DWtDeeTTDHg87w0lUE085NRrqBy-yRjQ==

GET
H2 200 usercube.svg
img.netwrix.com/products/icons/24/ 2 KB
1 KB 28ms
27ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/usercube.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

f1a5371c3c00c4882b7757f3f75e2b0ea4c39a5fab1bd1dd4bd0fb799cce3195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 11:27:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 01 Nov 2022 09:36:40 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"6360e8a8-83c"
age: 74384
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6QL36WE2mQGaArLlTo8X8HFo0a17phhJ2yaww4r8-kZP2brvr_xOXg==

GET
H2 200 nwx-group-id.svg
img.netwrix.com/products/icons/24/ 3 KB
1 KB 26ms
24ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-group-id.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

7fc114991f02a1f73ee2d18349a3dd538a1c9d60e83c399f228da673af237b1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 07:46:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Dec 2022 10:41:40 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"63a03fe4-ba5"
age: 19023
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6WCdQwdkeb2thpBx78-0kq8uSTZ5ZeROKOe9VDwzKgDTzyx_hjPSJQ==

GET
H2 200 nwx-new-product.svg
img.netwrix.com/products/icons/24/ 3 KB
2 KB 27ms
26ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/products/icons/24/nwx-new-product.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

45ed40de8215e94d8c79937e10eecfa40d31a9e92de1a3f29b2baaa6d8201fd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 07:55:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Dec 2022 07:33:14 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"63a559ba-c16"
age: 80078
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 35pSKUlQX9cTPRE6JBP7WeqoVEN9tsuWKkeuZMZAUoXG2xpXybXhXA==

GET
H2 200 search.v001.svg
img.netwrix.com/elements/layout/ 680 B
1 KB 33ms
14ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/layout/search.v001.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

5d67155b7da66f362efdce9b348ddbfa2a9c655d0ed88dddd2c2c5ea95949fa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 19:40:25 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 80078
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 680
last-modified: Fri, 30 Jul 2021 08:34:10 GMT
server: nginx
etag: "6103b982-2a8"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: uCvxyPBTIEEbow_nIlprwchWOKs68VGTk7p9kbf1PRDnXXvsYXJJ6g==

GET
H2 200 language.svg
img.netwrix.com/elements/layout/ 2 KB
1 KB 32ms
14ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/layout/language.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

7a337ac82710a3622ec68cef21c8b4841a646d28abd36719d612af1fadf080be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 09:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Jul 2021 11:51:15 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"60fea1b3-64a"
age: 11883
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: fzOxi1mYhQwj_t3v-THcck4WSeD28KgBkydTehfg2Ddo7JZPl_-qlA==

GET
H2 200 user.svg
img.netwrix.com/elements/layout/ 2 KB
1 KB 32ms
13ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/layout/user.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

9885e26ef4f0698995da1f834dd82ffd4ae22cfe16c1b7c9db662a26dc6fe59a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 09:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 26 Jul 2021 11:51:15 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"60fea1b3-7d2"
age: 13013
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 9CCYWJXf3AE1h882ZOX7sNELJYFNvZzz6vYTHUl-McNkzf4OO0jACA==

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/ 26 KB
5 KB 21ms
19ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 17176
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4839
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-6857"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SwxCDtBXh47COcyxNKmYZvmpZTdDxcvz%2Fm3nflq4WShCmSHKLL4QewE%2Fd8pM0r2yjIbafY3u%2BdXeKSEs5SL%2BxACUqYwj%2BYaFWi1mqEaeGu1zu3g4Lcunncf%2Bodyoc1aqI32U6e4MK7AAyCY%2Fu%2ByTJFny"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b008e27fc5fb8d0-AMS
expires: Tue, 19 Mar 2024 13:03:53 GMT

GET
H2 200 fire.svg
img.netwrix.com/elements/attack/ 2 KB
1 KB 32ms
31ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/fire.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

e3202abd8f311cc5fb4873e988b6c46309610fe1317c1aeb237fef65ff3ec1b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 02:37:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 16 Dec 2021 19:59:25 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"61bb9a9d-688"
age: 37601
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: JQ35i2GX5XXANHH6R538VB09mXEAQrLOemK6ittjqjDUN6pgnT5JGQ==

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 21 KB
7 KB 53ms
22ms Script
application/javascript 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7919e42c1593715dd408c9f1e4b5c51b5b80ead7dc71b94535180b452724519f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-varnish-cache: 1
Date: Thu, 30 Mar 2023 13:03:53 GMT
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
CF-Cache-Status: DYNAMIC
via: 1.1 varnish, 1.1 varnish
Age: 552
X-Cache: HIT
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Thu, 30 Mar 2023 13:24:41 GMT
x-host: player-764f8dd7dc-5hnnf
Connection: keep-alive
x-vserver: playproxy-rollout-prod-varnish-3
Content-Length: 6272
x-xss-protection: 1; mode=block
X-Served-By: cache-fra-eddf8230048-FRA
X-Player-Backend: p
Server: cloudflare
X-Timer: S1680181434.522173,VS0,VE0
x-backend-proxy: playproxy4
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server: player-764f8dd7dc-5hnnf
Accept-Ranges: bytes
CF-RAY: 7b008e276d709214-FRA
X-Cache-Hits: 465

GET
H2 200 js.cookie.min.js Show response
www.netwrix.com/assets/14222b70/ 2 KB
1 KB 103ms
100ms Script
application/javascript 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/14222b70/js.cookie.min.js?v=1669037618

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

11aade4adaa06539cc52a2d6b439026b74a576f07c34f058f2ee42e9950c5917

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:33:38 GMT
server: nginx
content-encoding: gzip
etag: W/"637b7e32-6be"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 head.load.min.js Show response
www.netwrix.com/assets/42191847/ 4 KB
2 KB 103ms
101ms Script
application/javascript 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/42191847/head.load.min.js?v=1669037616

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

97198e39097a4b8ef96fb1695a26e844384156574e2848d987c5b0e5a38a5ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:33:36 GMT
server: nginx
content-encoding: gzip
etag: W/"637b7e30-11f9"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 bootstrap.min.js Show response
www.netwrix.com/assets/39fa25a7/ 39 KB
13 KB 103ms
103ms Script
application/javascript 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/39fa25a7/bootstrap.min.js?v=1669037456

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c3177910cf9cba71dad1dadbe17c63932b0174c01c33d1d7279ee7317e2cb895

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:30:56 GMT
server: nginx
content-encoding: gzip
etag: W/"637b7d90-9be3"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 navigation.min.js Show response
www.netwrix.com/assets/42191847/ 7 KB
3 KB 103ms
101ms Script
application/javascript 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/42191847/navigation.min.js?v=1669978953

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

04668376d3658c61ea961e9de7028483a8809774f047bad56d4d9fb80ce730a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 02 Dec 2022 11:02:33 GMT
server: nginx
content-encoding: gzip
etag: W/"6389db49-1adb"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 mainResp.min.js Show response
www.netwrix.com/assets/42191847/ 2 KB
1 KB 104ms
102ms Script
application/javascript 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/assets/42191847/mainResp.min.js?v=1669978914

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b013fed92c991ef7c4c105785242a194aa3cb987b42a6af875f6fbaeb73295a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 02 Dec 2022 11:01:54 GMT
server: nginx
content-encoding: gzip
etag: W/"6389db22-7b9"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 nav.css
www.netwrix.com/css/bulma/dist/ 28 KB
5 KB 101ms
101ms Stylesheet
text/css 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/css/bulma/dist/nav.css

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6221029d1ba3de70d5ae33e82fcb378bad79ded371123608bcd8b2ac87ebc910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:31:11 GMT
server: nginx
content-encoding: gzip
etag: W/"637b7d9f-71c1"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: text/css
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 359 KB
100 KB 109ms
52ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NKJ33G

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42775c1e34e8a0f3cc84b48e5d54f975b2418b62b4f63aa783d19e02cfebab97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 102090
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 Imanami_7.jpg
img.netwrix.com/elements/thunderbolt/backgrounds/ 12 KB
13 KB 27ms
25ms Image
image/jpeg 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/thunderbolt/backgrounds/Imanami_7.jpg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

32d22776abfd902c81c7e3966b1f03540092ebe2119696fb61461029e19d645b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 16:26:46 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 74356
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 12413
last-modified: Wed, 26 Oct 2022 15:22:01 GMT
server: nginx
etag: "63595099-307d"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: KuQ1tzAw3pKQHIOu_xDpBi2ekwthZ6ST3yCEog8aDGGuwpxix18oGQ==

GET
H2 200 elements-lg.png
img.netwrix.com/elements/attack/ 4 KB
4 KB 31ms
13ms Image
image/png 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/elements-lg.png

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/assets/d1f8222c/attackPage.css?v=1680016936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

feedf94980381ccc8142637a58de03e90fc77a30810f55c91c00335e3ffe63a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 19:15:43 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 82747
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 3886
last-modified: Thu, 16 Dec 2021 14:42:36 GMT
server: nginx
etag: "61bb505c-f2e"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: Mv8DNFy1OKuspGOTShcxNOyKMDEgTnMpCUxdv6hQyWdD3U0lz3Qqjg==

GET
H2 200 Obtains_a_foothold.svg
img.netwrix.com/elements/attack/icons/ 2 KB
1 KB 30ms
29ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/icons/Obtains_a_foothold.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

5018252aa87cf5b66ac9d11ba13c6f95cff4a07b931cf1ccc910007a78190696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 01 Apr 2022 10:24:13 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"6246d2cd-671"
age: 11987
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: y5TtlQYmnyXQHa0N0eW3_mb7NUQQlAHCHUTpUInyPPxxbLhIAja3Pw==

GET
H2 200 arrow-up.svg
img.netwrix.com/elements/attack/ 208 B
604 B 33ms
31ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/arrow-up.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/assets/d1f8222c/attackPage.css?v=1680016936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

9b8e994477d5c48cc765e34061b44a022e8562bc80482e173f98149753240dd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 08:16:08 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 17383
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 208
last-modified: Mon, 10 Jan 2022 21:45:16 GMT
server: nginx
etag: "61dca8ec-d0"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: xKsUM332hoFF3sERcFMfuiecW5fMUMy6-avmBPb9GUv9lQNBPWCUzA==

GET
H2 200 Performs_LDAP_reconnaissance.svg
img.netwrix.com/elements/attack/icons/ 2 KB
1 KB 30ms
28ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/icons/Performs_LDAP_reconnaissance.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

237084a8eff0abfe51ba81afd406eb9bd27af690a22b411934ea371e59e2ecce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 13:50:03 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 01 Apr 2022 10:24:15 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"6246d2cf-9fb"
age: 83630
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: VN8UZ4GBkP6lhJJc-Lf_fezWIkZMRFetide5XwEqseOkCx4aJocfkA==

GET
H2 200 arrow-down.svg
img.netwrix.com/elements/attack/ 208 B
605 B 29ms
27ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/arrow-down.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/assets/d1f8222c/attackPage.css?v=1680016936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

58ab1702b23e34265abd5c882afc6273f160b0c0bcdb8386f207fb4f67f9fa88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 08:38:04 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 16152
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 208
last-modified: Mon, 10 Jan 2022 21:45:16 GMT
server: nginx
etag: "61dca8ec-d0"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: ovYi8IjuT9XMRUCdHQJOMlHZpktLCLEB2GpZcErRU8b8bLQZdaZVrg==

GET
H2 200 keys.svg
img.netwrix.com/elements/attack/icons/ 2 KB
1 KB 33ms
32ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/icons/keys.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

334644922f890a70359f8400d53511bd9a1fe117b65b644a0f34e898151afdfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 08:38:04 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 16 Dec 2021 15:45:31 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"61bb5f1b-947"
age: 15949
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: d9MgxcCOLEQG_GNHK10_lf-SxnD8pL2orjIivbdkl8_2QSH-togamA==

GET
H2 200 compromises_necessary_privileges.svg
img.netwrix.com/elements/attack/icons/ 2 KB
932 B 34ms
32ms Image
image/svg+xml 13.32.121.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.netwrix.com/elements/attack/icons/compromises_necessary_privileges.svg

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-52.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

0326bcabd7c546121a795e8f44af12de093b81262f531ea8d140a6221a0912bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 01 Apr 2022 10:24:09 GMT
server: nginx
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"6246d2c9-60e"
age: 182
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/svg+xml
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: i8DGqzAEqhjsxKWdc8_i1Vzmq3AsTmZkmSG9vNjx5iqHmyIpBuK0lA==

GET
H2 200 open-sans-v15-latin-ext_latin_cyrillic-ext_cyrillic-700.woff2
www.netwrix.com/fonts/opensans/ 60 KB
60 KB 195ms
194ms Font
font/woff2 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/fonts/opensans/open-sans-v15-latin-ext_latin_cyrillic-ext_cyrillic-700.woff2

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

78d358ba019a1cd3b28a8917560a433fc03f52c2ec058a85bd00f2236cded66e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907
Origin: https://www.netwrix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:31:28 GMT
server: nginx
etag: "637b7db0-ee6c"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 61036
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 open-sans-v15-latin-ext_latin_cyrillic-ext_cyrillic-600.woff2
www.netwrix.com/fonts/opensans/ 60 KB
61 KB 102ms
100ms Font
font/woff2 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/fonts/opensans/open-sans-v15-latin-ext_latin_cyrillic-ext_cyrillic-600.woff2

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

51f0bacf9e49a400a5a2947ef6b14127ef3241b0760d97721e0aedd7add66456

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907
Origin: https://www.netwrix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:31:28 GMT
server: nginx
etag: "637b7db0-f06c"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 61548
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 open-sans-v15-latin-ext_latin_cyrillic-ext_cyrillic-regular.woff2
www.netwrix.com/fonts/opensans/ 58 KB
59 KB 103ms
102ms Font
font/woff2 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/fonts/opensans/open-sans-v15-latin-ext_latin_cyrillic-ext_cyrillic-regular.woff2

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

03e2544599e5a06566b2579f82ac6e445b724435fccb1f3e8988e58f45b1fc5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907
Origin: https://www.netwrix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:31:28 GMT
server: nginx
etag: "637b7db0-e8d0"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 59600
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 glyphicons-halflings-regular.woff2
www.netwrix.com/bootstrap/fonts/ 18 KB
18 KB 194ms
193ms Font
font/woff2 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/bootstrap/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/bootstrap/css/bootstrap.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.netwrix.com/bootstrap/css/bootstrap.min.css
Origin: https://www.netwrix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:30:56 GMT
server: nginx
etag: "637b7d90-466c"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 18028
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 roboto-v27-latin_cyrillic-500.woff2
www.netwrix.com/fonts/roboto/ 22 KB
23 KB 194ms
193ms Font
font/woff2 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/fonts/roboto/roboto-v27-latin_cyrillic-500.woff2

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5a0642d6337bac5866e43a43df548fb214d2f794dae275cd6e4a35d3b4bc334a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.netwrix.com/css/views/layouts/css/mainResp.css?v=1680016907
Origin: https://www.netwrix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:31:28 GMT
server: nginx
etag: "637b7db0-58d0"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 22736
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
11 KB 55ms
7ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

0d9dbf31d05263a24eb79aaf7c6e26917c6ccd31b642bb4a1d34292e25daa405

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Mar 2023 21:36:45 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "640a516d-8319"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10492
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 159ms
18ms Script
application/x-javascript 23.2.173.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.173.2 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-173-2.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 13:03:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
822 B 35ms
7ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 13:03:53 GMT
AN-X-Request-Uuid: 2cb27b91-e147-4fcf-926d-b84aef0d0f76
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.netwrix.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.134; 178.162.209.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
202 B 23ms
7ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.netwrix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 24 B
316 B 55ms
7ms XHR
text/html 2a02:26f0:480:c::210:f19f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:c::210:f19f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ea3936c658514ceedc75f1a29737460ae3b5857ee35ac58fa8510edf471548f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:53 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.netwrix.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2050:a007:2::12
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466717_34664543_615458200_14_547_6_0";dur=1
content-length: 24
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 swiftype.js Show response
www.netwrix.com/js/ 396 B
742 B 101ms
100ms Script
application/javascript 18.213.173.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netwrix.com/js/swiftype.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.173.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-173-120.compute-1.amazonaws.com

Software

nginx /

Resource Hash

170749540c42a613b03eafbc85f0dfb42cb706dc488fadb9a081942ac6f47cbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/zerologon_attack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Mon, 21 Nov 2022 13:33:37 GMT
server: nginx
content-encoding: gzip
etag: W/"637b7e31-18c"
content-security-policy-report-only: default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 29 Mar 2024 13:03:53 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 266ms
193ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22d333e3a24263728792aefde7a6e3e309%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
202 B 11ms
10ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.netwrix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 47ms
14ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 30 Mar 2023 12:43:15 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1238
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 30 Mar 2023 14:43:15 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 38ms
7ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-hhn-etou8220054-HHN

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 121 KB
47 KB 54ms
24ms Script
application/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-5DPZF9N

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

38c642d488a62343ce6a1d07f150398db97acb73dc37b25345b93e7123284ef6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 47639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 33ms
7ms Script
application/x-javascript 2a02:26f0:480:e::210:f113
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:e::210:f113 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=25404
accept-ranges: bytes
content-length: 4777

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/861514844/ 2 KB
2 KB 89ms
52ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/861514844/?random=1680181433767&cv=11&fst=1680181433767&bg=ffffff&guid=ON&async=1&gtm=45He33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&hn=www.googleadservices.com&frm=0&tiba=Zerologon%20Exploit%20Attack&auid=1254822808.1680181434&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a80cf926a91b78504a34a61d05f27b3acd6b76c5daf5e532a970e6cf03157af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1195
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ck28b8ehgp Show response
www.clarity.ms/tag/ 625 B
983 B 168ms
100ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/ck28b8ehgp?ref=gtm
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c4339b8a1293d7aeb9733772802f012e06a80c78e637126c94e8e264c819731c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: application/x-javascript
date: Thu, 30 Mar 2023 13:03:53 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0uYglZAAAAAD3IwM1Rk1xSbOniJqL3qvpRlJBMzFFREdFMDkyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 76ms
36ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 30 Mar 2023 13:03:53 GMT
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0178124AFA9B451A86102942A3CBAE3B Ref B: FRAEDGE1919 Ref C: 2023-03-30T13:03:53Z
etag: "8072cff03442d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11894

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 33ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 13:03:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: X3bphrqb2IPi91KAc8e2nLq2BcCXpavaobO+Nn3GydE4m9VKfGEOTFv+CLKK87iekbPBRRiU8GVLWz9swnDq1g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 171 KB
54 KB 65ms
11ms Script
application/javascript 2600:9000:223e:3000:15:a0d3:77c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:3000:15:a0d3:77c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: 6Er2d0GJvgnFniPQXIH7h8kzG7dJBNJf
content-encoding: gzip
via: 1.1 c9499008aa7e1acd11e9fbc171281d82.cloudfront.net (CloudFront)
date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
x-amz-cf-pop: FRA56-P4
age: 1
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Nov 2022 11:31:37 GMT
server: AmazonS3
etag: W/"1c27f449b067550681f23ad3e53988fa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: microphone 'none'; camera 'none';
x-amz-cf-id: KZSZns49A5i6XFHORShpxq0v7kxxg1VHwa9C0XI41KhM0KFFnO4Dvg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
77 KB 22ms
21ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z8M2NDPEEV&l=dataLayer&cx=c

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aa72da1d905677af470552cdc4210e15e41f84e45b7e78b3d242512c0049085d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78673
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 208ms
189ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%2256%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 199ms
185ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22d333e3a24263728792aefde7a6e3e309%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%2256%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 195ms
187ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22a118703fdbd1497b6d8d9c3c3a3fc83ca7346363%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%2257%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 189ms
184ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%2257%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 186ms
186ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20Mar%202023%2013%3A03%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%2258%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 186ms
186ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=d333e3a24263728792aefde7a6e3e309&svisitor=null&visitor=3264ec0d-b161-42f6-8fe9-5e15590671cd&session=aa8c85c1-dcda-46f6-89e6-40aa1c753933&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2050%3Aa007%3A2%3A%3A12%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20article%20explains%20how%20adversaries%20use%20the%20Zerologon%20exploit%20to%20gain%20access%20to%20Active%20Directory%20and%20how%20you%20can%20detect%2C%20mitigate%20and%20respond%20to%20it%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Zerologon%20Exploit%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&pageViewId=cf7d78ab-dbc2-4474-8bc5-613a20dd5e81&an_uid=0

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
202 B 8ms
8ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.netwrix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 24 B
315 B 7ms
7ms XHR
text/html 2a02:26f0:480:c::210:f19f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:c::210:f19f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ea3936c658514ceedc75f1a29737460ae3b5857ee35ac58fa8510edf471548f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:53 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.netwrix.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2050:a007:2::12
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466717_34664543_615458221_9_453_6_0";dur=1
content-length: 24
expires: Thu, 30 Mar 2023 13:03:53 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 15ms
15ms Script
application/x-javascript 23.2.173.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.173.2 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-173-2.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 13:03:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Sat, 08 Jul 2023 13:03:53 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/79820/domain/netwrix.com/ 36 B
376 B 53ms
9ms XHR
application/json 2600:9000:20eb:2e00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/79820/domain/netwrix.com/token
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:2e00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 12:22:23 GMT
content-encoding: gzip
via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 2490
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: ZKojgLPDPDFYmsQXkkqcVSxQeex9BSYRPEzZry-rF-a90WtYejxiCA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D79820%26time%3D1680181433820%26url%3Dhttps%253A%252F%252Fwww.netwrix.com%252Fzero...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&liSync=true&e_ipv6=AQIav8AVaRHMWgAAAYcynheoQL11NgxWv9BUwZR3EAi...

0
481 B

178ms
148ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&liSync=true&e_ipv6=AQIav8AVaRHMWgAAAYcynheoQL11NgxWv9BUwZR3EAiScZ-AS3PFjbS44B9Yd254SALqMNtwnGJiYQ
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 5A8F29CCAADD4497BA3A810CF50A3F1E Ref B: FRAEDGE1407 Ref C: 2023-03-30T13:03:54Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-ltx1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX4HbmPFzUmEK1y6Clfjw==

Redirect headers

date: Thu, 30 Mar 2023 13:03:53 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: A8BB03BD95104F4DB3F8BC67F4ADC435 Ref B: FRAEDGE1712 Ref C: 2023-03-30T13:03:54Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=79820&time=1680181433820&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&liSync=true&e_ipv6=AQIav8AVaRHMWgAAAYcynheoQL11NgxWv9BUwZR3EAiScZ-AS3PFjbS44B9Yd254SALqMNtwnGJiYQ
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX4HbmMUftq4ImU39+47w==

GET
H/1.1 200
OK st.js Show response
s.swiftypecdn.com/install/v2/ 416 KB
110 KB 49ms
7ms Script
text/javascript 151.101.64.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.swiftypecdn.com/install/v2/st.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.64.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9b413d13e99e505ae68b03450cb2b21a714e8d069b575715b6072d9a19def449

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 13:03:53 GMT
Content-Encoding: gzip
Via: 1.1 varnish
Age: 55
X-Cache: HIT
Connection: keep-alive
Content-Length: 112283
X-Served-By: cache-fra-eddf8230094-FRA
X-Timer: S1680181434.905490,VS0,VE0
ETag: "637fb88e-1b69b"
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public, max-age=300, public
Accept-Ranges: bytes
X-Cache-Hits: 5

GET
H2 200 adsct
t.co/i/ 43 B
377 B 140ms
112ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=55a98b41-22c1-4ab7-a45c-3a2799e7c78c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66121036-f2f6-4e0b-9fc4-613b7f9ded17&tw_document_href=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvqhc&type=javascript&version=2.3.29

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 105
date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 445295662c66ec09
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 9770bdbe45becf55d10abb8402f7c659aa73234a2cc075123bcde24fcb50d633
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
396 B 140ms
111ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=55a98b41-22c1-4ab7-a45c-3a2799e7c78c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66121036-f2f6-4e0b-9fc4-613b7f9ded17&tw_document_href=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvqhc&type=javascript&version=2.3.29

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 104
date: Thu, 30 Mar 2023 13:03:53 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 536b86bed2ae9042
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 768ab789d893d760f0e3964bf495cedd64df4c3b81b665fac782a974c807b516
content-length: 43

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
182 B 17ms
17ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1238700189&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&ul=en-us&de=UTF-8&dt=Zerologon%20Exploit%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Non-Bounce&ea=15_seconds&_u=YEBAAAABQAAAAC~&jid=436821635&gjid=190225329&cid=369658047.1680181434&tid=UA-2538779-1&_gid=1852014151.1680181434&_r=1&_slc=1&gtm=45He33r0n71NKJ33G&z=1855329358

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netwrix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 806225786101261 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/806225786101261?v=2.9.100&r=stable

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

015b3596f3a01e8343d000b0fa0d8f58ef6bf40ad942b81d9de546cfc9d8645f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 13:03:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110240
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: B+0JFGe3BRzCkP2ZKFyWNAb2U6P40JF82bXuGNpi1uSrQY9A5f/w798TGIUgpzjzxd2VtZjBVZSez/VjRM0D+Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 50ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z8M2NDPEEV&gtm=45je33r0&_p=1238700189&cid=369658047.1680181434&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1680181433&sct=1&seg=0&dl=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&dt=Zerologon%20Exploit%20Attack&en=page_view&_fv=1&_ss=1&ep.page=%2Fzerologon_attack.html&ep.content_group=uncategorized
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z8M2NDPEEV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netwrix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 62ms
18ms XHR
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-2538779-1&cid=369658047.1680181434&jid=436821635&gjid=190225329&_gid=1852014151.1680181434&_u=YEBAAAAAQAAAAC~&z=1966849736

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netwrix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 18ms
18ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1238700189&t=pageview&_s=1&dl=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&dp=%2Fzerologon_attack.html&ul=en-us&de=UTF-8&dt=Zerologon%20Exploit%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEABRAAAACAAI~&jid=702064377&gjid=527943988&cid=369658047.1680181434&tid=UA-2538779-16&_gid=1852014151.1680181434&_r=1&_slc=1&gtm=45He33r0n71NKJ33G&cg1=uncategorized&z=195061713

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netwrix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 756 B
589 B 557ms
171ms XHR
application/json 13.56.154.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.154.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-56-154-116.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d96ac3de06de0a5a49356221469a414db632cd4486a405940cd839f8e23c1f83

Request headers

Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
Authorization: Token a118703fdbd1497b6d8d9c3c3a3fc83ca7346363
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.netwrix.com
access-control-allow-credentials: true
content-length: 404

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 505ms
166ms Preflight 13.56.154.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.56.154.116 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-56-154-116.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.netwrix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.netwrix.com
access-control-max-age: 1800
date: Thu, 30 Mar 2023 13:03:54 GMT
server: nginx

GET
H2 200 /
www.google.com/pagead/1p-user-list/861514844/ 42 B
455 B 69ms
28ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/861514844/?random=1680181433767&cv=11&fst=1680181200000&bg=ffffff&guid=ON&async=1&gtm=45He33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&frm=0&tiba=Zerologon%20Exploit%20Attack&fmt=3&is_vtc=1&random=2935587021&rmt_tld=0&ipr=y

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/861514844/ 42 B
455 B 60ms
25ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/861514844/?random=1680181433767&cv=11&fst=1680181200000&bg=ffffff&guid=ON&async=1&gtm=45He33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&frm=0&tiba=Zerologon%20Exploit%20Attack&fmt=3&is_vtc=1&random=2935587021&rmt_tld=1&ipr=y

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
130-man-089.mktoresp.com/webevents/ 2 B
318 B 1122ms
129ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://130-man-089.mktoresp.com/webevents/visitWebPage?_mchNc=1680181433927&_mchCn=&_mchId=130-MAN-089&_mchTk=_mch-netwrix.com-1680181433927-73419&_mchHo=www.netwrix.com&_mchPo=&_mchRu=%2Fzerologon_attack.html&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 13:03:55 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: cf45e7dd-ab5e-434d-a4b4-a836d0cbf955

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 33ms
9ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=806225786101261&ev=PageView&dl=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&rl=&if=false&ts=1680181433939&sw=1600&sh=1200&v=2.9.100&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1680181433938.289142867&it=1680181433845&coo=false&rqm=GET

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 13:03:54 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 4005993.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 109ms
109ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/4005993.js

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b744ad945b48f9c5ccdab371c0eebe3301d3ba862a317dd5ac0c2a8588c8a571

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 30 Mar 2023 13:03:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D32EEE2BC4E94D9CACFF8B29FC475D9C Ref B: FRAEDGE1919 Ref C: 2023-03-30T13:03:53Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60
content-length: 1496

GET
H2 204 0
bat.bing.com/action/ 0
285 B 38ms
38ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=4005993&tm=gtm002&Ver=2&mid=bc4a3257-c0a8-4d81-b0f4-7eae1ee018d0&sid=52c9e190cefb11ed88bceb5da2990c15&vid=52c9f660cefb11edaa84c3a4a3100ab2&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Zerologon%20Exploit%20Attack&p=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&r=&lt=895&evt=pageLoad&sv=1&rn=430739

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 30 Mar 2023 13:03:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 39C91F62EC3D4CCB926E215DCA80CA8D Ref B: FRAEDGE1919 Ref C: 2023-03-30T13:03:53Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 18ms
18ms XHR
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-2538779-16&cid=369658047.1680181434&jid=702064377&gjid=527943988&_gid=1852014151.1680181434&_u=aGDACEABRAAAACAAI~&z=1067311634

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 30 Mar 2023 13:03:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netwrix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK SkcyW5iG9Bt42E8Qx3NE.json Show response
s.swiftypecdn.com/install/v2/config/ 19 KB
5 KB 22ms
7ms XHR
application/json 151.101.64.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://s.swiftypecdn.com/install/v2/config/SkcyW5iG9Bt42E8Qx3NE.json

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.143 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8ccbd45208b184f5dbdf57348592f6e32eb29136ae47c5d15eab1ea06b13b1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 13:03:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 varnish
X-Permitted-Cross-Domain-Policies: none
Age: 144
X-Cache: HIT
Status: 200 OK
Connection: keep-alive
Content-Length: 4099
X-XSS-Protection: 1; mode=block
X-Request-Id: fb244fa38970fb774ddee9950fc93d77
X-Served-By: cache-fra-eddf8230095-FRA
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 12 Dec 2018 15:17:46 GMT
X-Timer: S1680181434.987765,VS0,VE1
ETag: W/"72595418f64141d1dfdf7ded39f645ea"
X-Download-Options: noopen
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json; charset=utf-8
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding, Origin
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 37ms
37ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2538779-1&cid=369658047.1680181434&jid=436821635&_u=YEBAAAAAQAAAAC~&z=1884829212

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 71ms
38ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2538779-1&cid=369658047.1680181434&jid=436821635&_u=YEBAAAAAQAAAAC~&z=1884829212

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-e-sc/s/0.7.6/ 56 KB
19 KB 11ms
10ms Script
application/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-e-sc/s/0.7.6/clarity.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e63cf738c3a577e286765aaa9de59ed4300f6bf8b5d34773d131afd3da456b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:53 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-azure-ref-originshield: 0iUwlZAAAAABsBnuhPIkWRa+pQFAWCpzwRlJBMjMxMDUwNDE3MDUzADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag: "1d9629e1c1a468a"
x-azure-ref: 0uYglZAAAAABKqvFyEJ9FRZwzsfWlkmvqRlJBMzFFREdFMDkyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 37ms
37ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2538779-16&cid=369658047.1680181434&jid=702064377&_u=aGDACEABRAAAACAAI~&z=1086567360

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 68ms
37ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2538779-16&cid=369658047.1680181434&jid=702064377&_u=aGDACEABRAAAACAAI~&z=1086567360

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
s.swiftypecdn.com/assets/ 89 KB
34 KB 7ms
6ms Stylesheet
text/css 151.101.64.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.swiftypecdn.com/assets/new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.64.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

X-Cache-Hits: 409
Date: Thu, 30 Mar 2023 13:03:54 GMT
Content-Encoding: gzip
Via: 1.1 varnish
Age: 64286
X-Cache: HIT
Connection: keep-alive
Content-Length: 33983
X-Served-By: cache-fra-eddf8230094-FRA
X-Timer: S1680181434.026663,VS0,VE0
ETag: "62b9d075-84bf"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
Expires: Thu, 28 Mar 2024 19:12:28 GMT

GET
H2 200 4005993 Show response
www.clarity.ms/tag/uet/ 995 B
1 KB 96ms
95ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/4005993
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 84ccd4e0f0bb5a9a08d9ac9ed997b78d2e3b5e8d9019d95bc647f4833fddee6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: application/x-javascript
date: Thu, 30 Mar 2023 13:03:53 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0uoglZAAAAAB204bfMcKARoAwirj/W2CFRlJBMzFFREdFMDkyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H/1.1 200
OK cc.js
cc.swiftype.com/ 43 B
279 B 675ms
249ms Image
image/gif 169.48.219.66
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.swiftype.com/cc.js?engine_key=9DHaSxwnScZtssJ_kP5S&url=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 169.48.219.66 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 42.db.30a9.ip4.static.sl-reverse.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/gif
Date: Thu, 30 Mar 2023 13:03:54 GMT
Cache-Control: no-cache
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Content-Length: 43
Expires: Thu, 30 Mar 2023 13:03:53 GMT

POST
H/1.1 204
No Content collect Show response
x.clarity.ms/ 0
295 B 417ms
203ms XHR
text/plain 20.114.190.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://x.clarity.ms/collect
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.netwrix.com
Date: Thu, 30 Mar 2023 13:03:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 96A9 0
49 B 8ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.netwrix.com
Referer: https://www.netwrix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.netwrix.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 13:03:54 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 296ms
296ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 130ms
129ms Image
image/gif 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1238700189&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.netwrix.com%2Fzerologon_attack.html&dp=%2Fzerologon_attack.html&ul=en-us&de=UTF-8&dt=Zerologon%20Exploit%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aGDACEABRAAAACAAI~&jid=&gjid=&cid=369658047.1680181434&tid=UA-2538779-16&_gid=1852014151.1680181434&gtm=45He33r0n71NKJ33G&cg1=uncategorized&cd11=&cd12=&cd13=&cd14=&cd16=&z=483495364

Requested by

Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68324
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 async-api.61caf4d9-1228.min.js Show response
js-agent.newrelic.com/ 2 KB
2 KB 36ms
6ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/async-api.61caf4d9-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 079c85d823b588108b623f842c5aca6c805c4f1b2c9af00d5aff193224d0d477

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: J0GluopGath26np.0jFNgGyfwhEN0LgG
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 9FMWS4WPWY7EZ9EX
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1122
x-amz-id-2: m5O/ZxhL6IxD/PHJ5gg8gZ5ieOhDplAFXadRB7lvTdr5BZtWt/v0Tt/YANg/8nyaKCetOkMMe8k=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.170545,VS0,VE0
etag: "5a15fa90d5c9cf59729e937de488758b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 8256

GET
H2 200 lazy-loader.37550b27-1228.min.js Show response
js-agent.newrelic.com/ 928 B
624 B 35ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/lazy-loader.37550b27-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83c6c18f8719320cbd6cd83248055a13a92e1c7866c23a347c08c92c7d1fe391

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: veSIorK788CursSmiZNo6DAf4uBLqr8D
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 9FMHB0H5PAPXX05N
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 415
x-amz-id-2: DdqH6btxjH5A9UtVrMMpouH7xGE+OAKyaqdEl6ejHZTBQPEGdIjGGmQl8w0OT+0H7GBFPy/OEII=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.170636,VS0,VE0
etag: "b6eaf4dad9b3e3384b0e9366ff9d0080"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 9897

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=E2B3DD348EB6467B8D2BDE7CFD2BD45C&RedC=c.clarity.ms&MXFR=05E86600BE3363BE38B174E4BA336DBD
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=E2B3DD348EB6467B8D2BDE7CFD2BD45C&MUID=11EE9E372282610418708CD323826078

42 B
441 B

159ms
158ms

Image
image/gif

20.125.62.241
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=E2B3DD348EB6467B8D2BDE7CFD2BD45C&MUID=11EE9E372282610418708CD323826078
Protocol: H2
Server: 20.125.62.241 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:55 GMT
last-modified: Mon, 13 Mar 2023 18:17:02 GMT
server: Microsoft-IIS/10.0
etag: "206d6b2d855d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 13:03:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 803818D7F3D14FB992684DDBC869E422 Ref B: FRAEDGE1919 Ref C: 2023-03-30T13:03:55Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=E2B3DD348EB6467B8D2BDE7CFD2BD45C&MUID=11EE9E372282610418708CD323826078
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 862.e74e95d2-1228.min.js Show response
js-agent.newrelic.com/ 8 KB
3 KB 7ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/862.e74e95d2-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f4f57044cd0b10b29ffb36a590e48ab912275a5daf264cd58241b25cac03e5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: gDL8cpdspH3IxcZPeLUXHRvPqJEXPWmp
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQ374JYPQSZE8RM
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3271
x-amz-id-2: 1eiw/boBIzZDP1eTnPQ4hdq14uuKnqr57sdKoL/Nm2QxKz1x3mEBuFw/JA8C4p7ehbm8ZRGjHT4=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.180346,VS0,VE0
etag: "ff02f82193fd2ec047cb131aa65a0dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 9835

GET
H2 200 page_view_event-aggregate.46b69e61-1228.min.js Show response
js-agent.newrelic.com/ 4 KB
2 KB 8ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/page_view_event-aggregate.46b69e61-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 22051e5464f07018297c13799b1db21f39f6b0676c72fce70dbbc6b9a4793c0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: KBeqQAET2qZgk2U9E4XZJmVRm1HOq8Rk
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQ9YAQ072F5ZWKR
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1729
x-amz-id-2: LRuzqZ+dmaI8VSsSWLGxoTDOiYppoorL9aSEWXOQZrPUsN0F1Uc/gxQMuoxZMlwS4owAKvohzr8=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.180732,VS0,VE0
etag: "75e56b9529bc3582d1ee120d4a1d49e9"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 9837

GET
H2 200 page_view_timing-aggregate.ced8c919-1228.min.js Show response
js-agent.newrelic.com/ 5 KB
3 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/page_view_timing-aggregate.ced8c919-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf4c54ffc8c78d41d423befa6d5ec511b8e125470ff7deb69bc462dfbb70d780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: ktDXvd_Dmea2UVJNoozUGAPGaGpVn1ZV
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQ4BNC476WRMW02
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2225
x-amz-id-2: zMhzRI586H6gPM5M+5wj7DWLs0l93dLE8G05e9fvgHPJtfolaxYbQ3fk4muER2Ta8LvvorNBZtg=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.181135,VS0,VE0
etag: "ddb946a277f5c644d555e8e1bcf23b77"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 9841

GET
H2 200 metrics-aggregate.56d9a464-1228.min.js Show response
js-agent.newrelic.com/ 4 KB
2 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/metrics-aggregate.56d9a464-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb5175866e24b14e6c800a230af050366c0dcf144254dcdb0ceca4c10549dbe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: cAHIZ8FQmEPf2jyMvAgXJXAVQ_Jrw1XM
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQ4BYN4NB859E9P
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1751
x-amz-id-2: jH1Vds6YpzUEt7xvQv69cxN1HUsXTcIXJgBtMwxhYMcL7POvkDoPHUiOfLxbZ/bjJA/YNygpyDs=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.181689,VS0,VE0
etag: "04475d81e10a8c7213d39d14e581c599"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 9818

GET
H2 200 jserrors-aggregate.64f61365-1228.min.js Show response
js-agent.newrelic.com/ 7 KB
3 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/jserrors-aggregate.64f61365-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 73e9fd5d1e48f63c04fc67135326a3e83eb635050aab2536c39dfa9e8989e269

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: 7blonOgQSCw8rfW7sCjHyJm0L6QYtp4X
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQ31G6CJPJXKKHQ
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2938
x-amz-id-2: nwKlWSiomw8P3Xv68A187TvQeWpsur5x+XeY8mgGMKReFFm4JEoXokhS4v7nOeqxtt8AXPCmSO0=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.182284,VS0,VE0
etag: "06e9895d210a73225fa4b9a47e6e9c5a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 6821

GET
H2 200 ajax-aggregate.e6085a9a-1228.min.js Show response
js-agent.newrelic.com/ 5 KB
3 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/ajax-aggregate.e6085a9a-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 35d5e3136036964661cc94855e1028e063341e3cf4b41a410930fb149cfed5ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: Z4Nlcg06uCyBNWwjTtAHDtnTc5kadigL
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 8VEPZTV03Z24B3HM
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2365
x-amz-id-2: KgJ1QTPRQrnh9QPL4euRltxz1Brj/8Fd6Og6JLduGK/2KTp4cF7fY4L8XIQ+izdaVWfbjW8FySw=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.182733,VS0,VE0
etag: "61554094cde63c6eec39f630c32a828f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2075

GET
H2 200 session_trace-aggregate.ada8b15b-1228.min.js Show response
js-agent.newrelic.com/ 10 KB
4 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/session_trace-aggregate.ada8b15b-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 531b518173a4f9ac1a1aab5ad10c610d45437166fd39adc0d8208e51dc60f8d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: CejlNuOfipmDjtAs.g7oae_1BhJQzddr
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQD5GQ8YHXS8M7H
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3732
x-amz-id-2: PxZ1TeSh2JKkK0u0ICyijo1VmxRJwZ29k++MMhxDhil4XFJsfV9uMHPW9c9UQu5TCAM3i2a6MTQ=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.183254,VS0,VE0
etag: "69d309900c2caeef33af662ddf91affc"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 6813

GET
H2 200 page_action-aggregate.1ef08094-1228.min.js Show response
js-agent.newrelic.com/ 3 KB
1 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/page_action-aggregate.1ef08094-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0ec14af764fc18154e349ac3889637b2dc64debe89d7759dbcbb1db6cfe79ef8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: ZC9wFZ_QkK2B08VVIX3wzqk3DACA4ZFm
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQCJ3PT8GYTVH0W
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1202
x-amz-id-2: bGFOg+e3rNg+r6QX61jnMBfIOcVpwZEd5rH07SejnASYGAWvKS97WLGPC4V74IziGcjpeXDfw2Q=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.183887,VS0,VE0
etag: "9c1563b1437a04e5cd75285b2f4bffb0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 6789

GET
H2 200 spa-aggregate.7222cbb6-1228.min.js Show response
js-agent.newrelic.com/ 18 KB
7 KB 8ms
8ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/spa-aggregate.7222cbb6-1228.min.js
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: af92ff4576df40958f74249a9e167171305a5c842c886a2b1127bc46d727244a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: 8nTKqPmpPpJMnC7V_9l7a.Xfo0rf._qG
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 13:03:55 GMT
x-amz-request-id: 0CQBADWTKF2QHX84
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 6663
x-amz-id-2: PitUrFZTOhJg7H0QrJX0nwvocqqdh+dvpGPiv+scbABoePAwMYg2cP+AppxbOClu5b8hA+CYEYg=
x-served-by: cache-fra-eddf8230023-FRA
last-modified: Mon, 20 Mar 2023 23:57:31 GMT
server: AmazonS3
x-timer: S1680181435.184533,VS0,VE0
etag: "5d22b006d12752c6dafe1b5f41318762"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5065

POST
H/1.1 204
No Content collect Show response
x.clarity.ms/ 0
295 B 98ms
97ms XHR
text/plain 20.114.190.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://x.clarity.ms/collect
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.netwrix.com
Date: Thu, 30 Mar 2023 13:03:55 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H/1.1 200
OK 51572a2fb7 Show response
bam.nr-data.net/1/ 49 B
397 B 254ms
220ms Script
text/javascript 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/51572a2fb7?a=731320544&v=1228.PROD&to=ZwYEMEdZVkoCAUxbCl5MJwdBUVdXTDBdQQpFEQUBRntXVxcQV14JVRFJBUFMWVoI&rst=2417&ck=0&s=2aab8e68e28d525b&ref=https://www.netwrix.com/zerologon_attack.html&ap=121&be=597&fe=1764&dc=292&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1680181432778,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:51,%22c%22:51,%22s%22:149,%22ce%22:250,%22rq%22:250,%22rp%22:575,%22rpe%22:618,%22dl%22:578,%22di%22:889,%22ds%22:889,%22de%22:895,%22dc%22:2358,%22l%22:2360,%22le%22:2364%7D,%22navigation%22:%7B%7D%7D&fp=865&fcp=865&at=S0EHRg9DRUQ%3D&jsonp=NREUM.setToken
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:55 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 49
x-served-by: cache-fra-eddf8230097-FRA

POST
H/1.1 200
OK 51572a2fb7 Show response
bam.nr-data.net/events/1/ 24 B
344 B 111ms
110ms XHR
image/gif 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/51572a2fb7?a=731320544&v=1228.PROD&to=ZwYEMEdZVkoCAUxbCl5MJwdBUVdXTDBdQQpFEQUBRntXVxcQV14JVRFJBUFMWVoI&rst=2688&ck=0&s=2aab8e68e28d525b&ref=https://www.netwrix.com/zerologon_attack.html
Requested by: Host: www.netwrix.com
URL: https://www.netwrix.com/zerologon_attack.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.netwrix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 30 Mar 2023 13:03:55 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.netwrix.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230097-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 185ms
185ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 256ms
255ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 196ms
195ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:57 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 191ms
191ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netwrix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:03:58 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.netwrix.com/	1969-12-31 23:59:59	Name: nwf_sid Value: 54b2t4fd0m69tt4sp7miku88an08ne
.netwrix.com/	1970-01-20 19:28:37	Name: nwf_gavisitorid Value: c8b7caf70936179eacc4bbf5a906a48ba3582a347877686184c2bcd69297100e
www.netwrix.com/	1970-01-20 12:52:37	Name: lightningNumber Value: 0
.vimeo.com/	1970-01-20 10:43:03	Name: __cf_bm Value: CsOsmlGuxWn90fgSOlh2J2ci5gEA3FPuuCX9ySPkSiw-1680181433-0-AfRQ57PC2Bt77FT1G770YZVcJ4BoJd8iDLeRDYd7YxXXI0gNdt9ydMgwlHdVq19E/NMPSTFPKlXW1pKu+UwQOPY=
.www.netwrix.com/	1970-01-20 10:43:03	Name: thunderboltIDs Value: 91:1680181433
www.netwrix.com/	1970-01-20 10:53:06	Name: _an_uid Value: 0
www.netwrix.com/	1970-01-20 20:19:01	Name: _gd_visitor Value: 3264ec0d-b161-42f6-8fe9-5e15590671cd
www.netwrix.com/	1970-01-20 10:43:15	Name: _gd_session Value: aa8c85c1-dcda-46f6-89e6-40aa1c753933
.netwrix.com/	1970-01-20 12:52:37	Name: _gcl_au Value: 1.1.1254822808.1680181434
.netwrix.com/	1970-01-20 10:44:27	Name: _gid Value: GA1.2.1852014151.1680181434
.netwrix.com/	1970-01-20 10:43:01	Name: _gat_UA-2538779-1 Value: 1
.doubleclick.net/	1970-01-20 10:43:02	Name: test_cookie Value: CheckForPermission
www.netwrix.com/	1970-01-20 10:44:27	Name: ln_or Value: eyI3OTgyMCI6ImQifQ%3D%3D
.netwrix.com/	1970-01-20 20:19:01	Name: _ga Value: GA1.2.369658047.1680181434
.netwrix.com/	1970-01-20 10:43:01	Name: _gat_UA-2538779-16 Value: 1
.netwrix.com/	1970-01-20 20:19:01	Name: _mkto_trk Value: id:130-MAN-089&token:_mch-netwrix.com-1680181433927-73419
.netwrix.com/	1970-01-20 12:52:37	Name: _fbp Value: fb.1.1680181433938.289142867
www.clarity.ms/	1970-01-20 19:28:37	Name: CLID Value: d98bca0229d04451bac3bc2e77076f6d.20230330.20240329
.netwrix.com/	1970-01-20 10:44:27	Name: _uetsid Value: 52c9e190cefb11ed88bceb5da2990c15
.netwrix.com/	1970-01-20 20:04:37	Name: _uetvid Value: 52c9f660cefb11edaa84c3a4a3100ab2
.bing.com/	1970-01-20 20:04:37	Name: MUID Value: 11EE9E372282610418708CD323826078
.t.co/	1970-01-20 20:19:01	Name: muc_ads Value: 986b60a6-b83c-44a7-b6fa-716e0b106e72
.linkedin.com/	1970-01-20 11:26:13	Name: UserMatchHistory Value: AQJ71L9g7FO9GAAAAYcynhZlFgNMcL-Uz8fJ4JRBXoCY38XD__GPr8ToKvxSHCvYewYS1-uHpWG-lg
.linkedin.com/	1970-01-20 11:26:13	Name: AnalyticsSyncHistory Value: AQJdzi0DqZi7CAAAAYcynhZlXNI71tm5wu1zlwgHFunmVyYlbX3S3_ZDOwgZ2rcCxpdNJGdP36NeuUe26NuVJA
.linkedin.com/	1970-01-20 19:28:37	Name: bcookie Value: "v=2&4d2e698f-93bc-4a1e-8420-473f85e8cfad"
.linkedin.com/	1970-01-20 10:44:27	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2741:u=1:x=1:i=1680181433:t=1680267833:v=2:sig=AQG42rYOaG3Oq4Wra00y4PXOJ7h15esh"
.netwrix.com/	1970-01-20 19:28:37	Name: _clck Value: 13pdtm9\|1\|fac\|0
.twitter.com/	1970-01-20 20:19:01	Name: personalization_id Value: "v1_S/jt1bnzGs3uri85NEVW/w=="
.6sc.co/	1970-01-20 20:19:01	Name: 6suuid Value: bd6411029f230000b9882564e7030000fe180b00
.www.linkedin.com/	1970-01-20 19:28:37	Name: bscookie Value: "v=1&202303301303547c0d49a8-5bb9-44f5-8aea-e743f6b3aca8AQGvSc-3lucF9FvkxWrLYdTtvsLoTvWb"
.linkedin.com/	1970-01-20 15:02:13	Name: li_gc Value: MTswOzE2ODAxODE0MzQ7MjswMjG7NgdG8PvufPV8QuKKnBaD8XusATnLtLQT7hbiyVKhlw==
.netwrix.com/	1970-01-20 10:44:27	Name: _clsk Value: rqg9pn\|1680181434589\|1\|1\|x.clarity.ms/collect
.netwrix.com/	1970-01-20 20:19:01	Name: _ga_Z8M2NDPEEV Value: GS1.1.1680181433.1.0.1680181434.0.0.0
.c.bing.com/	1970-01-20 10:53:06	Name: MR Value: 0
.c.bing.com/	1970-01-20 20:04:37	Name: SRM_B Value: 11EE9E372282610418708CD323826078
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 20:04:37	Name: MUID Value: 11EE9E372282610418708CD323826078
.c.clarity.ms/	1970-01-20 10:53:06	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 10:43:02	Name: ANONCHK Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

130-man-089.mktoresp.com
analytics.twitter.com
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cc.swiftype.com
cdn.linkedin.oribi.io
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
epsilon.6sense.com
fonts.googleapis.com
googleads.g.doubleclick.net
img.netwrix.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
munchkin.marketo.net
player.vimeo.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.swiftypecdn.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
www.clarity.ms
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.netwrix.com
x.clarity.ms
104.244.42.197
104.244.42.67
13.107.42.14
13.32.121.52
13.56.154.116
146.75.120.157
151.101.130.137
151.101.64.143
162.159.138.60
162.247.243.29
169.48.219.66
18.213.173.120
192.28.144.124
2.17.100.193
20.114.190.119
20.125.62.241
2001:4860:4802:32::36
2001:4860:4802:38::178
2001:4de0:ac18::1:a:2b
23.2.173.2
2600:9000:20eb:2e00:2:53b2:240:93a1
2600:9000:223e:3000:15:a0d3:77c0:93a1
2606:4700::6811:180e
2620:1ec:21::14
2620:1ec:4f:1::45
2620:1ec:c11::200
2a00:1450:4001:813::2003
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2004
2a00:1450:400c:c06::9c
2a02:26f0:480:c::210:f19f
2a02:26f0:480:e::210:f113
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
37.252.171.21
015b3596f3a01e8343d000b0fa0d8f58ef6bf40ad942b81d9de546cfc9d8645f
025c8af9e79542f6893310a9f8f767bc5186de2afa031295d3788c533ffae997
0326bcabd7c546121a795e8f44af12de093b81262f531ea8d140a6221a0912bf
03e2544599e5a06566b2579f82ac6e445b724435fccb1f3e8988e58f45b1fc5e
04668376d3658c61ea961e9de7028483a8809774f047bad56d4d9fb80ce730a0
079c85d823b588108b623f842c5aca6c805c4f1b2c9af00d5aff193224d0d477
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d9dbf31d05263a24eb79aaf7c6e26917c6ccd31b642bb4a1d34292e25daa405
0ec14af764fc18154e349ac3889637b2dc64debe89d7759dbcbb1db6cfe79ef8
11aade4adaa06539cc52a2d6b439026b74a576f07c34f058f2ee42e9950c5917
170749540c42a613b03eafbc85f0dfb42cb706dc488fadb9a081942ac6f47cbf
22051e5464f07018297c13799b1db21f39f6b0676c72fce70dbbc6b9a4793c0a
237084a8eff0abfe51ba81afd406eb9bd27af690a22b411934ea371e59e2ecce
2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
32d22776abfd902c81c7e3966b1f03540092ebe2119696fb61461029e19d645b
334644922f890a70359f8400d53511bd9a1fe117b65b644a0f34e898151afdfe
339885de9e24a113e0a54afc27a47f333cdce70adaec23a86ee7519c27ff4e8b
35d5e3136036964661cc94855e1028e063341e3cf4b41a410930fb149cfed5ce
38c642d488a62343ce6a1d07f150398db97acb73dc37b25345b93e7123284ef6
412d3bcc7a85690d5fe1a5e11158cd521b135b64f2b36638a8cf3939ee960594
42775c1e34e8a0f3cc84b48e5d54f975b2418b62b4f63aa783d19e02cfebab97
42fc207ebec992c03f7e8b3bf2f56ed07d798add6da0d4e91777eef7c9262875
45ed40de8215e94d8c79937e10eecfa40d31a9e92de1a3f29b2baaa6d8201fd5
461c064ff45824618545423a2ddae80d2423f66eeb189297ae13d13bfc5465e5
4a80cf926a91b78504a34a61d05f27b3acd6b76c5daf5e532a970e6cf03157af
4f4f57044cd0b10b29ffb36a590e48ab912275a5daf264cd58241b25cac03e5f
4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22
5018252aa87cf5b66ac9d11ba13c6f95cff4a07b931cf1ccc910007a78190696
51f0bacf9e49a400a5a2947ef6b14127ef3241b0760d97721e0aedd7add66456
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
531b518173a4f9ac1a1aab5ad10c610d45437166fd39adc0d8208e51dc60f8d6
536e51234b82560e9c8e674cd14234699b7970d43af513669986a155e10850b6
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566492fdc66f5b44ec285f3932a2a0894bbfca2ad8761e6b70babcd595b30d7f
58ab1702b23e34265abd5c882afc6273f160b0c0bcdb8386f207fb4f67f9fa88
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a0642d6337bac5866e43a43df548fb214d2f794dae275cd6e4a35d3b4bc334a
5a49ddb697bf0937c9ff812ed8c1e4838cc8eefc26ab9e42453dfd0bb4ff47c5
5d67155b7da66f362efdce9b348ddbfa2a9c655d0ed88dddd2c2c5ea95949fa5
5e214c13306df879d9baf6c53d645defa14b30e4db562f6fcc16b86600c28c51
6221029d1ba3de70d5ae33e82fcb378bad79ded371123608bcd8b2ac87ebc910
64f5f4d87811f0c306863e7cc632b41cef45db97f8371b4608c51aff53e5b717
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
69c0bbc5ebb6f829c0118b09256f962874a7ed4f85247af5ee24561bd69ddb4e
6a256d3ca9981bff0b64d708293ecd06e3856bda7cd47d32aaa71a8129c0f09c
6bd647825de4f7588aa090f25e832c3261a6f37d728226806618dca77ed99dad
6f7c88873d16fc6f132e8346ced23114f5dc7a3f62b1a251b4009967af5fd507
73e9fd5d1e48f63c04fc67135326a3e83eb635050aab2536c39dfa9e8989e269
74907d9980cda90b070d2f04935cea5a7d1389bde0b5c684dc41f49c6b9deb6e
754d4d06248c6667197c692bc30fac801eb0a9687138250d289727029cb13472
78d358ba019a1cd3b28a8917560a433fc03f52c2ec058a85bd00f2236cded66e
7919e42c1593715dd408c9f1e4b5c51b5b80ead7dc71b94535180b452724519f
7a337ac82710a3622ec68cef21c8b4841a646d28abd36719d612af1fadf080be
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7fc114991f02a1f73ee2d18349a3dd538a1c9d60e83c399f228da673af237b1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83c6c18f8719320cbd6cd83248055a13a92e1c7866c23a347c08c92c7d1fe391
84ccd4e0f0bb5a9a08d9ac9ed997b78d2e3b5e8d9019d95bc647f4833fddee6e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a3e7f5b5fa2d9a77648c9ffb2df6fa33589b7b7b0dc259bbeea56621843a820
8ae708af464cb002c171ef2baed5583836e7dd9c66d084d88c62fe0f35ee1476
8ccbd45208b184f5dbdf57348592f6e32eb29136ae47c5d15eab1ea06b13b1df
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
97198e39097a4b8ef96fb1695a26e844384156574e2848d987c5b0e5a38a5ecd
9885e26ef4f0698995da1f834dd82ffd4ae22cfe16c1b7c9db662a26dc6fe59a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b413d13e99e505ae68b03450cb2b21a714e8d069b575715b6072d9a19def449
9b8e994477d5c48cc765e34061b44a022e8562bc80482e173f98149753240dd4
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253
aa72da1d905677af470552cdc4210e15e41f84e45b7e78b3d242512c0049085d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af92ff4576df40958f74249a9e167171305a5c842c886a2b1127bc46d727244a
b013fed92c991ef7c4c105785242a194aa3cb987b42a6af875f6fbaeb73295a7
b40cf974fa00ef7247f6990c1072e2a8a316f75160fc3d2b3c6e149e5bcd4373
b744ad945b48f9c5ccdab371c0eebe3301d3ba862a317dd5ac0c2a8588c8a571
b7be94f069d1fcdfe18b9379b65b256901666e435469ab6a63b3d6072a2151c2
c3177910cf9cba71dad1dadbe17c63932b0174c01c33d1d7279ee7317e2cb895
c4339b8a1293d7aeb9733772802f012e06a80c78e637126c94e8e264c819731c
c657791041857a648ac958f02f9486e7684e3c1c4361526b65cbeda30c762c0a
c7b9eebc784a36557686dbf3e115da48ce1f4dc81b9dc582f580ece410c5bb38
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf4c54ffc8c78d41d423befa6d5ec511b8e125470ff7deb69bc462dfbb70d780
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d96ac3de06de0a5a49356221469a414db632cd4486a405940cd839f8e23c1f83
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e2dd310aa86824e25ec3e4ebcc7509dfebf350bd819b4e3f252d1d3f2fe6f608
e3202abd8f311cc5fb4873e988b6c46309610fe1317c1aeb237fef65ff3ec1b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63cf738c3a577e286765aaa9de59ed4300f6bf8b5d34773d131afd3da456b9c
ea3936c658514ceedc75f1a29737460ae3b5857ee35ac58fa8510edf471548f2
eb38beea12a3a708c8dd789701ec714cf96cafb77c0385c20fb7b46ac1ca069a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a5371c3c00c4882b7757f3f75e2b0ea4c39a5fab1bd1dd4bd0fb799cce3195
f1afbf02ff203dd3afa888e73449b44a0ce303f21ece8ee6e8277ec354cc1d63
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
fb5175866e24b14e6c800a230af050366c0dcf144254dcdb0ceca4c10549dbe3
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
feedf94980381ccc8142637a58de03e90fc77a30810f55c91c00335e3ffe63a9

www.netwrix.com Open in urlscan Pro 18.213.173.120 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

133 Requests

98 %HTTPS

51 %IPv6

30 Domains

41 Subdomains

36 IPs

5 Countries

1139 kBTransfer

3127 kBSize

39 Cookies

31 Outgoing links

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.netwrix.com Open in urlscan Pro
18.213.173.120 Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

98 %
HTTPS

51 %
IPv6

30
Domains

41
Subdomains

36
IPs

5
Countries

1139 kB
Transfer

3127 kB
Size

39
Cookies

133 HTTP transactions
0 data transactions