urlscan.io logo urlscan.io
SecurityTrails logo

www.at-bay.com Open in urlscan Pro
2620:12a:8000::2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Cit...
Effective URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Cit...
Submission: On July 28 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 29 IPs in 3 countries across 25 domains to perform 66 HTTP transactions. The main IP is 2620:12a:8000::2, located in United States and belongs to FASTLY, US. The main domain is www.at-bay.com.
TLS certificate: Issued by R3 on July 6th 2023. Valid for: 3 months.
This is the only time www.at-bay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 21 2620:12a:8000::2 54113 (FASTLY)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
4 6 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:310... 20940 (AKAMAI-ASN1)
1 18.66.97.49 16509 (AMAZON-02)
1 35.244.142.80 15169 (GOOGLE)
1 108.138.7.111 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2001:4860:480... 15169 (GOOGLE)
2 35.201.112.186 396982 (GOOGLE-CL...)
2 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 35.186.194.58 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.224.189.35 16509 (AMAZON-02)
2 18.66.147.43 16509 (AMAZON-02)
1 34.204.129.135 14618 (AMAZON-AES)
66 29
21    2620:12a:8000::2 (United States)

ASN54113 (FASTLY, US)
www.at-bay.com
4    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700:3036::ac43:8a65 (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.co
6    2606:4700::6810:7caf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
3    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6812:883b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    2606:4700::6810:b841 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    2a02:26f0:3100::1735:28a8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net
static.hotjar.com
1    35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com
cdn.pdst.fm
1    108.138.7.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-111.fra56.r.cloudfront.net
script.hotjar.com
2    2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)
us-central1-adaptive-growth.cloudfunctions.net
1    2600:9000:20eb:de00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2606:4700::6811:69c7 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
1    2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6810:88ce (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
3    2606:4700::6811:d4f3 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
2    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
1    2606:4700::6811:d6f3 (United States)

ASN13335 (CLOUDFLARENET, US)
forms-na1.hsforms.com
3    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
1    13.224.189.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-35.fra2.r.cloudfront.net
widget.intercom.io
2    18.66.147.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-43.fra60.r.cloudfront.net
js.intercomcdn.com
1    34.204.129.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-129-135.compute-1.amazonaws.com
api-iam.intercom.io
Apex Domain
Subdomains		 Transfer
21 at-bay.com
www.at-bay.com
1 MB
6 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1041
46 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 384
www.linkedin.com — Cisco Umbrella Rank: 543
px4.ads.linkedin.com — Cisco Umbrella Rank: 5993
5 KB
4 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4306
forms-na1.hsforms.com — Cisco Umbrella Rank: 6975
4 KB
4 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2205
rs.fullstory.com — Cisco Umbrella Rank: 2061
71 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 265
245 KB
3 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2289
2 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 73
251 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 3124
213 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 2532
api-iam.intercom.io — Cisco Umbrella Rank: 2063
6 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4784
forms.hscollectedforms.net — Cisco Umbrella Rank: 4884
26 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 114
402 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2693
308 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 58
21 KB
2 cloudfunctions.net
us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 2799
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 759
script.hotjar.com — Cisco Umbrella Rank: 988
60 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2215
21 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2221
64 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 5772
408 B
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 876
375 B
1 pdst.fm
cdn.pdst.fm — Cisco Umbrella Rank: 2777
6 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 795
5 KB
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 6927
165 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2515
1 KB
1 unpkg.co
unpkg.co — Cisco Umbrella Rank: 198126
518 B
66 25
Domain Requested by
21 www.at-bay.com 1 redirects www.at-bay.com
6 unpkg.com 4 redirects www.at-bay.com
4 cdnjs.cloudflare.com www.at-bay.com
cdnjs.cloudflare.com
3 track.hubspot.com
3 forms.hsforms.com js.hsforms.net
www.at-bay.com
3 px.ads.linkedin.com 3 redirects
3 www.googletagmanager.com www.at-bay.com
www.googletagmanager.com
2 js.intercomcdn.com widget.intercom.io
2 rs.fullstory.com edge.fullstory.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 region1.analytics.google.com www.googletagmanager.com
2 edge.fullstory.com www.at-bay.com
edge.fullstory.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm
1 api-iam.intercom.io js.intercomcdn.com
1 widget.intercom.io www.googletagmanager.com
1 forms-na1.hsforms.com www.at-bay.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 js.hs-analytics.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 www.google.de www.at-bay.com
1 px4.ads.linkedin.com www.at-bay.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 script.hotjar.com static.hotjar.com
1 cdn.pdst.fm www.at-bay.com
1 static.hotjar.com www.at-bay.com
1 snap.licdn.com www.at-bay.com
1 js.hsforms.net www.at-bay.com
1 js.hs-scripts.com www.at-bay.com
1 unpkg.co 1 redirects
66 32

This site contains links to these domains. Also see Links.

Domain
keeprisk.at-bay.com
stance.at-bay.com
twitter.com
www.linkedin.com
www.youtube.com
Subject Issuer Validity Valid
at-bay.com
R3		 2023-07-06 -
2023-10-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
cdn.pdst.fm
GTS CA 1D4		 2023-07-25 -
2023-10-23		 3 months crt.sh
misc.google.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-06-08 -
2024-07-07		 a year crt.sh
edge.fullstory.com
GTS CA 1D4		 2023-07-23 -
2023-10-21		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
rs.fullstory.com
GTS CA 1D4		 2023-07-18 -
2023-10-16		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh
*.intercom.com
Amazon RSA 2048 M02		 2023-02-14 -
2024-03-14		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M01		 2023-02-21 -
2024-01-29		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Frame ID: CA40193C428C80E7A21B696C9F1727DB
Requests: 62 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.b07bff66.js
Frame ID: B1034B6FC7A6477BFBE76496306D4155
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Page not found | At-Bay

Page URL History Show full URLs

  1. https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*20... HTTP 301
    https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*20... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

66
Requests

94 %
HTTPS

70 %
IPv6

25
Domains

32
Subdomains

29
IPs

3
Countries

2305 kB
Transfer

6724 kB
Size

28
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway. HTTP 301
    https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://unpkg.co/gsap@3/dist/gsap.min.js?ver=3 HTTP 302
  • https://unpkg.com/gsap@3/dist/gsap.min.js?ver=3 HTTP 302
  • https://unpkg.com/gsap@3/dist/gsap.min.js HTTP 302
  • https://unpkg.com/gsap@3.12.2/dist/gsap.min.js
Request Chain 3
  • https://unpkg.com/gsap@3/dist/ScrollTrigger.min.js?ver=3 HTTP 302
  • https://unpkg.com/gsap@3/dist/ScrollTrigger.min.js HTTP 302
  • https://unpkg.com/gsap@3.12.2/dist/ScrollTrigger.min.js
Request Chain 35
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20%28ADC%29*20and*20Gateway&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D414052%26time%3D1690584224579%26url%3Dhttps%253A%252F%252Fwww.at-bay.com%252Farticles%252Flikely-first-exploit-citrix-vulnerability%252F*%253A*%253Atext%253DOn*20November*208*2C*202022*2C*20Citrix%252CController*20%2528ADC%2529*20and*20Gateway%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20%28ADC%29*20and*20Gateway&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20%28ADC%29*20and*20Gateway&cookiesTest=true&liSync=true&e_ipv6=AQK7te5ZzLj_ywAAAYmerBYra6Ks9PeUIhfQkxqnUqETAt0IPdtW60jDTJh5q8bNSLTg_WMI-6alAGA4t8iFHWNqQq0JaA

66 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request *:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/
Redirect Chain
  • https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway.
  • https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
40 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
64a09d116cf2fe8929be3d3aebdfe252a4bb038f1ea8c6661e3e60272b3fb75d
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
cache-control
public, max-age=300
content-encoding
gzip
content-length
8266
content-type
text/html; charset=UTF-8
date
Fri, 28 Jul 2023 22:43:42 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
link
<https://www.at-bay.com/wp-json/>; rel="https://api.w.org/"
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=300
vary
Accept-Encoding, Cookie, Cookie
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-pantheon-styx-hostname
styx-fe2-a-7b694cf97c-bh9hf
x-served-by
cache-chi-kigq8000064-CHI, cache-bom4746-BOM
x-styx-req-id
33c17ae3-2d98-11ee-bc37-3e954241eead
x-timer
S1690584222.053838,VS0,VE592
x-xss-protection
1; mode=block

Redirect headers

accept-ranges
bytes
age
0
cache-control
public, max-age=300
content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 28 Jul 2023 22:43:41 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
location
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=300
vary
Cookie, Cookie
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-pantheon-styx-hostname
styx-fe2-b-96855f667-f5smm
x-redirect-by
WordPress
x-served-by
cache-chi-klot8100128-CHI, cache-bom4746-BOM
x-styx-req-id
335b09e2-2d98-11ee-a3d5-fadae358ddff
x-timer
S1690584221.384587,VS0,VE406
x-xss-protection
1; mode=block
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/ 		87 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css?ver=6.0.0
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3715003
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15248
last-modified
Mon, 07 Feb 2022 21:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"620188b3-3b90"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLbdDSo3w34harIEufNL%2BVFDUYfWUGP6u%2BTtWclDqYOxvxrYXuQavZ74vd5eH2rHC0ijh0gKCS%2Bd4KlXaSMS40h%2BXOKTCY2EydXIb0muAAIXJAgfN5bhGR6eTUwkxz99wZMAY9lu9sdXOFT5%2BPldmYWi"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7ee0a4806ae43735-FRA
expires
Wed, 17 Jul 2024 22:43:42 GMT
front.min.css
www.at-bay.com/wp-content/plugins/cookie-notice/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.2
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:21:06 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:42 GMT
age
267755
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-b-5859bc6cc-9q9pt
content-length
1234
x-served-by
cache-chi-kigq8000105-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:26 GMT
server
nginx
x-timer
S1690584223.917166,VS0,VE2
etag
W/"64c02dd6-14d6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
c90cd411-2b28-11ee-a294-cac4da3d5372
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
3, 1
gsap.min.js
unpkg.com/gsap@3.12.2/dist/
Redirect Chain
  • https://unpkg.co/gsap@3/dist/gsap.min.js?ver=3
  • https://unpkg.com/gsap@3/dist/gsap.min.js?ver=3
  • https://unpkg.com/gsap@3/dist/gsap.min.js
  • https://unpkg.com/gsap@3.12.2/dist/gsap.min.js
70 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/gsap@3.12.2/dist/gsap.min.js
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Server
2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efc85c7eb141819717cda0033484a84b1c890d13b02e355a2fec79d424b20e7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:42 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
2606397
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01H41N35HN7KKT4242B3FZ55SP-fra
server
cloudflare
etag
W/"11760-HJiFyWgWx5PhigHtsDBpYBOMEyI"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7ee0a48128ac19af-FRA

Redirect headers

date
Fri, 28 Jul 2023 22:43:42 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01H6FAQEPDA6HMW8YFH58ECGG8-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
21
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/gsap@3.12.2/dist/gsap.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
7ee0a480e86319af-FRA
ScrollTrigger.min.js
unpkg.com/gsap@3.12.2/dist/
Redirect Chain
  • https://unpkg.com/gsap@3/dist/ScrollTrigger.min.js?ver=3
  • https://unpkg.com/gsap@3/dist/ScrollTrigger.min.js
  • https://unpkg.com/gsap@3.12.2/dist/ScrollTrigger.min.js
42 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/gsap@3.12.2/dist/ScrollTrigger.min.js
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Server
2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65f6c13748b0c8d8f9eabd0373a130ac293b3f16bf34aaa946d953980372b932
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:42 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
2606355
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01H41N4DX5163B2Q999JTCTV6Z-fra
server
cloudflare
etag
W/"a6ab-C1fHO2gYdyM8Rm95yyg62cdGHM8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7ee0a480e86419af-FRA

Redirect headers

date
Fri, 28 Jul 2023 22:43:42 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01H6FAGHDYZN36HW1QHGTBYDHE-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
247
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/gsap@3.12.2/dist/ScrollTrigger.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
7ee0a480b83119af-FRA
front.min.js
www.at-bay.com/wp-content/plugins/cookie-notice/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.8
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:22:19 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267685
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-wjtm2
content-length
2383
x-served-by
cache-chi-klot8100162-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:26 GMT
server
nginx
x-timer
S1690584225.570138,VS0,VE2
etag
W/"64c02dd6-21fc"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
f45de21f-2b28-11ee-89b9-be603f6e385a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
3, 1
main.css
www.at-bay.com/wp-content/themes/At-Bay/build/css/ 		1 MB
251 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
953b673dff65d5e67b48371fc18ffa2fa472f368693c9ef838bc9eb8f3ea6689
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:52 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:43 GMT
age
267756
x-cache
HIT, MISS
x-pantheon-styx-hostname
styx-fe2-b-5859bc6cc-hsnrf
content-length
256221
x-served-by
cache-chi-kigq8000056-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584223.917140,VS0,VE322
etag
W/"64c02dd7-13ec18"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
9cd8cbc6-2b28-11ee-8306-72039de5d9b0
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 0
select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1406704
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1640
last-modified
Tue, 26 May 2020 03:00:41 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5ecc8659-3a76"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRs4Ska7Ckk9bLA6sG8ZPJeYCOi92w%2BuN8wcZP7JVhmB2XZLn0icCHl%2BeLT7AxJTgqV8WaW491ojSv8wewyo6OE0Dk1Yd2ErbwEJVbyXSB5UIOKwJ9cPNUweFDzJrOEPLtKD3%2BhLu4iD1HwqYwoNuLdk"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7ee0a4806d3a2bd6-FRA
expires
Wed, 17 Jul 2024 22:43:42 GMT
additions.css
www.at-bay.com/wp-content/themes/At-Bay/dist/ 		2 KB
788 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/additions.css
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d00e9d57eb5039460daa01cc943086066ec934dfa3a56785b00c71e5a3bc19b0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:52 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:42 GMT
age
267755
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-b-5859bc6cc-nqgld
content-length
520
x-served-by
cache-chi-kigq8000038-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584223.917304,VS0,VE1
etag
W/"64c02dd7-725"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
9cd8bd81-2b28-11ee-9685-1e161fcb470d
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
3, 1
js
www.googletagmanager.com/gtag/ 		277 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6GE1CM7X1S
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7c629736d95a3c978d25868cc48bdc7785737a504980fe11e94fd3206b9504d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91891
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 28 Jul 2023 22:43:44 GMT
7089476.js
js.hs-scripts.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/7089476.js
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:883b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33d543535024ec9be1401b0a028bbb64d907cc22fb2c7882b70fa788341c4ec2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
349bd5b4-642c-4801-b063-7335f73f3c95
x-envoy-upstream-service-time
9
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
349bd5b4-642c-4801-b063-7335f73f3c95
last-modified
Fri, 28 Jul 2023 20:17:05 GMT
server
cloudflare
x-trace
2B32F17550587FDAAADE58E25DFFE7B6D337E63664000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.at-bay.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-598c95b5b7-ntps2
cf-ray
7ee0a48b0dcf9b1b-FRA
expires
Fri, 28 Jul 2023 22:44:44 GMT
logo.svg
www.at-bay.com/wp-content/themes/At-Bay/dist/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/images/logo.svg
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
806142310f3f4b70b86e852241512e430d85c57b9ce023ea49610472e1baff73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:52 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267758
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-ltbw6
content-length
1967
x-served-by
cache-chi-kigq8000177-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.617819,VS0,VE2
etag
W/"64c02dd7-f63"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
9cf9b468-2b28-11ee-bd1f-12d24d393e12
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
3, 1
404-illustration.png
www.at-bay.com/wp-content/themes/At-Bay/dist/images/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/images/404-illustration.png
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c8702d9d015da402ba295133bcdc1a4c6cf547788b79488e5f47ce26b5400bd0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe2-b-5859bc6cc-nr582
strict-transport-security
max-age=300
date
Fri, 28 Jul 2023 22:43:44 GMT
via
1.1 varnish, 1.1 varnish
expires
Thu, 25 Jul 2024 20:20:02 GMT
age
267629
x-cache
HIT, MISS
content-length
27163
x-served-by
cache-chi-klot8100030-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.618191,VS0,VE273
etag
"64c02dd7-6a1b"
content-type
image/png
x-styx-req-id
a2ee7f4c-2b28-11ee-b78a-9a1bf04e3943
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 0
logo-light.svg
www.at-bay.com/wp-content/themes/At-Bay/dist/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/images/logo-light.svg
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cb7fdd50d7638466040ef1b18c189ecfd4cb12f2810d95eec4aec0cdfe866c97
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267758
x-cache
HIT, MISS
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-bjrnx
content-length
1539
x-served-by
cache-chi-klot8100055-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.618165,VS0,VE269
etag
W/"64c02dd7-c9f"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
9d483d26-2b28-11ee-8a1c-cec4ff3005f9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 0
hsb-logo-footer.png
www.at-bay.com/wp-content/uploads/2020/12/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/uploads/2020/12/hsb-logo-footer.png
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
aed22785cfaf2ebafff5446a7de524c8c6016ef16257efd7ea22a4ea6e597ad0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe2-b-85879b7d89-g6v6r
strict-transport-security
max-age=300
date
Fri, 28 Jul 2023 22:43:44 GMT
via
1.1 varnish, 1.1 varnish
expires
Fri, 07 Jun 2024 08:49:06 GMT
age
267757
x-cache
HIT, HIT
content-length
12304
x-served-by
cache-chi-klot8100086-CHI, cache-bom4746-BOM
last-modified
Thu, 20 Apr 2023 12:34:28 GMT
server
nginx
x-timer
S1690584225.618153,VS0,VE1
etag
"64413154-3010"
content-type
image/png
x-styx-req-id
290ed410-0510-11ee-a234-96f8f197420c
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1
munich-logo-footer.png
www.at-bay.com/wp-content/uploads/2020/12/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/uploads/2020/12/munich-logo-footer.png
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9c98f09635774ed5da7101e1b0bdb59b1389952d11c142e47786e10463017ae
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe2-a-7f4f4c4f48-dsrj6
strict-transport-security
max-age=300
date
Fri, 28 Jul 2023 22:43:44 GMT
via
1.1 varnish, 1.1 varnish
expires
Fri, 28 Jun 2024 17:51:51 GMT
age
267757
x-cache
HIT, HIT
content-length
17319
x-served-by
cache-chi-klot8100114-CHI, cache-bom4746-BOM
last-modified
Thu, 20 Apr 2023 12:34:28 GMT
server
nginx
x-timer
S1690584225.618729,VS0,VE1
etag
"64413154-43a7"
content-type
image/png
x-styx-req-id
76319a25-15dc-11ee-b34e-8223e74ef0b9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1
Trisura-Logo-Registration-KO.png
www.at-bay.com/wp-content/uploads/2022/05/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/uploads/2022/05/Trisura-Logo-Registration-KO.png
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7824899f7732d83c60ab68ca3994d95a4a478dd5623b359774fc6404b6d1584
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe2-a-9c677d577-cwcgp
strict-transport-security
max-age=300
date
Fri, 28 Jul 2023 22:43:44 GMT
via
1.1 varnish, 1.1 varnish
expires
Wed, 12 Jun 2024 21:02:56 GMT
age
267757
x-cache
HIT, HIT
content-length
36193
x-served-by
cache-chi-kigq8000082-CHI, cache-bom4746-BOM
last-modified
Thu, 20 Apr 2023 12:34:28 GMT
server
nginx
x-timer
S1690584225.618703,VS0,VE1
etag
"64413154-8d61"
content-type
image/png
x-styx-req-id
8183fd34-0964-11ee-b268-86cc424f963b
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1
twitter.svg
www.at-bay.com/wp-content/themes/At-Bay/dist/images/ 		17 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/images/twitter.svg
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
49b1924db2b8becfd62744cfdc8c2bf824a5b67b9f9cbae58cf9c27eead92ea5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267758
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-wjtm2
content-length
12750
x-served-by
cache-chi-klot8100092-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.618664,VS0,VE1
etag
W/"64c02dd7-43cf"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
9d696d38-2b28-11ee-89b9-be603f6e385a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1
linkedin.svg
www.at-bay.com/wp-content/themes/At-Bay/dist/images/ 		13 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/images/linkedin.svg
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
86de97aa9edca06e83511627c46bf72742fa996894a6c88f5b137e45425a74fc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267759
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-l6dtf
content-length
9170
x-served-by
cache-chi-kigq8000086-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.618638,VS0,VE0
etag
W/"64c02dd7-359b"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
9d76dca4-2b28-11ee-9c46-b2607c98b5b3
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 21
youtube.svg
www.at-bay.com/wp-content/themes/At-Bay/dist/images/ 		17 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/images/youtube.svg
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ec97fe94ee00d4fae670235d2f9607538873e2019b24a3494a5cbad0589c620f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267758
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-b-5859bc6cc-5kl5z
content-length
12122
x-served-by
cache-chi-kigq8000157-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.618614,VS0,VE1
etag
W/"64c02dd7-457f"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
9d7ad02b-2b28-11ee-af02-660b7e5c32ee
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1
app.js
www.at-bay.com/wp-content/themes/At-Bay/dist/ 		1 MB
414 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/dist/app.js?id=c97a66ef955454ad77de
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
63ff0e43f975d5f694322b331941adae538870a48200ab932bf184f504f07256
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:52 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:43 GMT
age
267683
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-ltbw6
content-length
423114
x-served-by
cache-chi-klot8100052-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584223.179183,VS0,VE3
etag
W/"64c02dd7-13ed9b"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
9cd8bcb3-2b28-11ee-bd1f-12d24d393e12
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1
v2.js
js.hsforms.net/forms/embed/ 		527 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/embed/v2.js?ver=10.1.16
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
285e3a9f61142dff4f5abda4ef2dfb3de389251a7e896177b4f8e6b211d112c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3479/bundles/project-v2.js&cfRay=7ee0a48b1fe8bbfd-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"2c2b740599b21d2396d7ada645018b0a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.3479/bundles/project-v2.js
date
Fri, 28 Jul 2023 22:43:44 GMT
x-amz-version-id
SgDHDcoCL7BDQREHby44tn8AMbx4aR91
via
1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
6bf0752a-7aa6-448f-a15a-a97f45619b48
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
6bf0752a-7aa6-448f-a15a-a97f45619b48
last-modified
Mon, 24 Jul 2023 09:13:37 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2FNn9bHMnEIP3qjcwD8jtAHSYx3HQcbiciGmApzgVxhOsld7SPQ1RWee%2F9wGUxQoXykLfuV99%2B16vgOKQGgw%2B6%2B%2BLG6ObZZwLGdHzRNJbcQBkIrU%2Bz267WGcp2bBmoiW91N%2BiCbmoYig8HY0"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-s8xd8
cf-ray
7ee0a48b1fe8bbfd-FRA
x-amz-cf-id
jgiAWw21ldzD3kKmMs_YVLW5EGthK1SfwEfLIOz3_ZxdmRobeEFvAA==
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jul 2023 09:07:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=68777
accept-ranges
bytes
content-length
4862
gtm.js
www.googletagmanager.com/ 		204 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KBT36BH
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
30eae8e54d2660434a2bd5597ce0bc38b1c7ff3778fa770a4036e7927da8b91d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
72304
x-xss-protection
0
last-modified
Fri, 28 Jul 2023 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 28 Jul 2023 22:43:44 GMT
hotjar-3177477.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3177477.js?sv=6
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-49.fra56.r.cloudfront.net
Software
/
Resource Hash
37d66b99afff44a4e4b819bd235ea9704b4e8ac4f37c0436335b407c96b6031a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/08403cf37c5d1d8421bb264f972e492a
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
lexxjd6P4ClDB-7JXQ2-c8gQsb3hfuOZYK7o0lPQZSXV17-1btaVYQ==
ping.min.js
cdn.pdst.fm/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pdst.fm/ping.min.js
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
80.142.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 21:45:36 GMT
content-encoding
gzip
age
3488
x-guploader-uploadid
ADPycdtyfpkbLAcIxrKUevzLDTa0_tWc5lvsSZzpugHC_vajpBGoQxAl4efwsLJkAqdj3dfu-lrc2BvNzOSrCBfSQ7-9oVIt1T6F
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5774
last-modified
Fri, 28 May 2021 20:34:03 GMT
server
UploadServer
etag
"d001d1c9f5a942fa5524eeacb047e819"
vary
Accept-Encoding
x-goog-generation
1622234043862937
x-goog-hash
crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
5774
accept-ranges
bytes
content-type
application/javascript;
expires
Fri, 28 Jul 2023 22:45:36 GMT
GT-America-Standard-Thin.ttf
www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/ 		140 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/GT-America-Standard-Thin.ttf
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba0beb7ceb057d48cb8ae160f661bee7dc337fa174630f66723c3e1cf107f688
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:52 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267757
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-bjrnx
content-length
72819
x-served-by
cache-chi-kigq8000178-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.830532,VS0,VE2
etag
W/"64c02dd7-22fc4"
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
x-styx-req-id
9d192e25-2b28-11ee-8a1c-cec4ff3005f9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/ 		102 KB
103 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css?ver=6.0.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fc9abb6eec59312cfb98add2c6ea80820e6fd42c07a10888e0b973bfc00e2eb
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css?ver=6.0.0
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3085734
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
104544
last-modified
Mon, 07 Feb 2022 21:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"620188b3-19860"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FZ4A2sUPUrXr2IzLkv5tUcE9Fq%2FhlOR9MFFfuGeIVyE0CSTqRMvO5Vi7Ke5%2BO3TnC4ieITU0EEHYXbb0bLOpcpZZKsfC2g45OSFl4Ilg3tsy%2BrT9FOoEoBZDc1ozEh7YQMLwjPN4%2FU7gDuXDsY3%2FZwk"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7ee0a48acebe2bd6-FRA
expires
Wed, 17 Jul 2024 22:43:44 GMT
GT-America-Standard-Medium.ttf
www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/ 		143 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/GT-America-Standard-Medium.ttf
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
248cb2faa8cdfbe6a05083d6c44469283c1b143a017087f743eafc95fdd3325c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:52 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267757
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-wjtm2
content-length
74389
x-served-by
cache-chi-kigq8000167-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.830504,VS0,VE2
etag
W/"64c02dd7-23c30"
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
x-styx-req-id
9d1895f9-2b28-11ee-89b9-be603f6e385a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1
GT-America-Standard-Regular.ttf
www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/ 		141 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/GT-America-Standard-Regular.ttf
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
01ba84183ae13e9795c0194b36f277221d028c1eea4c8e8f2c2a42fa2cf191d5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267757
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-l6dtf
content-length
71844
x-served-by
cache-chi-klot8100040-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.830479,VS0,VE2
etag
W/"64c02dd7-23320"
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
x-styx-req-id
9d274b2a-2b28-11ee-9c46-b2607c98b5b3
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1
GT-America-Standard-Bold.ttf
www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/ 		143 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-content/themes/At-Bay/assets/fonts/GT-America/GT-America-Standard-Bold.ttf
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
11a59a09a9a1f702ff6307cb6f49d54853c6498cb6144a734d8af8320393d67e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.at-bay.com/wp-content/themes/At-Bay/build/css/main.css
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Thu, 25 Jul 2024 20:19:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Fri, 28 Jul 2023 22:43:44 GMT
age
267757
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-88d69667f-l6dtf
content-length
74331
x-served-by
cache-chi-kigq8000024-CHI, cache-bom4746-BOM
last-modified
Tue, 25 Jul 2023 20:17:27 GMT
server
nginx
x-timer
S1690584225.830456,VS0,VE2
etag
W/"64c02dd7-23d4c"
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
x-styx-req-id
9d274b72-2b28-11ee-9c46-b2607c98b5b3
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
5, 1
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/ 		124 KB
125 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css?ver=6.0.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4012b54511901d2fa4e8caee571d634ff93d70f2076f5ddcc5494cfe136b926
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css?ver=6.0.0
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1188347
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
126828
last-modified
Mon, 07 Feb 2022 21:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"620188b3-1ef6c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOhW10%2FFKlj1jbUdqARNXPgOBO%2FJ0%2FGjjQ8tyggIWtfd4EyvmcAB0CtXnsPE5CdG7iiEjciGCC%2F%2FzMaF0aUWAdRg%2FrUSO1%2BEUXMtaRx74p6nvDpPRKP%2FTwO%2FsPYNnJKIPIaIGjqZdmfHZJxk1xTMbUx3"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7ee0a48b9d3f5c6e-FRA
expires
Wed, 17 Jul 2024 22:43:44 GMT
modules.6b15d95870354fc25d31.js
script.hotjar.com/ 		227 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.6b15d95870354fc25d31.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3177477.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-111.fra56.r.cloudfront.net
Software
/
Resource Hash
46e9e4a4dcefc780ebf5d3d24bdbc96d647beb4244df31bf35f4ba77a077de06
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 09:27:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 ab68583a58d574d6a9e5fca1fb1e6316.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
47798
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56514
last-modified
Fri, 28 Jul 2023 09:27:03 GMT
etag
"d8fc4fd06d4a76974c96d8997389f289"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
Oi251jUyMyCwmPEyRrBgaN_WJ6_Ph2cGxoARwJoBSzWp8_6ssrx8fg==
pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by
Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash

Request headers

Accept
application/json
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
server
Google Frontend
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by
Express
access-control-allow-methods
GET, POST
content-type
text/html
access-control-allow-origin
*
x-cloud-trace-context
82debe3eadd1a91cb7f0fdf42b18b96c
function-execution-id
oqrshjhfwnx8
access-control-allow-headers
Content-Type, Accept
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.at-bay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, Accept
access-control-allow-methods
GET, POST
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
gzip
content-length
22
content-type
text/html; charset=utf-8
date
Fri, 28 Jul 2023 22:43:44 GMT
etag
W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id
uivzhqsuanuk
server
Google Frontend
x-cloud-trace-context
e662f18bc7e3dcfce625f2754157074b
x-powered-by
Express
token
cdn.linkedin.oribi.io/partner/414052/domain/at-bay.com/ 		36 B
375 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/414052/domain/at-bay.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:de00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:22:52 GMT
content-encoding
gzip
via
1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
1252
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
mn_01d0zPjRFCDXWeivD4HefGq-fka-cZANBUzAjzl-dxlw2ZxTlHg==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*2...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D414052%26time%3D1690584224579%26url%3Dhttps%253A%252F%252Fwww.at-bay.com%252Farti...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*2...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20%28ADC%29*20and*20Gateway&cookiesTest=true&liSync=true&e_ipv6=AQK7te5ZzLj_ywAAAYmerBYra6Ks9PeUIhfQkxqnUqETAt0IPdtW60jDTJh5q8bNSLTg_WMI-6alAGA4t8iFHWNqQq0JaA
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 286B12B557B140C6B390E76FE007DC32 Ref B: FRAEDGE1819 Ref C: 2023-07-28T22:43:45Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYBk9A6iAz4rezKaOKxDA==

Redirect headers

date
Fri, 28 Jul 2023 22:43:45 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 10C7BFC3287645A68E45EFA82569A3DB Ref B: FRAEDGE1214 Ref C: 2023-07-28T22:43:45Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=414052&time=1690584224579&url=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20%28ADC%29*20and*20Gateway&cookiesTest=true&liSync=true&e_ipv6=AQK7te5ZzLj_ywAAAYmerBYra6Ks9PeUIhfQkxqnUqETAt0IPdtW60jDTJh5q8bNSLTg_WMI-6alAGA4t8iFHWNqQq0JaA
x-li-proto
http/2
content-length
0
x-li-uuid
AAYBk9A2gQpSa0xuMaa9DQ==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBT36BH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Jul 2023 21:44:24 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
3560
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 28 Jul 2023 23:44:24 GMT
fs.js
edge.fullstory.com/s/ 		247 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
005b5900b7c883605a51064c4d229f497c8ba63718c411f74a071316b33d2e1f

Request headers

Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 21:48:12 GMT
content-encoding
br
age
3332
x-guploader-uploadid
ADPycdu22N9ReI4Tw1juFT-HexDHRHV58oR3jG9bWREBu7y_SacEoxkuN2d6W1mSbIn_e59pyUxw5-9u8twzUioFb64Q6A
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68503
last-modified
Thu, 27 Jul 2023 16:51:00 GMT
server
UploadServer
etag
"c431892ce89bbd56f16f65946a7f758f"
vary
Accept-Encoding
x-goog-generation
1690476659914961
x-goog-hash
crc32c=2Iq53w==, md5=xDGJLOibvVbxb2WUan91jw==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
68503
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 28 Jul 2023 22:48:12 GMT
js
www.googletagmanager.com/gtag/ 		277 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6GE1CM7X1S&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBT36BH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8243ae029c0c488f5ecdbfe946f950f20513f31d4e35f5caedebd724372790c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92004
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 28 Jul 2023 22:43:44 GMT
collect
region1.analytics.google.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-6GE1CM7X1S&gtm=45je37q0&_p=1613208159&_gaz=1&cid=373839616.1690584225&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=Ag&_s=1&sid=1690584224&sct=1&seg=0&dl=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway&dt=Page%20not%20found%20%7C%20At-Bay&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6GE1CM7X1S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Jul 2023 22:43:44 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.at-bay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6GE1CM7X1S&cid=373839616.1690584225&gtm=45je37q0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6GE1CM7X1S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Jul 2023 22:43:44 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.at-bay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6GE1CM7X1S&cid=373839616.1690584225&gtm=45je37q0&aip=1&z=1397816138
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Jul 2023 22:43:44 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7089476.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:69c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f54b61a120e0240c98428d76beab031099f4f0379cbc623de071277255088fdc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Origin
https://www.at-bay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
x-amz-version-id
3rNMTio6eswfsQ6sgXOFNNmyULDAVi34
via
1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
fbd7165f-c87a-487d-a7d9-b33a02f258fd
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.380/bundles/project.js&cfRay=7ee0a48c8fe40497-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
1
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fbd7165f-c87a-487d-a7d9-b33a02f258fd
last-modified
Mon, 10 Jul 2023 09:43:19 UTC
server
cloudflare
etag
W/"85b7f9af32b27bd6cc93e80bfb2911df"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-h6thn
cf-ray
7ee0a48c8fe40497-FRA
x-amz-cf-id
ShzKVv9S1ykah7yOnPAD2WGD4k1leckOozQVI-L_kKUHi_8I0abREQ==
x-hs-target-asset
collected-forms-embed-js/static-1.380/bundles/project.js
banner.js
js.hs-banner.com/v2/7089476/ 		209 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/7089476/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7089476.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aef8a92ba8fa004bbc5461d3bf01e6dabb2692e45e36a1b2eb1a7afb5f900763

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
x-amz-version-id
XgYr7P_ERyW6FpEQGM1MoN7n8W.uZgIV
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
VQZPAAXJ9WA8YARQ
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
cfc5e1cf-8e23-47e5-85af-f95eebe118d0
x-envoy-upstream-service-time
108
x-amz-id-2
P3p8Zd6k55YhmUod9WE6AYaX7VSYIq7kf3blo0rJ127KD7mdXdeInkj70KIQ79Gd2BpD78wCYKo=
x-evy-trace-listener
listener_https
x-request-id
cfc5e1cf-8e23-47e5-85af-f95eebe118d0
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 22 Jun 2023 16:54:46 GMT
server
cloudflare
etag
W/"3d3df54498292a7b187d8abecd14599d"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.at-bay.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
7ee0a48c88504d9d-FRA
expires
Fri, 28 Jul 2023 22:48:45 GMT
7089476.js
js.hs-analytics.net/analytics/1690584000000/ 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1690584000000/7089476.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7089476.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c9c597c0dafdb44a48a8cbe86800f54c1d14f902fded870ceaa8194e907b6e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
NZGXC2Q8QGEADT2B
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
3a999a55-7661-41ee-814b-94ce92ae5a59
x-envoy-upstream-service-time
24
x-amz-id-2
islwshPb6ez99SHjq78EPjyHRZ10kMfKBeJOvKugrvAbXMXNDYey0oZTptumOUgLmJy0lDuIPzM=
x-evy-trace-listener
listener_https
x-request-id
3a999a55-7661-41ee-814b-94ce92ae5a59
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 20 Jul 2023 16:09:01 GMT
server
cloudflare
etag
W/"509bbba65384eaa7b056fa2f55367b41"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-9vnjb
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
7ee0a48ccbae18af-FRA
expires
Fri, 28 Jul 2023 22:48:44 GMT
collect
www.google-analytics.com/j/ 		4 B
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1613208159&t=pageview&_s=1&dl=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway&ul=en-us&de=UTF-8&dt=Page%20not%20found%20%7C%20At-Bay&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=128088619&gjid=1839081210&cid=373839616.1690584225&tid=UA-93045160-2&_gid=499738824.1690584225&_r=1&_slc=1&gtm=45He37q0n81KBT36BH&z=286677704
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 28 Jul 2023 22:43:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.at-bay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-93045160-2&cid=373839616.1690584225&jid=128088619&gjid=1839081210&_gid=499738824.1690584225&_u=YADAAEAAAAAAACAAI~&z=1192989274
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 28 Jul 2023 22:43:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.at-bay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
web
edge.fullstory.com/s/settings/Z4JDV/v1/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/Z4JDV/v1/web
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
77d60f668f9bdbe839b0aac10bbb160a24828570a133a65fa828a0014ded2d4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:44 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ADPycdsWbEzbWGmOtfdaNmhz-lUIFEVpkFezvDJZAh_gQRVjC-DUhnTGJ_upi2lIQWKLqs3AG1MWyU06YhRQ1Np1FR_Db5BJ0cYn
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1435
last-modified
Fri, 28 Jul 2023 22:36:27 GMT
server
UploadServer
etag
"9526d63030878fc7b32201f28573160a"
x-goog-generation
1690477587476665
x-goog-hash
crc32c=gbf8Kw==, md5=lSbWMDCHj8ezIgHyhXMWCg==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
1435
accept-ranges
bytes
content-type
application/json
expires
Fri, 28 Jul 2023 22:58:44 GMT
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		115 B
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=7089476&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:69c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef96cd7363670d869bce0e3f475a4f473016edf908dd8a9ba69ada8be35ef130
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
454b907d-2cfb-4760-bf76-a6c72f14c0c4
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
454b907d-2cfb-4760-bf76-a6c72f14c0c4
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.at-bay.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-ksc82
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
7ee0a48dc8fd0497-FRA
json
forms.hsforms.com/embed/v3/form/7089476/5c2da5e7-9f3a-4e01-a0fe-50f862a6144e/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/7089476/5c2da5e7-9f3a-4e01-a0fe-50f862a6144e/json?hs_static_app=forms-embed&hs_static_app_version=1.3479&X-HubSpot-Static-App-Info=forms-embed-1.3479
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js?ver=10.1.16
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72d69118a883237ffde5bbecc9392611da8dbb913e8e0568729622e3ef48d087
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Origin-Hublet
na1
Date
Fri, 28 Jul 2023 22:43:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
203a1b06-0149-4f90-9403-06f5595dbe8e
Transfer-Encoding
chunked
x-envoy-upstream-service-time
17
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
203a1b06-0149-4f90-9403-06f5595dbe8e
Server
cloudflare
X-Trace
2B88BCD01E460B8C46AE70B05B131DA9C02B29B5C0000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.at-bay.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
7ee0a48e3a402c5d-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-zlsgj
admin-ajax.php
www.at-bay.com/wp-admin/ 		100 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.at-bay.com/wp-admin/admin-ajax.php?action=get_algolia_credentials
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/wp-content/themes/At-Bay/dist/app.js?id=c97a66ef955454ad77de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c048fc2c3bfd0d7997b0ac073a91a0aad3835c1bbaf7b6c9fa31dd1586fb8398
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires
Wed, 11 Jan 1984 05:00:00 GMT
strict-transport-security
max-age=300
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Jul 2023 22:43:45 GMT
via
1.1 varnish, 1.1 varnish
age
0
x-cache
MISS, MISS
x-pantheon-styx-hostname
styx-fe2-a-7b694cf97c-2rcnm
content-length
116
x-served-by
cache-chi-klot8100104-CHI, cache-bom4746-BOM
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-timer
S1690584225.127906,VS0,VE439
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, Cookie, Cookie
content-type
text/html; charset=UTF-8
x-styx-req-id
35961b05-2d98-11ee-aeaf-02174dc5f138
cache-control
no-cache, must-revalidate, max-age=0
accept-ranges
bytes
x-robots-tag
noindex
x-cache-hits
0, 0
page
rs.fullstory.com/rec/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
3e87aaa4063a5f1559ac8cd553e9cdc2204b786b7315a8a800056b4be5202f70

Request headers

Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
content-encoding
gzip
via
1.1 google
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.at-bay.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1549
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
625 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
7d2e1d40-1d56-48e4-b2b0-15f836857d35
x-envoy-upstream-service-time
5
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
7d2e1d40-1d56-48e4-b2b0-15f836857d35
server
cloudflare
x-trace
2B572C5ADE1BBC090A3BF8996F2AEAD39FE2E109A7000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-jn5ls
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
7ee0a48f6d2237e6-FRA
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
588 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
71c7ca95-2bb0-4d0b-8c67-df1f09b32ac2
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
71c7ca95-2bb0-4d0b-8c67-df1f09b32ac2
server
cloudflare
x-trace
2B0D764D9314D435710B75AF6C22C6E71854342E99000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-2ls4d
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
7ee0a48f6d2437e6-FRA
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.at-bay.com
URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Fri, 28 Jul 2023 22:43:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
d00b046f-f49e-4a44-bbb6-a5e89d970511
x-envoy-upstream-service-time
8
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d00b046f-f49e-4a44-bbb6-a5e89d970511
Server
cloudflare
X-Trace
2BCF2DF9E6112A4F95746BD3D386187EBA1F6022B4000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-9t4kl
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
7ee0a48fae4f1c32-FRA
__ptq.gif
track.hubspot.com/ 		45 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=7089476&ct=standard-page&pu=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway&t=Page+not+found+%7C+At-Bay&cts=1690584225696&vi=01a308d84ee84d0d7641466b77141f0d&nc=true&u=37034879.01a308d84ee84d0d7641466b77141f0d.1690584225694.1690584225694.1690584225694.1&b=37034879.1.1690584225694&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
2848e60a-73a7-420c-82dd-7ed9f011c725
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2848e60a-73a7-420c-82dd-7ed9f011c725
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVkptQLm3n9KCFHCvK5apsI0ybUs8yLEAIwx4zcXjABEvWMzqRkuBcs%2FQ6dYOMtcvNy6xIlWRqAtgOtL%2Frp8S4%2BkGt85oMkz3gRaDf%2Fqt8svr%2BooNG%2F5zewgV6eN32vanpISxtlCpydKv1aSGgFU"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-j9299
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7ee0a4930e480378-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
638 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=5c2da5e7-9f3a-4e01-a0fe-50f862a6144e&fci=ae5a8c0e-38cd-4193-b5f9-6e79fc20a859&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=7089476&ct=standard-page&pu=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway&t=Page+not+found+%7C+At-Bay&cts=1690584225698&vi=01a308d84ee84d0d7641466b77141f0d&nc=true&u=37034879.01a308d84ee84d0d7641466b77141f0d.1690584225694.1690584225694.1690584225694.1&b=37034879.1.1690584225694&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e0b2dcfb-692f-4957-9b1d-7e8e9ef8f3b5
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
10
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e0b2dcfb-692f-4957-9b1d-7e8e9ef8f3b5
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fYMaBedQuh7BQQBetmWB3Vo3UqIQMMR8a7YnLMCC0T8rD%2FnUk09yGM2G9lzbk90jy6ruYtQ2KkG9SApZYFOuZaWWybkxK6QeYOEUjS3pVkRDHhhwkb%2FMkGIC4SL1wA4CqhbNKtWA9OzxkTM3rrMy"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7ee0a4930e490378-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=5c2da5e7-9f3a-4e01-a0fe-50f862a6144e&fci=ae5a8c0e-38cd-4193-b5f9-6e79fc20a859&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=7089476&ct=standard-page&pu=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway&t=Page+not+found+%7C+At-Bay&cts=1690584225699&vi=01a308d84ee84d0d7641466b77141f0d&nc=true&u=37034879.01a308d84ee84d0d7641466b77141f0d.1690584225694.1690584225694.1690584225694.1&b=37034879.1.1690584225694&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 22:43:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
6633f8f7-ce14-444c-bed0-f44644b38af9
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6633f8f7-ce14-444c-bed0-f44644b38af9
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIP9wyq%2BkLL7U3rNf%2FceIi3HcmVy7UoQPbtnkq8%2F5G3nBNB%2BdPDBioRVUo6BFJRSmJR32qMTDd52eZ%2Fd5LdEP0WRfGHlayam4zAIMrkisfKN7PRZCTo1c4ObAc7PxpoKT4pRoz1kSC1Gt0eAHLbT"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-8bmqp
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7ee0a4930e4b0378-FRA
x-robots-tag
none
b26g4mkr
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/b26g4mkr
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBT36BH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-35.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
88de50a95d89b2d5a3071d51c6600e6a3090bc28c14c9f825530766589c36031

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id
3flL2gGyGgHi49OYAfFBC0tskZh3F_KO
content-encoding
gzip
via
1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
date
Fri, 28 Jul 2023 22:37:58 GMT
x-amz-cf-pop
FRA2-C1
age
356
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
2678
last-modified
Fri, 28 Jul 2023 10:58:39 GMT
server
AmazonS3
etag
"de98415faa568aada1add5eac8331110"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=900, s-maxage=900, public
accept-ranges
bytes
x-amz-cf-id
Vzy3g2JYKoURhjRU8O9hS1Fb8iXfDTQI4-vBe3-WCNAdqtFqZCAAaQ==
frame-modern.b07bff66.js
js.intercomcdn.com/ Frame B103 		488 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.b07bff66.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/b26g4mkr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-43.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
441fc005a8ccc2b1441c03f2afe6a270e0029f5bfcb76bcbf1abf02ee71cd623
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id
HflQBUaUZ14UJHOgzPo4DzoUmyhbqBaL
content-encoding
gzip
via
1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
date
Fri, 28 Jul 2023 20:58:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
6302
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
138706
last-modified
Fri, 28 Jul 2023 10:56:43 GMT
server
AmazonS3
etag
"8c04ab2c7dabe7cd8d56e8f194b9d01e"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
EySX4KqvfJEQk0h8veGWEaPz5QdsnofN0Ti3375lEQkvs5ykW07vvw==
vendor-modern.1aa7d2b2.js
js.intercomcdn.com/ Frame B103 		249 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.1aa7d2b2.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/b26g4mkr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-43.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0008529923f7a0efd07abd84185238b9d8b846b23b5896fa2ce4f7e27a92cc6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id
TtI9lx0u81JCvaPjfT2yJagj1xjXxgLz
content-encoding
gzip
via
1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
date
Fri, 28 Jul 2023 22:41:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
134
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
78242
last-modified
Wed, 26 Jul 2023 15:46:52 GMT
server
AmazonS3
etag
"075f5d390d7a374a029d01a72af67be2"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
pIeshyQqiQS1SRSco1so1vPMFJIgrJ_Xo-HvWFhWk9eDsPVJMRGbYA==
ping
api-iam.intercom.io/messenger/web/ Frame B103 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.b07bff66.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.204.129.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-129-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7cb6215d0ca38b0791b92ec367359b4893c5d1cc43f10cd127d2fb3a2584ad26
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 28 Jul 2023 22:43:46 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-067c35631be04aa85
status
200 OK
x-xss-protection
1; mode=block
x-request-id
000ahc2gpq3813ut5opg
x-runtime
0.297300
server
nginx
etag
W/"7cb6215d0ca38b0791b92ec367359b48"
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.at-bay.com
x-intercom-version
116c8449d3b82edb64c293160ac9fa3e81921158
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
v2
rs.fullstory.com/rec/bundle/ 		29 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=Z4JDV&UserId=35b19ef3-e94a-445b-8698-84fcdea1d1e7&SessionId=7562d90d-64b8-40d7-baf8-f6d90edf456c&PageId=42aa8ec6-8c2f-412b-b305-dc1a66684c50&Seq=1&PageStart=1690584225179&PrevBundleTime=0&LastActivity=876&IsNewSession=true
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
a3e4a4616aaa1d8a30c50f08444e281311576467c5f5b436be09c7081ae58648

Request headers

Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.at-bay.com
date
Fri, 28 Jul 2023 22:43:46 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-6GE1CM7X1S&gtm=45je37q0&_p=1613208159&cid=373839616.1690584225&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=2&sid=1690584224&sct=1&seg=0&dl=https%3A%2F%2Fwww.at-bay.com%2Farticles%2Flikely-first-exploit-citrix-vulnerability%2F*%3A*%3Atext%3DOn*20November*208*2C*202022*2C*20Citrix%2CController*20(ADC)*20and*20Gateway&dt=Page%20not%20found%20%7C%20At-Bay&en=broker_in_platform&_et=3
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6GE1CM7X1S
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Jul 2023 22:43:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.at-bay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v2
rs.fullstory.com/rec/bundle/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
rs.fullstory.com
URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=Z4JDV&UserId=35b19ef3-e94a-445b-8698-84fcdea1d1e7&SessionId=7562d90d-64b8-40d7-baf8-f6d90edf456c&PageId=42aa8ec6-8c2f-412b-b305-dc1a66684c50&Seq=2&PageStart=1690584225179&PrevBundleTime=1690584226310&LastActivity=4858&IsNewSession=true

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| gsapVersions object| Linear object| Power0 object| Quad object| Power1 object| Cubic object| Power2 object| Quart object| Power3 object| Quint object| Power4 object| Strong object| Elastic object| Bounce object| Expo object| Circ object| Sine object| Back object| SteppedEase function| TweenLite function| TweenMax function| TimelineMax function| TimelineLite function| AttrPlugin function| EndArrayPlugin function| RoundPropsPlugin function| ModifiersPlugin function| SnapPlugin object| gsap object| CSSPlugin function| Observer function| ScrollTrigger object| cnArgs object| _hsq function| gtag object| dataLayer string| _linkedin_partner_id object| _linkedin_data_partner_ids function| hj object| _hjSettings object| hsFormsOnReady boolean| is_ie11 string| ajax_url string| greenhouse_board function| pdst object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| Foundation function| t object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| lintrk boolean| _already_called_lintrk object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| onYouTubeIframeAPIReady object| gaGlobal object| _hsp object| gaplugins object| gaData string| _fs_loaded function| _fs_shutdown object| __hsCollectedFormsDebug object| hubspot object| HubSpotForms object| hbspt object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _hspb_loaded boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| intercomSettings function| Intercom function| __intercomAssignLocation function| __intercomReloadLocation

28 Cookies

Domain/Path Name / Value
www.at-bay.com/ Name: __pdst
Value: 32c8c79753cc4a4bac04b56ff76dc5e3
.at-bay.com/ Name: _ga_6GE1CM7X1S
Value: GS1.1.1690584224.1.0.1690584224.60.0.0
www.at-bay.com/ Name: ln_or
Value: eyI0MTQwNTIiOiJkIn0%3D
.at-bay.com/ Name: _ga
Value: GA1.2.373839616.1690584225
.at-bay.com/ Name: _gid
Value: GA1.2.499738824.1690584225
.at-bay.com/ Name: _gat_UA-93045160-2
Value: 1
.at-bay.com/ Name: _hjSessionUser_3177477
Value: eyJpZCI6IjJmYTUwNTU1LTdlMWYtNTgyOC04NzcwLWFiOTdhMmVmODdjMSIsImNyZWF0ZWQiOjE2OTA1ODQyMjQ3MzUsImV4aXN0aW5nIjpmYWxzZX0=
.at-bay.com/ Name: _hjFirstSeen
Value: 1
.at-bay.com/ Name: _hjIncludedInSessionSample_3177477
Value: 0
.at-bay.com/ Name: _hjSession_3177477
Value: eyJpZCI6IjhjMTQzMWU0LWE2MzUtNDFiYS05ZWRlLTA4ZmU1ZDY1YjQ1NCIsImNyZWF0ZWQiOjE2OTA1ODQyMjQ3NDIsImluU2FtcGxlIjpmYWxzZX0=
.at-bay.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.linkedin.com/ Name: li_sugr
Value: 8ac3f45a-bfb3-4960-be03-79c982b70a07
.linkedin.com/ Name: bcookie
Value: "v=2&f1a4ccb0-117c-4b77-8559-0ef9604be57a"
.linkedin.com/ Name: lidc
Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2695:u=1:x=1:i=1690584224:t=1690670624:v=2:sig=AQHleosJEdKf2XGVgZhTNb4OSONj643D"
.linkedin.com/ Name: UserMatchHistory
Value: AQJw53glwsx2WwAAAYmerBSj0zul52O6QfCrZgJYU5feAqhljBVQriStygE4dmlHuciayil6--uKsQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKjz7gGNVz0uQAAAYmerBSjgltqJlbXs8v_tNjDb7zVVxaiiC0HF7yuwxBtHxhQAYa1z936I1SgMUkTvQa1Jg
.at-bay.com/ Name: fs_lua
Value: 1.1690584225178
.at-bay.com/ Name: fs_uid
Value: #Z4JDV#35b19ef3-e94a-445b-8698-84fcdea1d1e7:7562d90d-64b8-40d7-baf8-f6d90edf456c:1690584225178::1#/1722120224
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230728224345f6362adb-7580-4685-8a4d-91cf5b42fd09AQHQER6Wdylf0PZklejZJap8EfEzCF0x"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTA1ODQyMjU7MjswMjEzZDoj9mEqRyV+cgMq3g35Ff1Xv/8vRPV/N4p65IjH/g==
.at-bay.com/ Name: __hstc
Value: 37034879.01a308d84ee84d0d7641466b77141f0d.1690584225694.1690584225694.1690584225694.1
.at-bay.com/ Name: hubspotutk
Value: 01a308d84ee84d0d7641466b77141f0d
.at-bay.com/ Name: __hssrc
Value: 1
.at-bay.com/ Name: __hssc
Value: 37034879.1.1690584225694
.hubspot.com/ Name: __cf_bm
Value: sZhswOUBXv.hqSqelpjBKmJWy1A637h_k2zMA9CUHAE-1690584225-0-AUZp6fjbpM7jo0a1XC1Wbya/RQJ5yl+8M4lzDfGd/eW58/1OZOByJ/Zo8kWhlmnlBiexPkl3uJoe7NOI+S4pVqM=
.at-bay.com/ Name: intercom-id-b26g4mkr
Value: 35b465a2-37e0-47d4-a4a4-e07a066391ab
.at-bay.com/ Name: intercom-session-b26g4mkr
Value:
.at-bay.com/ Name: intercom-device-id-b26g4mkr
Value: 7a6d99e0-bc78-4e44-a862-f490e8a3b121

1 Console Messages

Source Level URL
Text
network error URL: https://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/*:*:text=On*20November*208*2C*202022*2C*20Citrix,Controller*20(ADC)*20and*20Gateway
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
cdn.linkedin.oribi.io
cdn.pdst.fm
cdnjs.cloudflare.com
edge.fullstory.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.hsforms.net
js.intercomcdn.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
rs.fullstory.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
track.hubspot.com
unpkg.co
unpkg.com
us-central1-adaptive-growth.cloudfunctions.net
widget.intercom.io
www.at-bay.com
www.google-analytics.com
www.google.de
www.googletagmanager.com
www.linkedin.com
rs.fullstory.com
108.138.7.111
13.107.42.14
13.224.189.35
18.66.147.43
18.66.97.49
2001:4860:4802:32::36
2001:4860:4802:34::178
2001:4860:4802:36::36
2600:9000:20eb:de00:2:53b2:240:93a1
2606:4700:3036::ac43:8a65
2606:4700::6810:7caf
2606:4700::6810:88ce
2606:4700::6810:b841
2606:4700::6811:190e
2606:4700::6811:69c7
2606:4700::6811:d4f3
2606:4700::6811:d6f3
2606:4700::6812:19c4
2606:4700::6812:883b
2606:4700::6813:9a53
2620:12a:8000::2
2620:1ec:21::14
2a00:1450:4001:806::2008
2a00:1450:4001:830::2003
2a00:1450:400c:c0c::9d
2a02:26f0:3100::1735:28a8
34.204.129.135
35.186.194.58
35.201.112.186
35.244.142.80
0008529923f7a0efd07abd84185238b9d8b846b23b5896fa2ce4f7e27a92cc6d
005b5900b7c883605a51064c4d229f497c8ba63718c411f74a071316b33d2e1f
01ba84183ae13e9795c0194b36f277221d028c1eea4c8e8f2c2a42fa2cf191d5
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
11a59a09a9a1f702ff6307cb6f49d54853c6498cb6144a734d8af8320393d67e
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
248cb2faa8cdfbe6a05083d6c44469283c1b143a017087f743eafc95fdd3325c
285e3a9f61142dff4f5abda4ef2dfb3de389251a7e896177b4f8e6b211d112c1
30eae8e54d2660434a2bd5597ce0bc38b1c7ff3778fa770a4036e7927da8b91d
33d543535024ec9be1401b0a028bbb64d907cc22fb2c7882b70fa788341c4ec2
37d66b99afff44a4e4b819bd235ea9704b4e8ac4f37c0436335b407c96b6031a
3e87aaa4063a5f1559ac8cd553e9cdc2204b786b7315a8a800056b4be5202f70
441fc005a8ccc2b1441c03f2afe6a270e0029f5bfcb76bcbf1abf02ee71cd623
46e9e4a4dcefc780ebf5d3d24bdbc96d647beb4244df31bf35f4ba77a077de06
49b1924db2b8becfd62744cfdc8c2bf824a5b67b9f9cbae58cf9c27eead92ea5
63ff0e43f975d5f694322b331941adae538870a48200ab932bf184f504f07256
64a09d116cf2fe8929be3d3aebdfe252a4bb038f1ea8c6661e3e60272b3fb75d
65f6c13748b0c8d8f9eabd0373a130ac293b3f16bf34aaa946d953980372b932
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c9c597c0dafdb44a48a8cbe86800f54c1d14f902fded870ceaa8194e907b6e3
72d69118a883237ffde5bbecc9392611da8dbb913e8e0568729622e3ef48d087
77d60f668f9bdbe839b0aac10bbb160a24828570a133a65fa828a0014ded2d4d
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7c629736d95a3c978d25868cc48bdc7785737a504980fe11e94fd3206b9504d4
7cb6215d0ca38b0791b92ec367359b4893c5d1cc43f10cd127d2fb3a2584ad26
806142310f3f4b70b86e852241512e430d85c57b9ce023ea49610472e1baff73
8243ae029c0c488f5ecdbfe946f950f20513f31d4e35f5caedebd724372790c5
86de97aa9edca06e83511627c46bf72742fa996894a6c88f5b137e45425a74fc
88de50a95d89b2d5a3071d51c6600e6a3090bc28c14c9f825530766589c36031
8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e
953b673dff65d5e67b48371fc18ffa2fa472f368693c9ef838bc9eb8f3ea6689
9fc9abb6eec59312cfb98add2c6ea80820e6fd42c07a10888e0b973bfc00e2eb
a3e4a4616aaa1d8a30c50f08444e281311576467c5f5b436be09c7081ae58648
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aed22785cfaf2ebafff5446a7de524c8c6016ef16257efd7ea22a4ea6e597ad0
aef8a92ba8fa004bbc5461d3bf01e6dabb2692e45e36a1b2eb1a7afb5f900763
b9c98f09635774ed5da7101e1b0bdb59b1389952d11c142e47786e10463017ae
ba0beb7ceb057d48cb8ae160f661bee7dc337fa174630f66723c3e1cf107f688
c048fc2c3bfd0d7997b0ac073a91a0aad3835c1bbaf7b6c9fa31dd1586fb8398
c8702d9d015da402ba295133bcdc1a4c6cf547788b79488e5f47ce26b5400bd0
cb7fdd50d7638466040ef1b18c189ecfd4cb12f2810d95eec4aec0cdfe866c97
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
d00e9d57eb5039460daa01cc943086066ec934dfa3a56785b00c71e5a3bc19b0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec97fe94ee00d4fae670235d2f9607538873e2019b24a3494a5cbad0589c620f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef96cd7363670d869bce0e3f475a4f473016edf908dd8a9ba69ada8be35ef130
efc85c7eb141819717cda0033484a84b1c890d13b02e355a2fec79d424b20e7a
f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789
f4012b54511901d2fa4e8caee571d634ff93d70f2076f5ddcc5494cfe136b926
f54b61a120e0240c98428d76beab031099f4f0379cbc623de071277255088fdc
f7824899f7732d83c60ab68ca3994d95a4a478dd5623b359774fc6404b6d1584
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25