duo.com Open in urlscan Pro
13.32.99.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Effective URL:
https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Submission: On March 10 via api (March 10th 2022, 8:25:12 pm UTC) from BR — Scanned from DE

Summary HTTP 94 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 38 IPs in 6 countries across 32 domains to perform 94 HTTP transactions. The main IP is 13.32.99.12, located in United States and belongs to AMAZON-02, US. The main domain is duo.com. The Cisco Umbrella rank of the primary domain is 59808.
TLS certificate: Issued by Amazon on October 23rd 2021. Valid for: a year.

This is the only time duo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	13.32.99.12 13.32.99.12	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::622	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
7	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba20	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.66.112.26 18.66.112.26	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
7	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:6c0... 2a02:26f0:6c00:288::b33	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	2606:4700:20:... 2606:4700:20::681a:427	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:223... 2600:9000:223c:cc00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:6c00:1b:ed91:4680:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
5	184.30.24.194 184.30.24.194	16625 (AKAMAI-AS) (AKAMAI-AS)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
2	34.247.238.207 34.247.238.207	16509 (AMAZON-02) (AMAZON-02)
1 4	54.155.215.129 54.155.215.129	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.194.228.85 54.194.228.85	16509 (AMAZON-02) (AMAZON-02)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
2 2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	35.168.167.24 35.168.167.24	14618 (AMAZON-AES) (AMAZON-AES)
1	52.48.40.152 52.48.40.152	16509 (AMAZON-02) (AMAZON-02)
1	72.163.10.10 72.163.10.10	109 (CISCOSYSTEMS) (CISCOSYSTEMS)
2	2606:4700:10:... 2606:4700:10::6816:38f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
94	38

11 13.32.99.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-12.fra60.r.cloudfront.net

duo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba20 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-26.fra56.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:288::b33 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:427 (United States)

ASN13335 (CLOUDFLARENET, US)

jscloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:cc00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:6c00:1b:ed91:4680:93a1 (United States)

ASN16509 (AMAZON-02, US)

csxd.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.30.24.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-194.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

074-uqx-410.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.247.238.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-238-207.eu-west-1.compute.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.155.215.129 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-215-129.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.228.85 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-228-85.eu-west-1.compute.amazonaws.com

cisco.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

smetrics.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.168.167.24 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-167-24.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.40.152 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-40-152.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.163.10.10 (United States)

ASN109 (CISCOSYSTEMS, US)
PTR: cisco-tags.cisco.com

cisco-tags.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:38f5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.45 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	duo.com duo.com — Cisco Umbrella Rank: 59808	624 KB
7	6sc.co j.6sc.co — Cisco Umbrella Rank: 7171 c.6sc.co — Cisco Umbrella Rank: 10646 b.6sc.co — Cisco Umbrella Rank: 5631	13 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	55 KB
6	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7764	64 KB
5	clarity.ms 1 redirects j.clarity.ms — Cisco Umbrella Rank: 1871 c.clarity.ms — Cisco Umbrella Rank: 547	24 KB
5	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 184 cisco.demdex.net — Cisco Umbrella Rank: 15587	7 KB
5	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 918	90 KB
5	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 176	1 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	418 B
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 434 www.linkedin.com — Cisco Umbrella Rank: 609 px4.ads.linkedin.com — Cisco Umbrella Rank: 5153	3 KB
4	cisco.com www.cisco.com — Cisco Umbrella Rank: 1308 smetrics.cisco.com — Cisco Umbrella Rank: 29821 cisco-tags.cisco.com — Cisco Umbrella Rank: 23466	33 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 338 c.bing.com — Cisco Umbrella Rank: 193	13 KB
4	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3673 csxd.contentsquare.net — Cisco Umbrella Rank: 12918 c.contentsquare.net — Cisco Umbrella Rank: 3531	69 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6433	627 B
3	google.com analytics.google.com — Cisco Umbrella Rank: 785 www.google.com — Cisco Umbrella Rank: 2	949 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 124	201 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	228 KB
2	inspectlet.com cdn.inspectlet.com — Cisco Umbrella Rank: 8056 hn.inspectlet.com — Cisco Umbrella Rank: 7957	63 KB
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 975 beacon.krxd.net — Cisco Umbrella Rank: 375	529 B
2	jscloud.net jscloud.net — Cisco Umbrella Rank: 54111	2 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 839 pixel.quantserve.com — Cisco Umbrella Rank: 381	10 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2832	6 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 359	697 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 9929	327 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 777	678 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 464	355 B
1	mktoresp.com 074-uqx-410.mktoresp.com — Cisco Umbrella Rank: 175357	311 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 792	1 KB
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 30138	6 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 799	3 KB
1	wistia.net fast.wistia.net — Cisco Umbrella Rank: 6593	112 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 251	30 KB
94	32

	Domain	Requested by
11	duo.com	duo.com cdn.bizible.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com duo.com
6	cdn.bizible.com	www.googletagmanager.com duo.com cdn.bizible.com
5	b.6sc.co
5	tags.tiqcdn.com	www.cisco.com tags.tiqcdn.com
4	www.facebook.com	duo.com
4	dpm.demdex.net	1 redirects duo.com
3	j.clarity.ms	bat.bing.com cdn.bizible.com
3	www.google.de	duo.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	bat.bing.com	duo.com bat.bing.com
3	connect.facebook.net	duo.com connect.facebook.net
3	www.googletagmanager.com	duo.com www.googletagmanager.com tags.tiqcdn.com
2	c.clarity.ms	1 redirects
2	cm.g.doubleclick.net	2 redirects
2	smetrics.cisco.com	tags.tiqcdn.com
2	c.contentsquare.net	duo.com
2	www.google.com	duo.com
2	px.ads.linkedin.com	2 redirects
2	jscloud.net	www.googletagmanager.com jscloud.net
2	munchkin.marketo.net	duo.com munchkin.marketo.net
1	c.bing.com	1 redirects
1	c.6sc.co	cdn.bizible.com
1	secure.adnxs.com	cdn.bizible.com
1	hn.inspectlet.com	cdn.bizible.com
1	cdn.inspectlet.com	duo.com
1	cisco-tags.cisco.com	duo.com
1	beacon.krxd.net	duo.com
1	usermatch.krxd.net	1 redirects
1	cdn.bizibly.com	duo.com
1	cms.analytics.yahoo.com	1 redirects
1	analytics.twitter.com	duo.com
1	cisco.demdex.net	tags.tiqcdn.com
1	074-uqx-410.mktoresp.com	munchkin.marketo.net
1	pixel.quantserve.com	duo.com
1	csxd.contentsquare.net	t.contentsquare.net
1	rules.quantcount.com	secure.quantserve.com
1	px4.ads.linkedin.com	duo.com
1	www.linkedin.com	1 redirects
1	analytics.google.com	www.googletagmanager.com
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	duo.com
1	www.cisco.com	www.googletagmanager.com
1	j.6sc.co	duo.com
1	secure.quantserve.com	duo.com
1	t.contentsquare.net	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	fast.wistia.net	duo.com
1	ajax.googleapis.com	duo.com
94	48

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
www.duosecurity.com Amazon	`2021-10-23` - `2022-11-20`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-12-24` - `2023-01-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-30` - `2022-07-05`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
t.contentsquare.net Amazon	`2021-11-13` - `2022-12-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-18` - `2022-03-18`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2022-01-16` - `2023-01-17`	a year	crt.sh
www.cisco.com HydrantID Server CA O1	`2021-11-16` - `2022-11-16`	a year	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
*.jscloud.net R3	`2022-01-21` - `2022-04-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
csxd-02.contentsquare.net Amazon	`2021-09-01` - `2022-09-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
c.contentsquare.net Amazon	`2021-09-14` - `2022-10-13`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
smetrics.cisco.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-09` - `2023-04-09`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
tagapp-prd-01.cisco.com HydrantID Server CA O1	`2021-08-04` - `2022-08-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-18` - `2022-07-17`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Frame ID: 7854253EE8C7B644C177CBEC939E2EBD
Requests: 86 HTTP requests in this frame

Frame: https://csxd.contentsquare.net/uxa/xdframe-single-domain-1.1.1.html?pid=5637
Frame ID: 53C9D02B7B35664DE1DB1A31F03C7265
Requests: 1 HTTP requests in this frame

Frame: https://cisco.demdex.net/dest5.html?d_nsid=0
Frame ID: 6D9901A237DC1B6D20B333CD40201C15
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 640834D9D83C2222D8EC3F41620AB980
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 77A4271B0D1C2AC7E6F9567FA5BD55A4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 | Decipher

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Inspectlet (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.inspectlet\.com

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

94
Requests

93 %
HTTPS

46 %
IPv6

32
Domains

48
Subdomains

38
IPs

6
Countries

1658 kB
Transfer

5280 kB
Size

65
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/deciphersec

Search URL Search Domain Scan URL

URL: https://www.facebook.com/decipherbyduo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCszm81zKIPoF4ljkBJwmB2g/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1646943905775%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252Ftrailblazer-hunts-compromised-credentials-in-aws%252FnAWS%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&liSync=true&e_ipv6=AQIi3MII2dAaTgAAAX91gaovU1a_rmYEp_RSPjtYq4FRHwp92a0HWI9gZAoT31STFD1K4NTQcVwv-NN4sozjY7GpWYoH_Q

Request Chain 46

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1646943906069 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1646943906069

Request Chain 53

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDAxNzk1NTA3NTc3OTkzODk3MjM0Njg3NDAwMTExMTQzMTQyNTU= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDAxNzk1NTA3NTc3OTkzODk3MjM0Njg3NDAwMTExMTQzMTQyNTU=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEPwynmrzsO9Qi3YlII_gCdE&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 60

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=00179550757799389723468740011114314255&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-gqP3bvJE2pGfAsuz98bnGX44m3DHmnii9BU-~A

Request Chain 69

https://usermatch.krxd.net/um/v2?partner=adobe&id=00179550757799389723468740011114314255 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=00179550757799389723468740011114314255

Request Chain 83

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=3D0E4E82DD614F28BB8B0E0ECABDE65A&RedC=c.clarity.ms&MXFR=0F1BC8364EB4674D1071D9554AB469A0 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=3D0E4E82DD614F28BB8B0E0ECABDE65A&MUID=1F893492A33C6B961F3525F1A2EE6AC4

94 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request nAWS Show response
duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/ 15 KB
6 KB 380ms
336ms Document
text/html 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: cc27aec90c4224a6cc51b9ae69c23664b41cd27b28c3b6cd93d9bb6e92e8a712

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
content-length: 5490
content-encoding: gzip
date: Thu, 10 Mar 2022 20:25:05 GMT
etag: W/"601309bd-3bfa"
server: Duo/1.0
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: -93ABLZL91rBkZqLzdaRHYrAwTqT_7S2Hc1KZuLm372LpltRvWlDJQ==

GET
H2 200 production-2018.css
duo.com/site/themes/duo/css/ 514 KB
99 KB 774ms
774ms Stylesheet
text/css 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 68014e9a573560ad5a0a5d26bb939107bd1781db2ad2e02b95bb544d6673ac1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Thu, 10 Mar 2022 20:25:06 GMT
content-encoding: gzip
last-modified: Tue, 15 Feb 2022 05:05:16 GMT
server: Duo/1.0
x-amz-cf-pop: FRA60-P3
etag: W/"620b348c-809ad"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: Xvhg2wFpBUjEzBI7-kYUY7wDyXm30S5-Zie4NWfAaoR84Ag8iHlt0Q==
expires: Fri, 10 Mar 2023 20:25:06 GMT

GET
H2 200 d-logo--light.svg
duo.com/assets/img/decipher/logos/ 4 KB
2 KB 18ms
17ms Image
image/svg+xml 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/decipher/logos/d-logo--light.svg
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 694b5d6220eb8a349b60ce749052c3b923c8449bbfb4ebfb68f4fc27f1b7e92b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Wed, 02 Mar 2022 12:25:43 GMT
content-encoding: gzip
last-modified: Wed, 24 Oct 2018 13:44:56 GMT
server: Duo/1.0
age: 719961
etag: W/"5bd07758-ff2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: Y1qikn9jjljx0xcTry6bai8FaUgyK6RUx5eKMXfvXVg8qp7CatZDcw==
expires: Thu, 02 Mar 2023 12:25:43 GMT

GET
H2 200 aW1nL2RlY2lwaGVyLzQwNC5qcGc=
duo.com/img/asset/ 110 KB
111 KB 771ms
770ms Image
image/jpeg 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/img/asset/aW1nL2RlY2lwaGVyLzQwNC5qcGc=?s=44592c87564c77500512c4f4b030e366

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-12.fra60.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

849b2ac11460487810a7132803d8680307e25126ba000a30b4775ed3e78201be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 112627
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 16 Oct 2020 18:31:24 GMT
server: Duo/1.0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains;
content-type: image/jpeg
cache-control: max-age=300
x-amz-cf-id: cTAWYSy0me4qF8ekUzAmQkJfqjdPr-jq8Rb-ipQQYCXxZaAf0sx6KQ==
expires: Thu, 10 Mar 2022 20:30:06 GMT

GET
H2 200 d-logo--footer.svg
duo.com/assets/img/decipher/logos/ 3 KB
2 KB 18ms
18ms Image
image/svg+xml 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/decipher/logos/d-logo--footer.svg
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: c33592c7a249c98164b3d533c58fae62ced2b403deab8f2d0cce4c4f1cbb285d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Wed, 02 Mar 2022 12:25:44 GMT
content-encoding: gzip
last-modified: Wed, 24 Oct 2018 13:44:56 GMT
server: Duo/1.0
age: 719961
etag: W/"5bd07758-b5f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: diHJ4BScpZK174PZPLLaYYEEvEd9Bn1kT6nSkjm5XPCLklcMcvJ0EQ==
expires: Thu, 02 Mar 2023 12:25:44 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.4/ 82 KB
30 KB 64ms
20ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 07:58:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 303973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29725
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Mar 2023 07:58:52 GMT

GET
H2 200 production-2018.min.js Show response
duo.com/site/themes/duo/js/build/ 760 KB
270 KB 186ms
185ms Script
application/javascript 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1611611904
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 17bc337a86f4f977a5a5e3d65c09d1c59c73c1e876c87ba5871507a5a10c3e27

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 20:30:10 GMT
server: Duo/1.0
x-amz-cf-pop: FRA60-P3
etag: W/"61a7db52-be0d5"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: WTOyyacDmgVmYCu5yiNR0UTkJB-hfMCOBuT-gxJK3Rap7xaA4I9hjQ==
expires: Fri, 10 Mar 2023 20:25:05 GMT

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 592 KB
112 KB 75ms
19ms Script
application/javascript 2a04:4e42:400::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

35722297d0d532b3a433faeb0d2b67c56ada4342007db9de6340bdd87e2dea35

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: br
vary: Accept-Encoding
age: 3039
x-cache: HIT, HIT
content-length: 114515
x-served-by: cache-iad-kcgs7200111-IAD, cache-hhn4036-HHN
access-control-allow-origin: *
x-browser-version: 99
last-modified: Tue, 08 Mar 2022 16:58:12 GMT
x-timer: S1646943906.592700,VS0,VE0
etag: "62278b24-1bf53"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 225

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
83 KB 99ms
52ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a9226bfab1a58226f89d4b30ba4ea06b303dc2ccad216fb39a67a8e3cf4fc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84826
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 19:59:26 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 10 Mar 2022 20:25:05 GMT

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 88 KB
35 KB 78ms
33ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-WV3KTWL

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c14fc148da3a58de3cf46b8f308b925e8726be015a24fe95d90783ddb1ccd71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35291
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 19:59:26 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 10 Mar 2022 20:25:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 166 KB
62 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f227ba16c249437a828ecbf0eea618382bf23394fff935fef3734a2ea6b0ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62920
x-xss-protection: 0
expires: Thu, 10 Mar 2022 20:25:05 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 80ms
19ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: cbda94666db24554bf77638fc059848d381c3c98f7f24641fa830abcd5793de7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 11:03:52 GMT
server: ECS (frb/67D4)
age: 73214
etag: "91271032dc32d81:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32300

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 59ms
17ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1213
date: Thu, 10 Mar 2022 20:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 10 Mar 2022 22:04:52 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 73ms
20ms Script
application/x-javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c567d0068aa9d314d13047cf6af171cce476501aac5e5521bd2b2233b16fbce5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Mar 2022 20:16:02 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=77339
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3073

GET
H2 200 ebdaa317731b0.js Show response
t.contentsquare.net/uxa/ 317 KB
67 KB 72ms
22ms Script
application/javascript 18.66.112.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-26.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b290703d7b909d2b1beda2dd81c68d0ddc5e5708dfc46913d0effefe2b62afea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 10 Mar 2022 14:59:14 GMT
content-encoding: gzip
last-modified: Thu, 10 Mar 2022 14:58:38 GMT
server: AmazonS3
age: 19552
etag: "a73ad19e81ca7b442aabfb9524159d36"
x-cache: Hit from cloudfront
content-type: application/javascript;charset=utf-8
via: 1.1 98652de9f742fc1df9de714d921e14c2.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 68459
x-amz-cf-id: eCZEZoUzXp8cnjeVLLbITTUK-zaS3kWCcvogitPI_qK8F9Sn0WSiIQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 73ms
24ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f2649db29712c0b6bb0702c7c4b1187b10ec39f238ddee4f17a614fa64ce31f3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26291
x-xss-protection: 0
pragma: public
x-fb-debug: CUDXvD3GW807b42WpL+DSVRj8PS8QNFuPPELE74dN6RR73H60lN4CKV26tRlGun1dgXdyyYq4yGh6lPAMvhWpg==
x-fb-trip-id: 1709462857
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 10 Mar 2022 20:25:05 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK munchkin-beta.js Show response
munchkin.marketo.net/ 1 KB
1 KB 106ms
50ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin-beta.js
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: aaddb9b9a1d45c5de508e64c3dace01f450e4a7521229e99f03838f5067cc8f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:05 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Oct 2021 01:04:09 GMT
Server: AkamaiNetStorage
ETag: "d2b1913e6438b06d03258094a8c365f8:1633050249.484514"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 203ms
163ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96FDCABBBF0A40F0970385020179BF8E Ref B: FRAEDGE1319 Ref C: 2022-03-10T20:25:05Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11333

GET
H2 200 aquant.js Show response
secure.quantserve.com/ 24 KB
10 KB 81ms
22ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
etag: "yoD6mq4JTyPdtDBolW+GUg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 17 Mar 2022 20:25:05 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 69ms
18ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 10 Mar 2022 20:25:05 GMT

GET
H2 200 ctm.js Show response
www.cisco.com/c/dam/cdc/t/ 131 KB
31 KB 140ms
31ms Script
application/x-javascript 2a02:26f0:6c00:288::b33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisco.com/c/dam/cdc/t/ctm.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:6c00:288::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

5d5df010cd05595e4e6c8b1cd3d5f9789bed6bfdaf2ccd127a41793d90079621

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .cisco.com .jasper.com .ciscospark.com .ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com .webex.com .cdw.com .cdwg.com .cdw.ca .meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com .itquotes.ie dteonline.com ampito-cisco.com arkphire.com .insight.com .ccsmedia.com .ebuyer.com .lambda-tek.com .storm-technologies.com .vohkus.com .bechtle.com .rainfocus.com .broadbandbuyer.com .hardware.com shop.redpontem.com cisco.techdatavendors.be;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
content-length: 30408
x-xss-protection: 1; mode=block
pragma: no-cache
cdchost: wemxweb-publish-prod2-04
x-test-debug: nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1
server: Apache
x-frame-options: SAMEORIGIN
etag: "20b26-5d9561c0d4983-gzip"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
cache-control: max-age=0, no-cache, no-store
content-security-policy: upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com cisco.techdatavendors.be;
accept-ranges: bytes
expires: Thu, 10 Mar 2022 20:25:05 GMT

GET
H/1.1 200
OK lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 6 KB
6 KB 125ms
20ms Script
application/x-javascript 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

da5d487f1fe8c4f5bba93bab0b071aed1249cf770ffdbc0144a86a4c2bae3c2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:05 GMT
Connection: Keep-Alive
Last-Modified: Fri, 10 Dec 2021 19:19:18 GMT
x-amz-request-id: tx00000000000001df9503f-0062226665-22abac8d-sfo2a
etag: "b407e44b8c40c183ae2c50df3bbcf151"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1646943905.dop238.fr8.t,1646943905.cds241.fr8.shn,1646943905.dop238.fr8.t,1646943905.cds222.fr8.c
Content-Type: application/x-javascript
Cache-Control: max-age=82500
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 5673

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 18ms
17ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: cbda94666db24554bf77638fc059848d381c3c98f7f24641fa830abcd5793de7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 11:03:52 GMT
server: ECS (frb/67D4)
age: 73214
etag: "91271032dc32d81:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32300

GET
H2 200 inlinks.js Show response
jscloud.net/x/12296/ 943 B
1019 B 103ms
42ms Script
application/javascript 2606:4700:20::681a:427
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jscloud.net/x/12296/inlinks.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:427 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96c5bfab045aceeb52ae2daa17605f436dd4ab9be43bbc87ac3debdbc9768ffb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 15 Jul 2021 06:33:19 GMT
server: cloudflare
age: 4431
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xuKiOmHQknAakZWiSwwdkDf7U3ZDJ9RpX4G1dDEGseEhihN5p7CykPs3pE3k9wtTrvrnA4%2B5ssVhwJ%2Bv7U7%2BlKsKAv%2BfWD4h51c0xkjV5ZkI7pWHmY5%2Fb%2BFnsmUv0k4q9td%2BiHKgWfWU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e9ec7138ff191db-FRA

POST
H2 204 collect
analytics.google.com/g/ 0
341 B 70ms
24ms Ping
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-95Z7P6PE75&gtm=2oe370&_p=156721766&sr=1600x1200&_gaz=1&ul=en-us&cid=837622259.1646943906&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&dt=404%20%7C%20Decipher&sid=1646943905&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 79ms
27ms Ping
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-95Z7P6PE75&cid=837622259.1646943906&gtm=2oe370&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 89ms
45ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-95Z7P6PE75&cid=837622259.1646943906&gtm=2oe370&aip=1&z=1364016595

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1646943905775%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&liSync=true&e_ipv6=AQIi3MI...

0
264 B

244ms
201ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&liSync=true&e_ipv6=AQIi3MII2dAaTgAAAX91gaovU1a_rmYEp_RSPjtYq4FRHwp92a0HWI9gZAoT31STFD1K4NTQcVwv-NN4sozjY7GpWYoH_Q
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B618537F16E34BE0A6E0534D6BEEB363 Ref B: FRAEDGE0907 Ref C: 2022-03-10T20:25:06Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXZ4wKEQYrljuBv5bkYFA==
x-li-fabric: prod-lor1

Redirect headers

date: Thu, 10 Mar 2022 20:25:05 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B3AEA645AE6242538C8FE16DC4C4F904 Ref B: FRAEDGE1219 Ref C: 2022-03-10T20:25:06Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1646943905775&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&liSync=true&e_ipv6=AQIi3MII2dAaTgAAAX91gaovU1a_rmYEp_RSPjtYq4FRHwp92a0HWI9gZAoT31STFD1K4NTQcVwv-NN4sozjY7GpWYoH_Q
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXZ4wKAg8Hxj+jHwozzFA==

GET
H3 200 216127175396154 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 190ms
163ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/216127175396154?v=2.9.55&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

40cfbaf0e88b1ade1b28de2154c7ae9bf74aa4ccb30c635cdc0b82cf4383e896

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: EZULq6uDsoYcStgfKDQNzMNoc2oxhAfP/Qh3ZKPkOsIvVuyA0mRiY5FJgRLBUQnY0esTt/3IzfHblZhG+/fB+g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 10 Mar 2022 20:25:05 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 rules-p-4CduNLZtPCAtp.js Show response
rules.quantcount.com/ 2 KB
1 KB 64ms
24ms Script
application/javascript 2600:9000:223c:cc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4CduNLZtPCAtp.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:cc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d48d4cabc9c195baa08e42be70679688d706970ddd862bd91b857109d2a8874

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
age: 1288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Wed, 03 Feb 2021 00:36:24 GMT
server: AmazonS3
etag: W/"7d60bb0c5a7bdaca5a9466f9ef246056"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: wy2WcGAZ49A3sbVzUCpWuBs7Rbe6OaHa6yiqVEyqItZoqb9oUZNKEQ==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 52ms
25ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=156721766&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&ul=en-us&de=UTF-8&dt=404%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABQAAAAC~&jid=1396108544&gjid=1204781200&cid=837622259.1646943906&tid=UA-20141016-1&_gid=1357511998.1646943906&_r=1&gtm=2wg370MFPB9D&z=514785724

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
436 B 33ms
26ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-20141016-1&cid=837622259.1646943906&jid=1708767450&gjid=1956791818&_gid=1357511998.1646943906&_u=aCDAgAABQAAAAG~&z=235370303

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 10 Mar 2022 20:25:05 GMT
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 40ms
19ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=156721766&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&ul=en-us&de=UTF-8&dt=404%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgAABQAAAAC~&jid=1708767450&gjid=1956791818&cid=837622259.1646943906&tid=UA-20141016-1&_gid=1357511998.1646943906&gtm=2wg370MFPB9D&cg3=Decipher%20Traffic%20Only&z=951989814

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:16:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22134
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 xdframe-single-domain-1.1.1.html Show response
csxd.contentsquare.net/uxa/ Frame 53C9 2 KB
1 KB 108ms
22ms Document
text/html 2600:9000:2250:6c00:1b:ed91:4680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csxd.contentsquare.net/uxa/xdframe-single-domain-1.1.1.html?pid=5637
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:6c00:1b:ed91:4680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1a9abb0dc96d5a0fcc121a6de3a2c29c193a91d2f68939080e111b54d01d9e8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/

Response headers

content-type: text/html
date: Mon, 07 Mar 2022 15:41:02 GMT
last-modified: Mon, 07 Mar 2022 15:32:43 GMT
etag: W/"fbd0a9f9a63a143cf028aca21682b386"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 109c7a7f1cf897851e09b16d3030a948.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: qIAzd834AaUajCX6hilZa2IhI92Gk0Oy_-emWsJdPNQpa9FtQsgkNw==
age: 276244

GET
BLOB 200
OK ac2acaa1-3632-45f1-981f-f85ee1a37601
https://duo.com/ 6 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://duo.com/ac2acaa1-3632-45f1-981f-f85ee1a37601
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b431277c07496a54bd0224b23428ed890e7323037ab3c5460fb051b4f65e78e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 6483
Content-Type: application/javascript

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 53ms
26ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-20141016-1&cid=837622259.1646943906&jid=1396108544&gjid=1204781200&_gid=1357511998.1646943906&_u=aADAAAAAQAAAAC~&z=482217744

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 10 Mar 2022 20:25:05 GMT
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 91ms
43ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-20141016-1&cid=837622259.1646943906&jid=1708767450&_u=aCDAgAABQAAAAG~&z=1616762165

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 73ms
45ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-20141016-1&cid=837622259.1646943906&jid=1708767450&_u=aCDAgAABQAAAAG~&z=1616762165

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 35ms
35ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin-beta.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Sat, 18 Jun 2022 20:25:05 GMT

GET
H2 200 pixel;r=2069844608;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS;uht=2;fpan=1;fpa=P0-1483127806-1646...
pixel.quantserve.com/ 35 B
370 B 28ms
23ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2069844608;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS;uht=2;fpan=1;fpa=P0-1483127806-1646943905893;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=duo.com;je=0;sr=1600x1200x24;dst=0;et=1646943905893;tzo=0;ogl=site_name.Decipher%2Ctype.website%2Curl.https%3A%2F%2Fduo%252Ecom%2Fdecipher%2Cdescription.Security%20without%20fear%252E%20The%20web%20doesn%E2%80%99t%20have%20to%20be%20dark%252E%20Decipher%E2%80%99s%20goal%20is%20to%20br%2Cimage.%2Fassets%2Fimg%2Fseo-images%2Fmeta-decipher-default%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.630

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 4006052.js Show response
bat.bing.com/p/action/ 776 B
807 B 246ms
246ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/4006052.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ac4d9afc41254874b201159e9fd841bc0252549a851ca7a24db49e887feefd37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8FFEFE0FBB046CE80F496E6DB567022 Ref B: FRAEDGE1319 Ref C: 2022-03-10T20:25:05Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 643

GET
H2 200 httpsduocomdeciphertrailblazerhuntscompromisedcredentialsinawsnAWS.json Show response
jscloud.net/x/13009/ 26 B
557 B 187ms
139ms XHR
application/json 2606:4700:20::681a:427
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jscloud.net/x/13009/httpsduocomdeciphertrailblazerhuntscompromisedcredentialsinawsnAWS.json
Requested by: Host: jscloud.net
URL: https://jscloud.net/x/12296/inlinks.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:427 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a998ab5472475c3418c7977b6214c566aad928094dceb86d2e9f53bdbdd26c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 16 Jan 2020 10:42:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbfaxR%2Fx2OuTQpMLOez9tz8D7FdkFS4hp86RbzZCxPWQMgoazpoNCP8CcVhmlrgqrrGtkh6Dtf1pLlMbdzhJKM3XN13vxN%2FHET5243OjeeRBh%2BNRwLdEyQqQPIdP5XiBF7FRCgeg%2BYBB"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6e9ec71469fc9128-FRA
content-length: 26

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 207 KB
56 KB 69ms
31ms Script
application/x-javascript 184.30.24.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Requested by: Host: www.cisco.com
URL: https://www.cisco.com/c/dam/cdc/t/ctm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ff5807a04917b6e4e110dc61660510cd57bcec18f20bd968b8360f27e017bc7b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
content-encoding: gzip
last-modified: Thu, 17 Feb 2022 16:21:00 GMT
server: AkamaiNetStorage
etag: "612666af8c3d805520fb664784780624:1645114860.434451"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Thu, 10 Mar 2022 20:30:06 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 52ms
51ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-20141016-1&cid=837622259.1646943906&jid=1396108544&_u=aADAAAAAQAAAAC~&z=338381215

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-20141016-1&cid=837622259.1646943906&jid=1396108544&_u=aADAAAAAQAAAAC~&z=338381215

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
074-uqx-410.mktoresp.com/webevents/ 2 B
311 B 765ms
166ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://074-uqx-410.mktoresp.com/webevents/visitWebPage?_mchNc=1646943905960&_mchCn=&_mchId=074-UQX-410&_mchTk=_mch-duo.com-1646943905960-42960&_mchHo=duo.com&_mchPo=&_mchRu=%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:06 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: c18d9b42-f639-42e7-bbdc-06c643840744

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 133ms
38ms Image
text/plain 34.247.238.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?pid=5637&uu=c1aa19ef-4864-adae-dc64-7a053dc78692&sn=1&lv=1646943906&lhd=1646943906&hd=1646943906&pn=1&dw=1600&dh=3173&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&uc=1&la=en-US&v=11.10.1&r=195423
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.238.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-238-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:06 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1646943906069
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1646943906069

973 B
1 KB

48ms
48ms

XHR
application/json

54.155.215.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1646943906069

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

HTTP/1.1

Server

54.155.215.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-155-215-129.eu-west-1.compute.amazonaws.com

Software

Resource Hash

1eda00ed40961e8543be84114fb6039dc838f6c077da65521c67e11e8f9c71bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v029-0b9a15b5a.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: xt/DcMe2TFA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://duo.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 530
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v029-096df5bfa.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://duo.com
X-TID: QsqSVX4YTYA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1646943906069
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 120108061684670 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 153ms
153ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/120108061684670?v=2.9.55&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c6ee633e85ccc83384a1df0183f622bc7cfc020570e520112b17e4555365c3ac

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: CwYtXnfXXzJ8t+oe7YH753Xm3IZELYsTiBrb4z+N79N1AV2QCilMW1wuhCN7geqpbEutEVmX15PgeX4rDmMXPA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 10 Mar 2022 20:25:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 73ms
24ms Image
image/gif 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=216127175396154&ev=PageView&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&rl=&if=false&ts=1646943906084&sw=1600&sh=1200&v=2.9.55&r=stable&ec=0&o=30&fbp=fb.1.1646943906083.1743099928&it=1646943905797&coo=false&exp=p0&rqm=GET

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 10 Mar 2022 20:25:06 GMT

GET
H2 200 clarity.js Show response
j.clarity.ms/s/0.6.32/ 53 KB
23 KB 323ms
105ms Script
application/javascript 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/4006052.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:05 GMT
content-encoding: br
etag: "1d8314040aa9e90"
last-modified: Sun, 06 Mar 2022 09:55:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK dest5.html Show response
cisco.demdex.net/ Frame 6D99 7 KB
3 KB 167ms
40ms Document
text/html 54.194.228.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cisco.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.228.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-228-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 10 Mar 2022 20:25:06 GMT
DCS: dcs-prod-irl1-2-v029-076884f11.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 4 Mar 2022 17:57:15 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: yztSKkhASRw=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
smetrics.cisco.com/ 48 B
500 B 201ms
27ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.cisco.com/id?d_visid_ver=4.1.0&d_fieldgroup=A&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&mid=07020888306619072294153137653115462542&ts=1646943906286

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

bc1aed44c70061d4c90dd41d0d262e18f82a5331c388bf8a66cd3f1e0b329e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7f6b754cd4-k2bj8
vary: Origin
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 51ms
24ms Image
image/gif 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=120108061684670&ev=PageView&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&rl=&if=false&ts=1646943906292&sw=1600&sh=1200&v=2.9.55&r=stable&ec=0&o=30&fbp=fb.1.1646943906083.1743099928&it=1646943905797&coo=false&exp=p0&rqm=GET

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 10 Mar 2022 20:25:06 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEPwynmrzsO9Qi3YlII_gCdE&google_cver=1
dpm.demdex.net/ Frame 6D99
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDAxNzk1NTA3NTc3OTkzODk3MjM0Njg3NDAwMTExMTQzMTQyNTU=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDAxNzk1NTA3NTc3OTkzODk3MjM0Njg3NDAwMTExMTQzMTQyNTU=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEPwynmrzsO9Qi3YlII_gCdE&google_cver=1?gdpr=0&gdpr_consent=

42 B
943 B

45ms
45ms

Image
image/gif

54.155.215.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEPwynmrzsO9Qi3YlII_gCdE&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

HTTP/1.1

Server

54.155.215.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-155-215-129.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v029-0c5ad84d5.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: SWyFmNyhQgM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEPwynmrzsO9Qi3YlII_gCdE&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 6D99 43 B
355 B 170ms
132ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=00179550757799389723468740011114314255&p_id=38594

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 115
date: Thu, 10 Mar 2022 20:25:06 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 709895cd280d3ace70e6415b505664ba9b21f47722b08fcbeee5dad1e99b415f
content-length: 43

GET
H2 200 din1451alt_g-webfont.woff2
duo.com/site/themes/duo/fonts/din1451alt/ 22 KB
23 KB 480ms
479ms Font
application/octet-stream 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/site/themes/duo/fonts/din1451alt/din1451alt_g-webfont.woff2

Requested by

Host: duo.com
URL: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-12.fra60.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

ede067783c02098828dfe0bda385a9913ff79006eb2cd1a406bcc18e66cd7bad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904
Origin: https://duo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P3
x-cache: RefreshHit from cloudfront
date: Thu, 10 Mar 2022 20:25:07 GMT
content-length: 22668
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 24 Oct 2018 13:45:04 GMT
server: Duo/1.0
etag: "5bd07760-588c"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: mc-luLUVS7naVnPSye64L5S9ziEqecVv9MiBSSxNwjYNuLwWqj7XtA==
expires: Thu, 10 Mar 2022 20:30:07 GMT

GET
H2 200 din1451alt-webfont.woff2
duo.com/site/themes/duo/fonts/din1451alt/ 17 KB
18 KB 475ms
475ms Font
application/octet-stream 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/site/themes/duo/fonts/din1451alt/din1451alt-webfont.woff2

Requested by

Host: duo.com
URL: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-12.fra60.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

e9f76eabead93f85fc4dc190dca4b1419dcd76b57b1c22649856b01d3ac2536e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904
Origin: https://duo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P3
x-cache: RefreshHit from cloudfront
date: Thu, 10 Mar 2022 20:25:07 GMT
content-length: 17424
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 24 Oct 2018 13:45:04 GMT
server: Duo/1.0
etag: "5bd07760-4410"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: e3hLx6HC0FG9rrfDiwPCnVtRRhgSiFoP_op7bBwpW5mOKTowKKzubw==
expires: Thu, 10 Mar 2022 20:30:07 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6408 0
15 B 25ms
25ms Document
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://duo.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://duo.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0
date: Thu, 10 Mar 2022 20:25:06 GMT

GET
H2 200 multi-squares-2.svg
duo.com/assets/img/decipher/svg/ 1 KB
973 B 31ms
31ms Image
image/svg+xml 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/decipher/svg/multi-squares-2.svg
Requested by: Host: duo.com
URL: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 4adefd63c0816744b24f5f7c63c2ab245eb000b310fe05fb998cfccb98bad0cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/site/themes/duo/css/production-2018.css?v=1611611904
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Wed, 02 Mar 2022 20:27:17 GMT
content-encoding: gzip
last-modified: Wed, 24 Oct 2018 13:44:56 GMT
server: Duo/1.0
age: 691069
etag: W/"5bd07758-5d4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: 3ga9dYD8qG94C2Pheh3pWhX48Qte1LrgD1E7rf9UE9lxd0-lE2RTdw==
expires: Thu, 02 Mar 2023 20:27:17 GMT

GET
H2 200 icon-sprite.20210716.svg Show response
duo.com/site/themes/duo/fonts/ 243 KB
82 KB 19ms
19ms XHR
image/svg+xml 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/fonts/icon-sprite.20210716.svg
Requested by: Host: duo.com
URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1611611904
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 52bebb3587e40b87de4c9b43417ff90a3dff499b24ce969f09a06990990f3921

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Tue, 01 Mar 2022 22:11:40 GMT
content-encoding: gzip
last-modified: Fri, 16 Jul 2021 21:25:09 GMT
server: Duo/1.0
age: 771205
etag: W/"60f1f935-3caee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: ZFPH13hOaEQfymrjfiGvUeQPJSm0joTqiX_Sf9WDCGixfA-RfkHtHg==
expires: Wed, 01 Mar 2023 22:11:40 GMT

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 6D99
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=00179550757799389723468740011114314255&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-gqP3bvJE2pGfAsuz98bnGX44m3DHmnii9BU-~A

42 B
943 B

44ms
44ms

Image
image/gif

54.155.215.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-gqP3bvJE2pGfAsuz98bnGX44m3DHmnii9BU-~A

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

HTTP/1.1

Server

54.155.215.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-155-215-129.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v029-082628e4f.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: EatbHJXaQu8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Thu, 10 Mar 2022 20:25:06 GMT
via: http/1.1 spdc0104.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
strict-transport-security: max-age=31536000
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-gqP3bvJE2pGfAsuz98bnGX44m3DHmnii9BU-~A
content-length: 0

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
202 B 20ms
20ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=00948ab70fcd40b7d606ba8337e8a3b0&_biz_s=1fd27&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&_biz_t=1646943905789&_biz_i=%20404%20%7C%20Decipher&_biz_n=0&a=duo.com&rnd=883114&cdn_o=a&_biz_z=1646943906907
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:06 GMT
last-modified: Thu, 10 Mar 2022 01:07:00 GMT
server: ECS (frb/6739)
age: 69486
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
327 B 20ms
19ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=00948ab70fcd40b7d606ba8337e8a3b0&_biz_s=1fd27&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&_biz_t=1646943906911&_biz_i=%20404%20%7C%20Decipher&a=duo.com&rnd=642973&cdn_o=a&_biz_z=1646943906911
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:06 GMT
last-modified: Thu, 03 Mar 2022 23:57:36 GMT
server: ECS (frb/67C2)
age: 592050
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 utag.5.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 71 KB
25 KB 25ms
24ms Script
application/x-javascript 184.30.24.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.46.202202171620
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3af7c05eb5a2423969186314c2df01462f89bcbb46d1d2c81c5a782b2ceee981

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 17:08:17 GMT
server: AkamaiNetStorage
etag: "fa54c443961e65143efa7a7d0cea34f0:1634231297.33339"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 25619
expires: Fri, 25 Mar 2022 20:25:06 GMT

GET
H2 200 utag.3.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 21 KB
7 KB 22ms
22ms Script
application/x-javascript 184.30.24.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.3.js?utv=ut4.46.202202171620
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b5ecef87ef7289c4b546da05e7c0726e9fb557486ac91706fc477c7a617629a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
content-encoding: gzip
last-modified: Fri, 16 Jul 2021 15:31:27 GMT
server: AkamaiNetStorage
etag: "a84da8128747ee3521fe1899eeb11559:1626449487.562285"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 7015
expires: Fri, 25 Mar 2022 20:25:06 GMT

GET
H2 200 utag.28.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 2 KB
1 KB 20ms
20ms Script
application/x-javascript 184.30.24.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.28.js?utv=ut4.46.202106171628
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c72062a60866c674a25f2a5b5d8344e9509c7381a6472f2a484325ac14597ee8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
content-encoding: gzip
last-modified: Thu, 17 Jun 2021 16:28:49 GMT
server: AkamaiNetStorage
etag: "097dc543fb3caec1bac670f2bd520652:1623947329.572906"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 999
expires: Fri, 25 Mar 2022 20:25:06 GMT

GET
H2 404 data.json Show response
duo.com/site/themes/duo/json-bodymovin/d-logo-light/ 48 KB
12 KB 178ms
177ms XHR
text/html 13.32.99.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/json-bodymovin/d-logo-light/data.json
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-12.fra60.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 8f8e2f04bc1eea3a4e183f2fdaec7969f9ef3ebe7cfcc4285f1d352937cd2a0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:07 GMT
content-encoding: gzip
server: Duo/1.0
x-amz-cf-pop: FRA60-P3
etag: W/"61255104-bf39"
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: text/html; charset=utf-8
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
content-length: 11938
x-amz-cf-id: HfJYHhYXjQKahdMQ74hN38UqljDvd5nugEMFYtU6trnXOHxmoMdnyg==

GET
H2 204 0
bat.bing.com/action/ 0
160 B 41ms
41ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4006052&Ver=2&mid=1db0f8f4-8825-4801-ae93-154b3cd44eb7&sid=2ceb8560a0b011ecaca29f1771982d5d&vid=2ceb9ee0a0b011ec83532da21eb8e554&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=404%20%7C%20Decipher&p=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&r=&lt=1849&evt=pageLoad&msclkid=N&sv=1&rn=316154
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4EA6DB60BCB54A878CA4BA0293F0BD34 Ref B: FRAEDGE1319 Ref C: 2022-03-10T20:25:07Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
87 B 208ms
208ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://duo.com
date: Thu, 10 Mar 2022 20:25:06 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 6D99
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=00179550757799389723468740011114314255
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=00179550757799389723468740011114314255

0
338 B

117ms
36ms

Image
text/plain

52.48.40.152
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=00179550757799389723468740011114314255
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Server: 52.48.40.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-40-152.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:07 GMT
cache-control: private, no-cache, no-store
x-request-time: D=27 t=1646943907
x-served-by: beacon-n017-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=00179550757799389723468740011114314255
date: Thu, 10 Mar 2022 20:25:07 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a006-ash-prod.krxd.net

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 77A4 0
15 B 26ms
26ms Document
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://duo.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://duo.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0
date: Thu, 10 Mar 2022 20:25:07 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
419 B 183ms
183ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=00948ab70fcd40b7d606ba8337e8a3b0&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.02.16&a=duo.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 648587c98ee99d713efdad5384946fd579044d3b9201516d237f67f008b34f6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:06 GMT
cache-control: private, must-revalidate, max-age=21600
server: ECS (frb/6711)
content-type: text/javascript; charset=utf-8
etag: 371429CB
content-length: 116
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 u
cdn.bizible.com/m/ 43 B
144 B 23ms
22ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A074-UQX-410%26token%3A_mch-duo.com-1646943905960-42960&_biz_u=00948ab70fcd40b7d606ba8337e8a3b0&_biz_s=1fd27&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&_biz_t=1646943906912&_biz_i=%20404%20%7C%20Decipher&_biz_n=1&a=duo.com&rnd=825207&cdn_o=a&_biz_z=1646943907133
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6776) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:07 GMT
last-modified: Thu, 03 Mar 2022 23:59:28 GMT
server: ECS (frb/6776)
age: 591940
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizible.com/m/ 43 B
85 B 27ms
26ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=ecid&mapValue=B8D07FF4520E94C10A490D4C%40AdobeOrg_07020888306619072294153137653115462542&_biz_u=00948ab70fcd40b7d606ba8337e8a3b0&_biz_s=1fd27&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&_biz_t=1646943906913&_biz_i=%20404%20%7C%20Decipher&_biz_n=2&a=duo.com&rnd=282909&cdn_o=a&_biz_z=1646943907133
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6776) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:07 GMT
last-modified: Thu, 03 Mar 2022 23:59:28 GMT
server: ECS (frb/6776)
age: 591940
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 38ms
38ms Image
text/plain 34.247.238.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=11.10.1&pid=5637&uu=c1aa19ef-4864-adae-dc64-7a053dc78692&sn=1&pn=1&dv=N4IgxgzgsghgLmAFgSwHYHMDSBTAniALhAAYA6AdgBZLyBGAVgDYAmZmgTnsvoH1bHKjdpQDM7YnUoAOEAF8gA%3D%3D&r=545548
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.238.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-238-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:07 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
83 KB 57ms
57ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d892eb15160967ea0a162186af87b2b8be11ceab5dc3db6f87a77f0fb6d072d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84831
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 10 Mar 2022 20:25:07 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 16ms
16ms Script
application/x-javascript 184.30.24.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=cisco/duo/202202171620&cb=1646943907163
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 20:25:07 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Thu, 10 Mar 2022 20:35:07 GMT

GET
H/1.1 200
OK ntpagetag.gif
cisco-tags.cisco.com/tag/ 85 B
598 B 645ms
128ms Image
image/gif 72.163.10.10
CISCOSYSTEMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cisco-tags.cisco.com/tag/ntpagetag.gif?js=1&ts=1646943907161.581&lc=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&rs=1600x1200&cd=24&ln=en&tz=GMT&jv=0&utag_main_v_id=017f7581a901002b4c1b041a076003072004e06a00b08&meta.viewport=width%3Ddevice-width%2C%20initial-scale%3D1.0%2C%20user-scalable%3Dyes&title=404%20%7C%20decipher&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&tag=ut4.46.202202171620&entitlement=undefined&locale=en-us&meta.country=us&meta.locale=us&breakpoint=unavailable&content_type=no%20contenttype&linktrack=linkpage&loc=http%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&cookie_length=1000&meta.iapath=no%20iapath&hier1=no%20iapath&meta.wm_reporting_category=no%20iapath&sa_source=meta.iapath&t_profile=cisco.duo&t_load=ctm&suite=cisco-complete&returnVisit=false&cookies=true&localstorage=true&dnt=false&_ga=GA1.2.837622259.1646943906&conversion=event1&adobeVersions=AppMeasurement%3D2.12.0%2CVisitorJS%3D4.1.0%2CMbox%3Dna&meta.msapplication-tilecolor=%23000000&meta.msapplication-config=%2Fassets%2Fimg%2Fdecipher%2Ffavicons%2Fbrowserconfig.xml&meta.theme-color=%23ffffff&meta.robots=index%2Cfollow%2Carchive&meta.fb:app_id=2090208394329663&meta.og:site_name=decipher&meta.og:type=website&meta.og:url=https%3A%2F%2Fduo.com%2Fdecipher&meta.twitter:card=summary_large_image&meta.twitter:site=%40deciphersec&meta.twitter:creator=%40deciphersec&meta.description=security%20without%20fear.%20the%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.&meta.og:description=security%20without%20fear.%20the%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.&meta.twitter:description=security%20without%20fear.%20the%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.&meta.twitter:image=%2Fassets%2Fimg%2Fseo-images%2Fmeta-decipher-default.jpg&meta.og:image=%2Fassets%2Fimg%2Fseo-images%2Fmeta-decipher-default.jpg&meta.og:image:width=1200&meta.og:image:height=630&meta.bitly-verification=040b99f315c6&meta.google-site-verification=svd8ahbyylsc2wljqdzwij1d2tnu8-u3fbldciehxdu&meta.twitter:widgets:csp=on&ets=1646943907163.68

Requested by

Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

72.163.10.10 , United States, ASN109 (CISCOSYSTEMS, US),

Reverse DNS

cisco-tags.cisco.com

Software

Apache/2.2 /

Resource Hash

b96b64444f7d52c39b5716fe4d3e8d0433c67fb79731a4400188835d97b74bce

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:07 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 12 Jun 2009 13:18:26 GMT
Server: Apache/2.2
ETag: "55"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Content-Security-Policy: script-src 'self'; object-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=1000
Content-Length: 85
X-XSS-Protection: 1; mode=block

GET
H2 200 s4568389293362 Show response
smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/ 927 B
1 KB 56ms
56ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/s4568389293362?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=10%2F2%2F2022%2020%3A25%3A7%204%200&d.&nsid=0&jsonv=1&.d&sdid=7E7C47F423349C2A-58DC27EC4A6B3687&mid=07020888306619072294153137653115462542&aamlh=6&ce=UTF-8&ns=cisco&pageName=duo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2Fnaws&g=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&cc=USD&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=404%20%7C%20decipher&h1=duo.com%3Adecipher%3Atrailblazer-hunts-compromised-credentials-in-aws%3Anaws&c2=undefined%3Ano%20iapath%3Anaws&c3=duo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2Fnaws&h3=no%20iapath&c10=12%3A25%20PM%7CThursday&v10=12%3A25%20PM%7CThursday&v25=duo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2Fnaws&v26=no%20contenttype&c28=no%20iapath&v28=no%20iapath&c33=en-us&v33=en-us&c41=duo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2Fnaws&c46=ut4.46.202202171620&v48=undefined&c50=cisco-complete&c51=unavailable&c53=no%20contenttype&c59=017f7581a901002b4c1b041a076003072004e06a00b08&v63=unavailable&v77=AppMeasurement%3D2.12.0%2CVisitorJS%3D4.1.0%2CMbox%3Dna&v78=dnt%3Dfalse%2Ccookies%3Dtrue%2Clocalstorage%3Dtrue&v92=0.744715622479545_1646943907148&v98=cisco.duo&v106=07020888306619072294153137653115462542&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&AQE=1

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.46.202202171620

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

56bc314c97182f1a4db111746831ec4ab6b5efeddced5484e777f05899b0794e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-aam-tid: bQq4yIfDS7s=
date: Thu, 10 Mar 2022 20:25:07 GMT
x-content-type-options: nosniff
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
vary: *
content-length: 927
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v029-0d59995ac.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Fri, 11 Mar 2022 20:25:07 GMT
server: jag
xserver: anedge-7f6b754cd4-wkzv9
etag: 3536785110268870656-4619378340947353047
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 09 Mar 2022 20:25:07 GMT

GET
H2 200 inspectlet.js Show response
cdn.inspectlet.com/ 188 KB
62 KB 92ms
33ms Script
text/javascript 2606:4700:10::6816:38f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.inspectlet.com/inspectlet.js
Requested by: Host: duo.com
URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 6e9ec71d5ef19165-FRA
date: Thu, 10 Mar 2022 20:25:07 GMT
via: 1.1 vegur
cf-cache-status: HIT
last-modified: Thu, 10 Mar 2022 20:24:17 GMT
server: cloudflare
age: 50
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: s-maxage=60, max-age=14400
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 679911470 Show response
hn.inspectlet.com/ginit/ 26 B
284 B 528ms
511ms XHR
application/json 2606:4700:10::6816:38f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/ginit/679911470
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 10 Mar 2022 20:25:07 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26
server: cloudflare
etag: W/"1a-SbP85p8orEJpLUh6vRJ6Iw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://duo.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 6e9ec71dd8a89165-FRA
access-control-allow-headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
697 B 52ms
16ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Mar 2022 20:25:07 GMT
X-Proxy-Origin: 217.114.215.131; 217.114.215.131; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4631a71a-6666-4ca3-bed5-cc2a87eaa901
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://duo.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
363 B 120ms
18ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d29e0f8f4c066f993407e207c64a3ca20783c4f31ecc3ff427782c60ef617a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:07 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://duo.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=3D0E4E82DD614F28BB8B0E0ECABDE65A&RedC=c.clarity.ms&MXFR=0F1BC8364EB4674D1071D9554AB469A0
https://c.clarity.ms/c.gif?CtsSyncId=3D0E4E82DD614F28BB8B0E0ECABDE65A&MUID=1F893492A33C6B961F3525F1A2EE6AC4

42 B
369 B

36ms
35ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=3D0E4E82DD614F28BB8B0E0ECABDE65A&MUID=1F893492A33C6B961F3525F1A2EE6AC4
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:07 GMT
last-modified: Mon, 28 Feb 2022 22:29:30 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7c5ed6a6f22cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 10 Mar 2022 20:25:07 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F5BF4C307C2542CDBB0B6AF600CDAD76 Ref B: FRAEDGE1319 Ref C: 2022-03-10T20:25:07Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=3D0E4E82DD614F28BB8B0E0ECABDE65A&MUID=1F893492A33C6B961F3525F1A2EE6AC4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=156721766&t=event&ni=1&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&ul=en-us&de=UTF-8&dt=404%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=undefined&ea=undefined&_u=aDDAAAABQAAAAG~&jid=&gjid=&cid=837622259.1646943906&tid=UA-20141016-1&_gid=1357511998.1646943906&gtm=2wg370MFPB9D&cd2=837622259.1646943906&z=476841891

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:16:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22136
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=156721766&t=event&ni=1&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&ul=en-us&de=UTF-8&dt=404%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=CRI%20-%20Scroll%20Tracking&ea=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&el=50%25&_u=aDDAAEABQAAAAG~&jid=&gjid=&cid=837622259.1646943906&tid=UA-20141016-1&_gid=1357511998.1646943906&gtm=2wg370MFPB9D&z=499079516

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:16:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22136
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 19ms
19ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=156721766&t=event&ni=1&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&ul=en-us&de=UTF-8&dt=404%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=CRI%20-%20Scroll%20Tracking&ea=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&el=75%25&_u=aDDAAEABQAAAAG~&jid=&gjid=&cid=837622259.1646943906&tid=UA-20141016-1&_gid=1357511998.1646943906&gtm=2wg370MFPB9D&z=555048956

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:16:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22136
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 240ms
189ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=null&session=c361724a-9684-42d4-87a9-560394a7f897&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A05%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Security%20without%20fear.%20The%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20Decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%20404%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&pageViewId=c10679e9-ead1-430b-8a8c-a0db7335febb&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:08 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 107ms
106ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://duo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://duo.com
date: Thu, 10 Mar 2022 20:25:07 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 201ms
200ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=36bb1002ae500000a15e2a62f6020000a8a00b00&session=c361724a-9684-42d4-87a9-560394a7f897&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A05%20GMT%22%2C%22timeSpent%22%3A%223036%22%2C%22totalTimeSpent%22%3A%223036%22%7D&isIframe=false&m=%7B%22description%22%3A%22Security%20without%20fear.%20The%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20Decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%20404%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&pageViewId=c10679e9-ead1-430b-8a8c-a0db7335febb&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:09 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 191ms
190ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=36bb1002ae500000a15e2a62f6020000a8a00b00&session=c361724a-9684-42d4-87a9-560394a7f897&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A08%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224037%22%7D&isIframe=false&m=%7B%22description%22%3A%22Security%20without%20fear.%20The%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20Decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%20404%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&pageViewId=c10679e9-ead1-430b-8a8c-a0db7335febb&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:09 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 188ms
188ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=36bb1002ae500000a15e2a62f6020000a8a00b00&session=c361724a-9684-42d4-87a9-560394a7f897&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A09%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%225040%22%7D&isIframe=false&m=%7B%22description%22%3A%22Security%20without%20fear.%20The%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20Decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%20404%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&pageViewId=c10679e9-ead1-430b-8a8c-a0db7335febb&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:10 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 188ms
187ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=36bb1002ae500000a15e2a62f6020000a8a00b00&session=c361724a-9684-42d4-87a9-560394a7f897&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2010%20Mar%202022%2020%3A25%3A10%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226041%22%7D&isIframe=false&m=%7B%22description%22%3A%22Security%20without%20fear.%20The%20web%20doesn%E2%80%99t%20have%20to%20be%20dark.%20Decipher%E2%80%99s%20goal%20is%20to%20bring%20order%20to%20this%20unpredictable%20and%20often%20confusing%20landscape%20by%20providing%20fresh%20perspectives%20from%20trusted%20voices.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%20404%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2FnAWS&pageViewId=c10679e9-ead1-430b-8a8c-a0db7335febb&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://duo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 20:25:11 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

376 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.duo.com/	1970-01-20 03:38:39	Name: _gcl_au Value: 1.1.614626228.1646943906
.6sc.co/	1970-01-20 19:00:15	Name: 6suuid Value: 36bb1002ae500000a15e2a62f6020000a8a00b00
.duo.com/	1970-01-20 10:14:39	Name: _biz_uid Value: 00948ab70fcd40b7d606ba8337e8a3b0
.duo.com/	1970-01-20 01:29:05	Name: _biz_sid Value: 1fd27
.duo.com/	1970-01-20 19:00:15	Name: _ga Value: GA1.2.837622259.1646943906
.duo.com/	1970-01-20 01:30:30	Name: _gid Value: GA1.2.1357511998.1646943906
.duo.com/	1970-01-20 01:29:03	Name: _gat_UA-20141016-1 Value: 1
.duo.com/	1970-01-20 01:29:03	Name: _dc_gtm_UA-20141016-1 Value: 1
.bing.com/	1970-01-20 10:50:39	Name: MUID Value: 1F893492A33C6B961F3525F1A2EE6AC4
.quantserve.com/	1970-01-20 10:59:18	Name: mc Value: 622a5ea1-decc6-2d1bd-2a2ee
.duo.com/	1970-01-20 10:53:32	Name: __qca Value: P0-1483127806-1646943905893
.duo.com/	1970-01-20 19:00:15	Name: _mkto_trk Value: id:074-UQX-410&token:_mch-duo.com-1646943905960-42960
.duo.com/	1970-01-20 10:58:27	Name: _cs_c Value: 1
.duo.com/	1970-01-20 10:58:27	Name: _cs_id Value: c1aa19ef-4864-adae-dc64-7a053dc78692.1646943906.1.1646943906.1646943906.1627413105.1681107906005
.duo.com/	1970-01-20 01:29:05	Name: _cs_s Value: 1.0.0.1646945706006
.csxd.contentsquare.net/	1970-01-20 10:58:27	Name: _cs_id___5637 Value: c1aa19ef-4864-adae-dc64-7a053dc78692.1646943906.1.1646943906.1646943906.1627413105.1681107906005
.csxd.contentsquare.net/	1970-01-20 01:29:05	Name: _cs_s___5637 Value: 1.0.0.1646945706006
.linkedin.com/	1970-01-20 02:12:15	Name: UserMatchHistory Value: AQJAgxsBmKPaNgAAAX91gaiAf1pTReBmxqqfZfZcnVRVyKga3jZqL5ryY-tKvnELYBrahMKwOBjuUg
.linkedin.com/	1970-01-20 02:12:15	Name: AnalyticsSyncHistory Value: AQLex-rV10Sx9gAAAX91gaiA73jP_AY1vIMQhIX2ShI5WnQXFfheZ8oDF6Ki9_5ezGvXVOFCU3uKQAJ-Go4y8Q
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:00:57	Name: bcookie Value: "v=2&1aa3bacd-efe4-45dc-8b66-de5d035bd85b"
.linkedin.com/	1970-01-20 01:30:30	Name: lidc Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2451:u=1:x=1:i=1646943905:t=1647030305:v=2:sig=AQHk0YtMJsIGlVn3Av3ttXA4NeP-z3gy"
.duo.com/	1970-01-20 03:38:39	Name: _fbp Value: fb.1.1646943906083.1743099928
.demdex.net/	1970-01-20 05:48:15	Name: demdex Value: 00179550757799389723468740011114314255
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:00:57	Name: bscookie Value: "v=1&2022031020250619bc197a-b6e1-49ae-8099-6695b5d617edAQEbfmzqNihaPHO3MYOQOqSCmKD9mJCN"
.linkedin.com/	1970-01-20 18:58:44	Name: li_gc Value: MTswOzE2NDY5NDM5MDY7MjswMjEJ0oGMxtk8vdqCxt2uufF1tTpXwUmDyDIoKR1jp7GuHg==
.duo.com/	1969-12-31 23:59:59	Name: AMCVS_B8D07FF4520E94C10A490D4C%40AdobeOrg Value: 1
.duo.com/	1970-01-20 19:01:42	Name: AMCV_B8D07FF4520E94C10A490D4C%40AdobeOrg Value: 281789898%7CMCIDTS%7C19062%7CMCMID%7C07020888306619072294153137653115462542%7CMCAAMLH-1647548706%7C6%7CMCAAMB-1647548706%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1646951106s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.1.0
.duo.com/	1970-01-20 10:14:39	Name: _clck Value: l1rm1b\|1\|ezn\|0
.doubleclick.net/	1970-01-20 10:50:39	Name: IDE Value: AHWqTUk_7lc9C7sV9IV2UucVuhehWnAxWw1cWjVDheZq-7vmtNQscIsUv9pC-XsxPgA
.dpm.demdex.net/	1970-01-20 05:48:15	Name: dpm Value: 00179550757799389723468740011114314255
.twitter.com/	1970-01-20 19:00:15	Name: personalization_id Value: "v1_zojxqz46Y+CG7JI5zzHwlQ=="
.duo.com/	1970-01-20 10:14:39	Name: _biz_nA Value: 3
.bizibly.com/	1970-01-20 10:14:39	Name: _BUID Value: 0d8a80bd0f4011b18b9a73f9845d432c
.bizible.com/	1970-01-20 10:14:39	Name: _BUID Value: 00948ab70fcd40b7d606ba8337e8a3b0
.duo.com/	1970-01-20 01:30:30	Name: _uetsid Value: 2ceb8560a0b011ecaca29f1771982d5d
.duo.com/	1970-01-20 10:50:39	Name: _uetvid Value: 2ceb9ee0a0b011ec83532da21eb8e554
.yahoo.com/	1970-01-20 10:15:01	Name: A3 Value: d=AQABBKJeKmICEAhzcRngQvx8qcLBwmqCflY&S=AQAAAi6ZVrNzA7WBVjLEqGvYOC4
.demdex.net/	1970-01-20 05:48:15	Name: dextp Value: 771-1-1646943906466\|1123-1-1646943906568\|30646-1-1646943906858\|66757-1-1646943907009
.duo.com/	1970-01-20 01:29:05	Name: _cs_mk Value: 0.744715622479545_1646943907148
.duo.com/	1970-01-20 10:14:39	Name: utag_main Value: v_id:017f7581a901002b4c1b041a076003072004e06a00b08$_sn:1$_se:1$_ss:1$_st:1646945706049$ses_id:1646943906049%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:duo.com$ctm_ss:true%3Bexp-session
.duo.com/	1970-01-20 10:14:39	Name: _biz_pendingA Value: %5B%5D
.duo.com/	1970-01-20 01:30:30	Name: _clsk Value: 10pi7mr\|1646943907218\|1\|1\|j.clarity.ms/collect
.duo.com/	1970-01-20 01:29:05	Name: gpv_v9 Value: duo.com%2Fdecipher%2Ftrailblazer-hunts-compromised-credentials-in-aws%2Fnaws
.duo.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.duo.com/	1970-01-20 10:14:39	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22Ecid%22%3A%22200126815%22%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.duo.com/	1970-01-20 02:12:15	Name: aam_uuid Value: 00179550757799389723468740011114314255
.krxd.net/	1970-01-20 05:48:15	Name: _kuid_ Value: OtbWLd4r
.duo.com/	1970-01-20 10:14:39	Name: __insp_wid Value: 679911470
.duo.com/	1970-01-20 10:14:39	Name: __insp_slim Value: 1646943907470
.duo.com/	1970-01-20 10:14:39	Name: __insp_nv Value: true
.duo.com/	1970-01-20 10:14:39	Name: __insp_targlpu Value: aHR0cHM6Ly9kdW8uY29tL2RlY2lwaGVyL3RyYWlsYmxhemVyLWh1bnRzLWNvbXByb21pc2VkLWNyZWRlbnRpYWxzLWluLWF3cy9uQVdT
.duo.com/	1970-01-20 10:14:39	Name: __insp_targlpt Value: NDA0IHwgRGVjaXBoZXI%3D
.duo.com/	1970-01-20 19:00:15	Name: _ga_95Z7P6PE75 Value: GS1.1.1646943905.1.0.1646943907.58
duo.com/	1970-01-20 01:39:08	Name: _an_uid Value: 0
duo.com/	1970-01-20 19:00:15	Name: _gd_visitor Value: 41062bbe-b5dc-4723-8019-a02d61a40f96
duo.com/	1970-01-20 01:29:18	Name: _gd_session Value: c361724a-9684-42d4-87a9-560394a7f897
duo.com/	1970-01-20 19:00:15	Name: _gd_svisitor Value: 36bb1002ae500000a15e2a62f6020000a8a00b00
.c.bing.com/	1970-01-20 10:50:39	Name: SRM_B Value: 1F893492A33C6B961F3525F1A2EE6AC4
.duo.com/	1970-01-20 10:14:39	Name: __insp_norec_sess Value: true
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:50:39	Name: MUID Value: 1F893492A33C6B961F3525F1A2EE6AC4
.c.clarity.ms/	1970-01-20 01:29:04	Name: ANONCHK Value: 0
.duo.com/	1969-12-31 23:59:59	Name: s_ptc Value: 0%5E%5E1%5E%5E9%5E%5E35%5E%5E335%5E%5E1%5E%5E2307%5E%5E1%5E%5E2691

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://duo.com/decipher/trailblazer-hunts-compromised-credentials-in-aws/nAWS Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://duo.com/site/themes/duo/json-bodymovin/d-logo-light/data.json Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

074-uqx-410.mktoresp.com
ajax.googleapis.com
analytics.google.com
analytics.twitter.com
b.6sc.co
bat.bing.com
beacon.krxd.net
c.6sc.co
c.bing.com
c.clarity.ms
c.contentsquare.net
cdn.bizible.com
cdn.bizibly.com
cdn.inspectlet.com
cisco-tags.cisco.com
cisco.demdex.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
csxd.contentsquare.net
dpm.demdex.net
duo.com
fast.wistia.net
hn.inspectlet.com
j.6sc.co
j.clarity.ms
jscloud.net
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
munchkin.marketo.net
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
secure.adnxs.com
secure.quantserve.com
smetrics.cisco.com
snap.licdn.com
stats.g.doubleclick.net
t.contentsquare.net
tags.tiqcdn.com
usermatch.krxd.net
www.cisco.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
104.111.233.140
104.111.234.67
104.244.42.67
13.107.42.14
13.32.99.12
142.250.186.98
15.236.176.210
152.195.15.58
18.66.112.26
184.30.24.194
192.28.147.68
20.85.30.134
205.185.216.10
212.82.100.182
2600:9000:223c:cc00:6:44e3:f8c0:93a1
2600:9000:2250:6c00:1b:ed91:4680:93a1
2606:4700:10::6816:38f5
2606:4700:20::681a:427
2620:116:800d:21:36a9:ecb:e518:b308
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:812::2003
2a00:1450:4001:827::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2008
2a00:1450:400c:c07::9c
2a02:26f0:6c00:288::b33
2a02:26f0:6c00::210:ba20
2a03:2880:f045:10:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a04:4e42:400::622
34.247.238.207
35.168.167.24
37.252.172.45
52.142.114.2
52.48.40.152
54.155.215.129
54.194.228.85
72.163.10.10
0a998ab5472475c3418c7977b6214c566aad928094dceb86d2e9f53bdbdd26c0
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
17bc337a86f4f977a5a5e3d65c09d1c59c73c1e876c87ba5871507a5a10c3e27
1c14fc148da3a58de3cf46b8f308b925e8726be015a24fe95d90783ddb1ccd71
1d48d4cabc9c195baa08e42be70679688d706970ddd862bd91b857109d2a8874
1eda00ed40961e8543be84114fb6039dc838f6c077da65521c67e11e8f9c71bd
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
2f227ba16c249437a828ecbf0eea618382bf23394fff935fef3734a2ea6b0ac8
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
35722297d0d532b3a433faeb0d2b67c56ada4342007db9de6340bdd87e2dea35
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
3af7c05eb5a2423969186314c2df01462f89bcbb46d1d2c81c5a782b2ceee981
40cfbaf0e88b1ade1b28de2154c7ae9bf74aa4ccb30c635cdc0b82cf4383e896
4adefd63c0816744b24f5f7c63c2ab245eb000b310fe05fb998cfccb98bad0cb
4d892eb15160967ea0a162186af87b2b8be11ceab5dc3db6f87a77f0fb6d072d
52bebb3587e40b87de4c9b43417ff90a3dff499b24ce969f09a06990990f3921
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56bc314c97182f1a4db111746831ec4ab6b5efeddced5484e777f05899b0794e
5b431277c07496a54bd0224b23428ed890e7323037ab3c5460fb051b4f65e78e
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
5d5df010cd05595e4e6c8b1cd3d5f9789bed6bfdaf2ccd127a41793d90079621
648587c98ee99d713efdad5384946fd579044d3b9201516d237f67f008b34f6b
68014e9a573560ad5a0a5d26bb939107bd1781db2ad2e02b95bb544d6673ac1c
694b5d6220eb8a349b60ce749052c3b923c8449bbfb4ebfb68f4fc27f1b7e92b
6a9226bfab1a58226f89d4b30ba4ea06b303dc2ccad216fb39a67a8e3cf4fc5f
6d29e0f8f4c066f993407e207c64a3ca20783c4f31ecc3ff427782c60ef617a5
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
849b2ac11460487810a7132803d8680307e25126ba000a30b4775ed3e78201be
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
8f8e2f04bc1eea3a4e183f2fdaec7969f9ef3ebe7cfcc4285f1d352937cd2a0c
96c5bfab045aceeb52ae2daa17605f436dd4ab9be43bbc87ac3debdbc9768ffb
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
aaddb9b9a1d45c5de508e64c3dace01f450e4a7521229e99f03838f5067cc8f9
ac4d9afc41254874b201159e9fd841bc0252549a851ca7a24db49e887feefd37
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3
b290703d7b909d2b1beda2dd81c68d0ddc5e5708dfc46913d0effefe2b62afea
b5ecef87ef7289c4b546da05e7c0726e9fb557486ac91706fc477c7a617629a3
b96b64444f7d52c39b5716fe4d3e8d0433c67fb79731a4400188835d97b74bce
bc1aed44c70061d4c90dd41d0d262e18f82a5331c388bf8a66cd3f1e0b329e82
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c33592c7a249c98164b3d533c58fae62ced2b403deab8f2d0cce4c4f1cbb285d
c567d0068aa9d314d13047cf6af171cce476501aac5e5521bd2b2233b16fbce5
c6ee633e85ccc83384a1df0183f622bc7cfc020570e520112b17e4555365c3ac
c72062a60866c674a25f2a5b5d8344e9509c7381a6472f2a484325ac14597ee8
cbda94666db24554bf77638fc059848d381c3c98f7f24641fa830abcd5793de7
cc27aec90c4224a6cc51b9ae69c23664b41cd27b28c3b6cd93d9bb6e92e8a712
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e
d1a9abb0dc96d5a0fcc121a6de3a2c29c193a91d2f68939080e111b54d01d9e8
da5d487f1fe8c4f5bba93bab0b071aed1249cf770ffdbc0144a86a4c2bae3c2c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f76eabead93f85fc4dc190dca4b1419dcd76b57b1c22649856b01d3ac2536e
ede067783c02098828dfe0bda385a9913ff79006eb2cd1a406bcc18e66cd7bad
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2649db29712c0b6bb0702c7c4b1187b10ec39f238ddee4f17a614fa64ce31f3
ff5807a04917b6e4e110dc61660510cd57bcec18f20bd968b8360f27e017bc7b

duo.com Open in urlscan Pro 13.32.99.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

94 Requests

93 %HTTPS

46 %IPv6

32 Domains

48 Subdomains

38 IPs

6 Countries

1658 kBTransfer

5280 kBSize

65 Cookies

3 Outgoing links

Redirected requests

94 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

duo.com Open in urlscan Pro
13.32.99.12 Public Scan

Screenshot
Live screenshot

Full Image

94
Requests

93 %
HTTPS

46 %
IPv6

32
Domains

48
Subdomains

38
IPs

6
Countries

1658 kB
Transfer

5280 kB
Size

65
Cookies

94 HTTP transactions
0 data transactions