www.rapid7.com Open in urlscan Pro
13.32.27.31 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY=
Effective URL:
https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vu...
Submission: On January 19 via api (January 19th 2023, 7:35:51 pm UTC) from US — Scanned from DE

Summary HTTP 66 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 17 IPs in 5 countries across 10 domains to perform 66 HTTP transactions. The main IP is 13.32.27.31, located in United States and belongs to AMAZON-02, US. The main domain is www.rapid7.com. The Cisco Umbrella rank of the primary domain is 122777.
TLS certificate: Issued by Amazon on March 31st 2022. Valid for: a year.

This is the only time www.rapid7.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.17.70.206 104.17.70.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	13.32.27.31 13.32.27.31	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:aa24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:400d:802::200a	15169 (GOOGLE) (GOOGLE)
2	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.16.92.80 104.16.92.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:dc:... 2a02:26f0:dc:38e::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	13.32.121.30 13.32.121.30	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:400d:807::200e	15169 (GOOGLE) (GOOGLE)
8	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1b55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	54.157.78.203 54.157.78.203	14618 (AMAZON-AES) (AMAZON-AES)
66	17

1 104.17.70.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.rapid7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 13.32.27.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-31.fra56.r.cloudfront.net

www.rapid7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:aa24 (United States)

ASN13335 (CLOUDFLARENET, US)

opt.rapid7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:802::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

information.rapid7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.92.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-sj20.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:dc:38e::13b8 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-30.fra60.r.cloudfront.net

blog.rapid7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:807::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1b55 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.157.78.203 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-78-203.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	rapid7.com info.rapid7.com — Cisco Umbrella Rank: 278703 www.rapid7.com — Cisco Umbrella Rank: 122777 opt.rapid7.com — Cisco Umbrella Rank: 696919 information.rapid7.com — Cisco Umbrella Rank: 265745 blog.rapid7.com — Cisco Umbrella Rank: 560209	628 KB
8	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 381	121 KB
6	marketo.com app-sj20.marketo.com — Cisco Umbrella Rank: 246793	144 KB
5	gstatic.com fonts.gstatic.com	90 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 22 region1.google-analytics.com — Cisco Umbrella Rank: 2439	21 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	3 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	177 KB
2	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 737 logx.optimizely.com — Cisco Umbrella Rank: 1274	81 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	35 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 619	313 B
66	10

	Domain	Requested by
28	www.rapid7.com	info.rapid7.com www.rapid7.com
8	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
6	app-sj20.marketo.com	www.rapid7.com information.rapid7.com app-sj20.marketo.com
5	fonts.gstatic.com	fonts.googleapis.com
3	www.google-analytics.com	www.googletagmanager.com
3	fonts.googleapis.com	www.rapid7.com client
2	www.googletagmanager.com	www.rapid7.com www.googletagmanager.com
2	cdnjs.cloudflare.com	www.rapid7.com
2	information.rapid7.com	www.rapid7.com
1	logx.optimizely.com	cdn.optimizely.com
1	region1.google-analytics.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	blog.rapid7.com	www.rapid7.com
1	cdn.optimizely.com	opt.rapid7.com
1	opt.rapid7.com	www.rapid7.com
1	info.rapid7.com
66	16

This site contains links to these domains. Also see Links.

Domain
docs.rapid7.com
extensions.rapid7.com
careers.rapid7.com
insight.rapid7.com
www.linkedin.com
twitter.com
www.facebook.com
nvd.nist.gov
www.manageengine.com
www.horizon3.ai
investors.rapid7.com
blog.rapid7.com
support.rapid7.com
www.instagram.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
info.rapid7.com Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
rapid7.com Amazon	`2022-03-31` - `2023-04-29`	a year	crt.sh
opt.rapid7.com Cloudflare Inc ECC CA-3	`2022-10-26` - `2023-10-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
information.rapid7.com Cloudflare Inc ECC CA-3	`2022-05-21` - `2023-05-21`	a year	crt.sh
app-sj20.marketo.com Cloudflare Inc ECC CA-3	`2022-05-02` - `2023-05-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-30` - `2023-10-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
blog.rapid7.com Amazon	`2022-05-06` - `2023-06-04`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
logx.optimizely.com Amazon	`2022-07-24` - `2023-08-22`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
Frame ID: 7648240FB04A8C1ED19EB9FE46ECC553
Requests: 65 HTTP requests in this frame

Frame: https://app-sj20.marketo.com/index.php/form/XDFrame
Frame ID: 3C850D80F5F3E4C693F5CBA34333EAD4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 BlogBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55... Page URL
https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-crit... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/(?:([\d.])+/)?highlight(?:\.min)?\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

66
Requests

100 %
HTTPS

63 %
IPv6

10
Domains

16
Subdomains

17
IPs

5
Countries

1301 kB
Transfer

3826 kB
Size

9
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.rapid7.com/
Title: Product DocumentationEXPLORE PRODUCT GUIDES

Search URL Search Domain Scan URL

URL: https://docs.rapid7.com/release-notes/
Title: Release NotesDISCOVER THE LATEST PRODUCT UPDATES

Search URL Search Domain Scan URL

URL: https://extensions.rapid7.com/
Title: Extensions LibraryPLUGINS, INTEGRATIONS & DEVELOPER COMMUNITY

Search URL Search Domain Scan URL

URL: https://careers.rapid7.com/
Title: CareersJOIN RAPID7

Search URL Search Domain Scan URL

URL: https://insight.rapid7.com/saml/SSO
Title: Sign In

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/&title=CVE-2022-47966%3a+Rapid7+Observed+Exploitation+of+Critical+ManageEngine+Vulnerability&summary=Rapid7+is+responding+to+various+compromises+arising+from+the+exploitation+of+CVE-2022-47966%2c+a+vulnerability+impacting+at+least+24+ManageEngine+products.

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=CVE-2022-47966%3a+Rapid7+Observed+Exploitation+of+Critical+ManageEngine+Vulnerability&url=https%3a%2f%2fwww.rapid7.com%2fblog%2fpost%2f2023%2f01%2f19%2fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2f

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-47966
Title: CVE-2022-47966

Search URL Search Domain Scan URL

URL: https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
Title: ManageEngine’s advisory

Search URL Search Domain Scan URL

URL: https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Title: technical information

Search URL Search Domain Scan URL

URL: https://investors.rapid7.com/
Title: Investors

Search URL Search Domain Scan URL

URL: https://blog.rapid7.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://support.rapid7.com/
Title: Support Login

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/39624

Search URL Search Domain Scan URL

URL: https://twitter.com/Rapid7

Search URL Search Domain Scan URL

URL: https://www.facebook.com/rapid7

Search URL Search Domain Scan URL

URL: https://www.instagram.com/rapid7/

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY= Page URL
https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

66 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 302 NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY=
info.rapid7.com/ 692 B
1 KB 244ms
208ms Document
text/html 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-4MDDFrkf+rgv9KYeeXTWLAFyTEp+VPBkMwiCEOgfu48=';object-src 'none';form-action:'none';frame-src:'none'
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-cache, no-store, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 78c203e90ded9247-FRA
content-security-policy: default-src 'self'; img-src 'self';script-src 'self' 'sha256-4MDDFrkf+rgv9KYeeXTWLAFyTEp+VPBkMwiCEOgfu48=';object-src 'none';form-action:'none';frame-src:'none'
content-type: text/html;charset=UTF-8
date: Thu, 19 Jan 2023 19:35:44 GMT
referrer-policy: strict-origin
server: cloudflare
x-frame-options: SAMEORIGIN
x-request-id: d83a739562d26a81

GET
H2 200 Primary Request / Show response
www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/ 80 KB
15 KB 437ms
416ms Document
text/html 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM

Requested by

Host: info.rapid7.com
URL: https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

6803a69d6333e662f1b5d0eb846474f7b5e2da0f55cba3f49a771454df4e169d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://info.rapid7.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://*.rapid7.com
content-type: text/html; charset=utf-8
date: Thu, 19 Jan 2023 19:35:38 GMT
vary: Accept-Encoding
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-id: U-C21u8TlkkGQJ0ZcluohUM-GcdIB3a4_ngHxRCykLvuUK3ZyCOs5Q==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 21485331595 Show response
opt.rapid7.com/edge-client/v1/13222550/ 40 KB
12 KB 288ms
242ms Script
application/javascript 2606:4700::6811:aa24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://opt.rapid7.com/edge-client/v1/13222550/21485331595
Requested by: Host: www.rapid7.com
URL: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:aa24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 456e7aee27d3381e0dcbf3e3cf9bbe5dfb5f32256bb9e809a3a4ec1e65233971

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
cf-ray: 78c203ed686e9baa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 all.min.css
www.rapid7.com/includes/css/ 539 KB
80 KB 11ms
9ms Stylesheet
text/css 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

cd717dd9d5a5d73739cd5d6e54b0d7ee44dfb25883185a093e2cb0125932cd82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:34:57 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 39
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:53:39 GMT
etag: W/"80a32466f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache
x-amz-cf-id: jkhlGPgiMnmn0wBzjLAkDRXLmBBnB6lbh3G_7fbBkEFBbs7JsxcTlA==

GET
H2 200 page.blog-resources.min.css
www.rapid7.com/includes/css/bundles/pages/ 2 KB
1 KB 19ms
17ms Stylesheet
text/css 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/css/bundles/pages/page.blog-resources.min.css?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

f31f95b6ce0501b9a05b665feb675c0467d33d0852488f153d5de47efcd83d6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:19 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 21
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:56:16 GMT
etag: W/"0f0b8c3f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache
x-amz-cf-id: ZLEcvhVuESyTlqck0jwZ5kv9XPo1X4JIWOIvhTMXKcOEVw_RMX3JLw==

GET
H2 200 block.blog-featured-posts.min.css
www.rapid7.com/includes/css/bundles/blocks/ 2 KB
1 KB 19ms
17ms Stylesheet
text/css 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/css/bundles/blocks/block.blog-featured-posts.min.css?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

a7118b1c3df79ef6d6c6f8eed16ae758675a9cb16fd9ac3b7270d04c810045d3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:19 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 21
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:51:29 GMT
etag: W/"8036a818f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache
x-amz-cf-id: IoXQJDcPBftKcztIR1a61caK-2dzVGkDkGkuLOpJc4WCL3Xxflbn7Q==

GET
H2 200 block.blog-single-post.min.css
www.rapid7.com/includes/css/bundles/blocks/ 5 KB
2 KB 20ms
18ms Stylesheet
text/css 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

5be5057e6371687abdb32f98bd3ad885f4cd902f96d3e06ce535fc89e4bf93cb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 19 Jan 2023 19:35:26 GMT
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:53:40 GMT
etag: W/"03abd66f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache
x-amz-cf-id: xmABlS2jEGHkXg3KcYiXWrHZtwoZP5oCJepDZyUOWdnCvkmSSGKUaw==

GET
H2 200 block.blog-related-posts.min.css
www.rapid7.com/includes/css/bundles/blocks/ 842 B
1 KB 25ms
23ms Stylesheet
text/css 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/css/bundles/blocks/block.blog-related-posts.min.css?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

294c17e49ff26854bf356a06846376df6bb10f56f5f88dc0ef1502a07bac276d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:26 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
content-length: 842
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:51:29 GMT
etag: "8036a818f625d91:0"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: ie6Lre4r88gw7tcNmS80JOepAkDEIP1ALA7jCsMtPpcFrDdPEODNoQ==

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 187ms
70ms Stylesheet
text/css 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Mulish:wght@800;900&family=Roboto:wght@300;400;700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

81a424f3375227e729792a91aa78f4832542c5e1aaba1d07a667e8562f38cdb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 19:35:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Jan 2023 19:35:45 GMT

GET
H2 200 jquery.min.js Show response
www.rapid7.com/includes/js/ 83 KB
30 KB 20ms
19ms Script
application/javascript 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/js/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

26896559e0cc85fb441792c86279304693546375f1144040e46cd910362b8e43

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:05 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 34
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:51:30 GMT
etag: W/"0cd4019f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
x-amz-cf-id: fiS1J0p-7zuHkk0k_C7axvDjj1xKD9GmPCUIwXdLgy9hh2Uko-OOMQ==

GET
H2 200 populateCountryState.js Show response
www.rapid7.com/includes/js/ 5 KB
2 KB 24ms
22ms Script
application/javascript 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/js/populateCountryState.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

86f70df17d2db50839e6ffd22a3a1cbe152db714041146f8129edf72f7f78103

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:06 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 34
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:56:17 GMT
etag: W/"808651c4f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
x-amz-cf-id: 9xWO2gM1milI9ihWCO1JtbcPlwi6HbnyGtj9Sq_-VmyFfxQQmdsD0Q==

GET
H2 200 forms2.min.js Show response
information.rapid7.com/js/forms2/js/ 208 KB
69 KB 71ms
36ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://information.rapid7.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
age: 2323
etag: "ee037b-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 78c203ed5bc38ff8-FRA
expires: Thu, 19 Jan 2023 23:35:45 GMT

GET
H2 200 forms2.min.js Show response
app-sj20.marketo.com/js/forms2/js/ 208 KB
69 KB 169ms
27ms Script
application/x-javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj20.marketo.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
cf-cache-status: HIT
age: 3345
etag: "ee037b-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78c203ee0f4b2c51-FRA
expires: Thu, 19 Jan 2023 23:35:45 GMT

GET
H2 200 a11y-dark.min.css
cdnjs.cloudflare.com/ajax/libs/highlight.js/11.3.1/styles/ 1 KB
1 KB 42ms
21ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.3.1/styles/a11y-dark.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb30e0c12d8ad8be9c0c517226ba4ffa88802ce495dada60b6f7494075a8a133

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1114826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 419
last-modified: Sun, 17 Oct 2021 22:37:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "616ca58e-1a3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pq%2BZv30yuYWBMwLGoCm3IovWL4cyJRqbcEaWwOTFS8WTjQDJAb5bpHN%2B5IWsgckA5C1mkCZNfDnjosXzLuVJOKCCyiHYSqI%2FT7e99jUKV6WqLA2lCVeaBD61cWFplQsDg8kv2c0S8IcKw3FuYj8Ewkew"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78c203ed4baf9968-FRA
expires: Tue, 09 Jan 2024 19:35:45 GMT

GET
H2 200 Rapid7_logo.svg
www.rapid7.com/Areas/Docs/includes/img/r7-nav/ 1 KB
1 KB 160ms
159ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

c65ffa9b8e350747e5dec76cbf16729482008fa1b57be07c53d3c509bebcfadd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:37 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Jan 2023 19:53:38 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
etag: W/"0d8c65f625d91:0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cache: Miss from cloudfront
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: ThZ3WrbD9E094Sazd1Ep1_dTpezw5bVGZJ9B22LxrgFmM34r5Icz9Q==
x-xss-protection: 1; mode=block

GET
H2 200 icon-lock.svg
www.rapid7.com/Areas/Docs/includes/img/r7-nav/ 1 KB
1017 B 161ms
160ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/Areas/Docs/includes/img/r7-nav/icon-lock.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

9904ff6810e17c1ffc108bf92dbee7f8a6318d0c8c58c1d70555d0a3945fb9da

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Jan 2023 19:56:13 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
etag: W/"802cefc1f625d91:0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cache: Miss from cloudfront
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: -883-TF7zItqkHJHFaXjtW20lCbacuznBH-25o4pLNl-eRtg5o7L-Q==
x-xss-protection: 1; mode=block

GET
H2 200 Rapid7_logo-short.svg
www.rapid7.com/Areas/Docs/includes/img/r7-nav/ 497 B
934 B 161ms
160ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/Areas/Docs/includes/img/r7-nav/Rapid7_logo-short.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

ac2a270e60c15fdaaf9957f52bab00aaefd32ac7782a62b141c66c2ce3f6369c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Jan 2023 19:51:27 GMT
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: "8097717f625d91:0"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
content-length: 497
x-xss-protection: 1; mode=block
x-amz-cf-id: 45y4H339wBGAeLS8riTk9aUkHcgKLglK8X-dGEBbrb5Cl7HTcGnvew==

GET
H2 200 rapid7-officialpartner-darkbg.png
www.rapid7.com/includes/img/ 23 KB
23 KB 10ms
8ms Image
image/png 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/rapid7-officialpartner-darkbg.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

4b64da5850f448c54ac8e031f5addfadc209e259ce5a2d712401f7e4a7bdc30f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:14 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 24
x-cache: Hit from cloudfront
content-length: 23084
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: YrPZbgir8i4ICR9n76L-HvpgYQHCdX9avANgCMyuvwxkSM3E0IFlAQ==

GET
H2 200 logo-black.png
www.rapid7.com/includes/img/ 1 KB
2 KB 10ms
9ms Image
image/png 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/logo-black.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

b3ba97f3a045ed917586356f411193b4548d91593729bcd31dccac1aa71f2b24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:15 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 24
x-cache: Hit from cloudfront
content-length: 1519
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: odH8mOC_eCuEj3zh8Az9LxfI_jiQ4Hd-kc6Ht1dk1QiWzCa-Y5va3A==

GET
H2 200 all.min.js Show response
www.rapid7.com/includes/js/ 303 KB
73 KB 8ms
8ms Script
application/javascript 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/js/all.min.js?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

f8b2f8bd2335fc60b88dbb49f790bd03b324252b7d9b2bf37465c452b56576b3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:05 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 33
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: W/"0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
x-amz-cf-id: vBEIbbvaZK2YOlhSZSKFeB4lOoQ7BM4RNCGucIf0H5VaDrEtBOdrCQ==

GET
H2 200 highlight.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/11.3.1/ 111 KB
33 KB 33ms
32ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.3.1/highlight.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0028ae9273d2cecde304fb39566c6cf4b39fa897bbe4b7d2ea5ee944d8f0b079

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 149619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33913
last-modified: Sun, 17 Oct 2021 22:37:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "616ca58e-8479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebw53cbs3luwLa4IkGtsBoFcO76DEhtuWWSfmQW2O0FnRg%2Bm4PCTU%2BP1emihXwElZooikORQ5VQmioBwGdxp0zYyYOlq5HMaX416081Bm5uMmtXjpOd7lPoDduXNkTTvE2aIObvFwZJ8kF6zvrmhq1xD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78c203ee6e269968-FRA
expires: Tue, 09 Jan 2024 19:35:45 GMT

GET
H2 200 vidyard.min.js Show response
www.rapid7.com/includes/js/bundles/shared/ 283 B
731 B 12ms
10ms Script
application/javascript 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/js/bundles/shared/vidyard.min.js?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

42654a13059f95ad356ca471088bae32122ac69cc9b99b1323a1425ba93866c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:19 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
content-length: 283
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:56:17 GMT
etag: "808651c4f625d91:0"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: lo82Lcaj6xZVauFk6zh05Pre7iqo79BaRky88atLpzdzpQFP76lj8Q==

GET
H2 200 block.blog-tags-list.min.js Show response
www.rapid7.com/includes/js/bundles/blocks/ 874 B
1 KB 11ms
10ms Script
application/javascript 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/includes/js/bundles/blocks/block.blog-tags-list.min.js?cb=1673465352799

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

bf9940f385a564a9a4e67db71d622653fc438a66fe4d66bcaff47a6d52933777

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:26 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
content-length: 874
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: Wd6wZggVt63cpEWViQm4wPKmjz60ST3a1An3pgP5xqubC6WrdtJQ-A==

GET
H2 200 281_a83d0b9d581dbee887069019dd457f2a7ffb21dd1f86fd4d570394fb3f0de774_tracking.js Show response
cdn.optimizely.com/public/13222550/21485331595/ 260 KB
81 KB 59ms
19ms Script
text/javascript 2a02:26f0:dc:38e::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/public/13222550/21485331595/281_a83d0b9d581dbee887069019dd457f2a7ffb21dd1f86fd4d570394fb3f0de774_tracking.js

Requested by

Host: opt.rapid7.com
URL: https://opt.rapid7.com/edge-client/v1/13222550/21485331595

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:38e::13b8 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a83d0b9d581dbee887069019dd457f2a7ffb21dd1f86fd4d570394fb3f0de774

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: dSS.WAii8SO63LhgxHYcNzg0ah3DimDM
content-encoding: gzip
date: Thu, 19 Jan 2023 19:35:45 GMT
strict-transport-security: max-age=15768000
x-amz-request-id: 4FP5NHJDQE5AJ6ZN
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 281
x-amz-replication-status: COMPLETED
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="16";dur=0,cdnip;desc="2a02:26f0:dc:38e::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
content-length: 81846
x-amz-id-2: DNUDzPuKHcIyoVGP3mRviGMYVwC2eor5vZ2JqY8c0nsvrpR6AL023YQ/XKaZWRK0F36mgGT1xFY=
last-modified: Thu, 19 Jan 2023 14:06:17 GMT
server: AmazonS3
etag: "303749b30b331242e42092226702db8b"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: x-amz-meta-revision
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 css2
fonts.googleapis.com/ 26 KB
1 KB 72ms
71ms Stylesheet
text/css 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

225d9fb81546e49253d0aa3f96b49051bf626c5bcd3ef06ffe9b025822343e2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 19:28:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Jan 2023 19:35:45 GMT

GET
H2 200 css2
fonts.googleapis.com/ 13 KB
924 B 70ms
70ms Stylesheet
text/css 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8c44af787f51e875d3ecc44f5bb1989fce5aeeaa1a48cc0851aec4344b5e6d73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 18:04:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Jan 2023 19:35:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 381 KB
103 KB 124ms
44ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WBTPTVC

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0314e3d380921e9abdb4c8700519e1803ea20ccb909a9718f3da456e4522c0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105391
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 18:50:35 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 Jan 2023 19:35:45 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 165ms
85ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rapid7.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:42:15 GMT
x-content-type-options: nosniff
age: 604410
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 19:42:15 GMT

GET
H2 200 getForm Show response
app-sj20.marketo.com/index.php/form/ 6 KB
2 KB 38ms
38ms Script
application/javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-sj20.marketo.com/index.php/form/getForm?munchkinId=411-NAK-970&form=4144&url=https%3A%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2F2023%2F01%2F19%2Fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2F&callback=jQuery112405212949664551605_1674156945840&_=1674156945841
Requested by: Host: information.rapid7.com
URL: https://information.rapid7.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e4a99ae8469afab431f2452d73429d3fd173fa45d74e02e5ee48c2aafc032f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:45 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 78c203efba6c2c51-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 arrow-dropdown.svg
www.rapid7.com/Areas/Docs/includes/img/r7-nav/ 459 B
898 B 159ms
159ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/Areas/Docs/includes/img/r7-nav/arrow-dropdown.svg

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

a8aa8c94d42d57cd377de305aed2169249f6f6bd2fd31b5f1d2671cc1502a1d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Jan 2023 19:56:13 GMT
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: "802cefc1f625d91:0"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
content-length: 459
x-xss-protection: 1; mode=block
x-amz-cf-id: nQorGFPSJ5VSCa6jolJi5XMKMaEjyYmZTUYsNVLqOkgoDK4LweuQEQ==

GET
H2 200 linkedin-mini.png
www.rapid7.com/includes/img/blog/ 817 B
1 KB 11ms
10ms Image
image/png 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/blog/linkedin-mini.png

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

44fc485dc1ebae37e5b965b0295dd07e645a2a4065a68b1c2416d0911ac92007

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:26 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
content-length: 817
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:56:16 GMT
etag: "0f0b8c3f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: _SsYqbeL211isBArT4onQX29T4qPz0GH9wLVBb9CceS2kl0JMRq13A==

GET
H2 200 twitter-mini.png
www.rapid7.com/includes/img/blog/ 839 B
1 KB 11ms
10ms Image
image/png 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/blog/twitter-mini.png

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

3a50103004f1b8789103e6f8ba96dd51f2c071a2b7a71dcc1f33f9c8de33382f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:18 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
content-length: 839
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: PUN6q40HS4wIw7c_2drMhwxH9HkgsaycRM8GQomFwprtySGpRjLcuQ==

GET
H2 200 facebook-mini.png
www.rapid7.com/includes/img/blog/ 773 B
1 KB 10ms
10ms Image
image/png 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/blog/facebook-mini.png

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

652667975f4e5bc9b68363e77211b87c5739566baed70c21fe835d7969995478

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/bundles/blocks/block.blog-single-post.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:19 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 21
x-cache: Hit from cloudfront
content-length: 773
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:51:30 GMT
etag: "0cd4019f625d91:0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: oE8DmJkijD5SInLqB17ZbmErHNgSvOJf3zdBN4ixrMhmpDAjabyGNA==

GET
H2 200 search-gray.png
www.rapid7.com/includes/img/ 533 B
981 B 9ms
8ms Image
image/png 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/search-gray.png

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

4b20b79d8999b2516d971378ec1b7a3bb36108838a22d3c6f2e1d9a47dbe7f08

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:26 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 23
x-cache: Hit from cloudfront
content-length: 533
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: UIavfHlwn9qcFLz5IQ-cUvTtVLu3md4U-y2ftM1rRejqy3GnxNArJg==

GET
H2 200 response.svg
www.rapid7.com/includes/img/ 558 B
992 B 9ms
9ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/response.svg

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

7e4db0925a0f8500f77e268985894d2a77a600786d4c6eb0b8cd84781cb05743

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:16 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 23
x-cache: Hit from cloudfront
content-length: 558
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: LYOSOFwZML2PJU36_T6bQyA0trlwAPkyg0g42daQWh-UP0vHAlSX2w==

GET
H2 200 linkedin-light.svg
www.rapid7.com/includes/img/ 514 B
948 B 11ms
10ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/linkedin-light.svg

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

2dd8e940e47cb067ab22aadfe8ccc4f744ddd724bfac7f058915413ae8974909

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:16 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 23
x-cache: Hit from cloudfront
content-length: 514
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:49:14 GMT
etag: "0d930c8f525d91:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: aPAeCZaFNbp_IpHCQXeKFJJLJnRhY9Cs02jTmPW7Cc8xKzwcfNhS8w==

GET
H2 200 twitter-light.svg
www.rapid7.com/includes/img/ 662 B
1 KB 9ms
8ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/twitter-light.svg

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

a1e5e79263b670b9f325e1b03db57992cc05c556289f2ea31b9393f265364263

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:26 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 23
x-cache: Hit from cloudfront
content-length: 662
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:53:41 GMT
etag: "80d05567f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: sLR2zNh7SSNpOySFXf3QN6fRMmQhbllXToBweplp_kSFVFICzaTBkQ==

GET
H2 200 facebook-light.svg
www.rapid7.com/includes/img/ 323 B
757 B 10ms
9ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/facebook-light.svg

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

8f0a8aeb7295594ad2a432cb24687f3bc9eef6837443f73a5aa7aeea7417e268

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:13 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 23
x-cache: Hit from cloudfront
content-length: 323
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:53:40 GMT
etag: "03abd66f625d91:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: no-cache
accept-ranges: bytes
x-amz-cf-id: nY5ULHJtzPu-tH2yofclKLYcUV1kQ2kVtkpGPuCO6jsld0suYTACqQ==

GET
H2 200 instagram-light.svg
www.rapid7.com/includes/img/ 1 KB
985 B 10ms
10ms Image
image/svg+xml 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rapid7.com/includes/img/instagram-light.svg

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

7d7f64f89927a0c843f4ae2f589c776643aa23ead9ce829bb39c8f3a40d4955d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:13 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: FRA56-C2
age: 22
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Jan 2023 19:53:40 GMT
etag: W/"03abd66f625d91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-cache
x-amz-cf-id: 9A2D9HUL_mPcZ1JUDIoAV0rseAjEOmmfiQBgr0U0iZSVamcA-FKS1w==

GET
H2 200 1Ptvg83HX_SGhgqk3wot.woff2
fonts.gstatic.com/s/mulish/v12/ 27 KB
27 KB 83ms
38ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/mulish/v12/1Ptvg83HX_SGhgqk3wot.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8da72dacca3725d500bc789e5f506c76367804eecc46c4249ce0ff822d7a147e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rapid7.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 12:50:21 GMT
x-content-type-options: nosniff
age: 24324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27428
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Jan 2024 12:50:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 156ms
111ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rapid7.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 16:44:52 GMT
x-content-type-options: nosniff
age: 269453
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 16:44:52 GMT

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 141ms
97ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rapid7.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 03:39:12 GMT
x-content-type-options: nosniff
age: 57393
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15752
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 Jan 2024 03:39:12 GMT

GET
H2 200 rapid7-icon-font.woff2
www.rapid7.com/Areas/Docs/includes/plugins/rapid7-icon-font/fonts/ 70 KB
71 KB 311ms
310ms Font
application/font-woff 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/Areas/Docs/includes/plugins/rapid7-icon-font/fonts/rapid7-icon-font.woff2

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

04c1c1767e4e114200209ffb70e66b744ddbf113566215117e23cfb600070a36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.rapid7.com/includes/css/all.min.css?cb=1673465352799
Origin: https://www.rapid7.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:40 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Jan 2023 19:51:27 GMT
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: "8097717f625d91:0"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: application/font-woff
cache-control: no-cache
accept-ranges: bytes
content-length: 72104
x-xss-protection: 1; mode=block
x-amz-cf-id: FVud9C2S8_lIquvzvyh09yJLyNdbHTZrHdmglRFj_P15jh9fkCU2Jg==

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 117ms
74ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rapid7.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 14 Jan 2023 09:07:05 GMT
x-content-type-options: nosniff
age: 469720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jan 2024 09:07:05 GMT

GET
H/1.1 200
OK GettyImages-1352385622.jpg
blog.rapid7.com/content/images/2023/01/ 142 KB
142 KB 260ms
9ms Image
image/jpeg 13.32.121.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.rapid7.com/content/images/2023/01/GettyImages-1352385622.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-30.fra60.r.cloudfront.net

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

7af13bd0026dd2db67724d97879d3451237119fb4b9e7dbfa7de50bfe4c2a312

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.rapid7.com
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' https://www.rapid7.com
Date: Thu, 19 Jan 2023 19:35:26 GMT
Via: 1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P1
Age: 143
X-Powered-By: Express
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 145137
Last-Modified: Thu, 19 Jan 2023 17:15:21 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"236f1-185cb072653"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
X-Amz-Cf-Id: CJ5_IehP8XdqYz7tRIiX1YtydVXioS0kz84_ncJsUAJ9XowlwvznUg==

GET
H2 200 forms2.min.js Show response
information.rapid7.com/js/forms2/js/ 208 KB
69 KB 202ms
202ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://information.rapid7.com/js/forms2/js/forms2.min.js?_=1674156945834

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/js/jquery.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
etag: "d603f4-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript
accept-ranges: bytes
cf-ray: 78c203f03f9e8ff8-FRA

GET
H2 200 forms2.css
app-sj20.marketo.com/js/forms2/css/ 13 KB
3 KB 41ms
40ms Stylesheet
text/css 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj20.marketo.com/js/forms2/css/forms2.css

Requested by

Host: information.rapid7.com
URL: https://information.rapid7.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 5883
content-length: 2623
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
etag: "ee0377-3437-5ea394834ab40"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 78c203f0bc392c51-FRA
expires: Thu, 19 Jan 2023 23:35:46 GMT

GET
H2 200 forms2-theme-simple.css
app-sj20.marketo.com/js/forms2/css/ 826 B
391 B 22ms
22ms Stylesheet
text/css 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj20.marketo.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: information.rapid7.com
URL: https://information.rapid7.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 5103
content-length: 242
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
etag: "d603ed-33a-5ea394834ab40"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 78c203f0bc3a2c51-FRA
expires: Thu, 19 Jan 2023 23:35:46 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 164ms
48ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBTPTVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 19 Jan 2023 18:21:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4436
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20085
expires: Thu, 19 Jan 2023 20:21:50 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 214 KB
74 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XVK5E64NXZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBTPTVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e5c4e44c5f2f262e905437e5763c228415cfbb0ee6e26f52c00099d7a3ef5a32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75191
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 19 Jan 2023 19:35:46 GMT

GET
H2 200 XDFrame Show response
app-sj20.marketo.com/index.php/form/ Frame 3C85 2 KB
869 B 196ms
195ms Document
text/html 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj20.marketo.com/index.php/form/XDFrame

Requested by

Host: information.rapid7.com
URL: https://information.rapid7.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c89a8bee77d21587af1a9e0dcd26a779b62436084eaf136c354ff1bf39f2c280

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.rapid7.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 78c203f1ee1c2c51-FRA
content-encoding: gzip
content-length: 651
content-type: text/html; charset=utf-8
date: Thu, 19 Jan 2023 19:35:46 GMT
server: cloudflare
strict-transport-security: max-age=63113904
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 24 KB
8 KB 50ms
19ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBTPTVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d277a90920d78efa3d6e473d67240beb26100591c7b02a34bd444aa78ee5d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: WdCEPqU1pnnoNr/cT9hHyQ==
age: 86225
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8053
x-ms-lease-status: unlocked
last-modified: Tue, 17 Jan 2023 03:30:41 GMT
server: cloudflare
etag: 0x8DAF83B35FDC216
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 433f0463-a01e-017d-61d1-2a027b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f21fc4bbce-FRA

GET
H2 200 1b23d21a-86ff-483a-b234-d5d6ecbb43e7.json Show response
cdn.cookielaw.org/consent/1b23d21a-86ff-483a-b234-d5d6ecbb43e7/ 4 KB
2 KB 38ms
20ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1b23d21a-86ff-483a-b234-d5d6ecbb43e7/1b23d21a-86ff-483a-b234-d5d6ecbb43e7.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

700665df57e01f89193195cb47ccacbb5a9407a98b547896226343049affaa93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 8ntPSI34M+ZqCJs7D+pMQg==
age: 43677
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1563
x-ms-lease-status: unlocked
last-modified: Thu, 21 Apr 2022 13:24:27 GMT
server: cloudflare
etag: 0x8DA239A4299E95E
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ab99ae38-701e-0119-678a-55b2db000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f29b839202-FRA
expires: Fri, 20 Jan 2023 19:35:46 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
313 B 199ms
43ms XHR
application/json 2606:4700::6812:1b55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1b55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.rapid7.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 78c203f3a9cd9b61-FRA
access-control-allow-headers: Content-Type

GET
H2 200 forms2.min.js Show response
app-sj20.marketo.com/js/forms2/js/ Frame 3C85 208 KB
69 KB 20ms
19ms Script
application/x-javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj20.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-sj20.marketo.com
URL: https://app-sj20.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app-sj20.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
cf-cache-status: HIT
age: 3346
etag: "ee037b-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78c203f3b9782c51-FRA
expires: Thu, 19 Jan 2023 23:35:46 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.31.0/ 334 KB
79 KB 21ms
21ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe4946db1f133c18e59bde7de4f6e87a50d288f85ec8440451b998e0f3f17e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: D263R6OySncrpIc5uRH3nQ==
age: 59407
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 80955
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:24 GMT
server: cloudflare
etag: 0x8DA032EC5D12B02
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fe1236c6-901e-00db-2e1c-357c30000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f3fc29bbce-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/1b23d21a-86ff-483a-b234-d5d6ecbb43e7/fac92f41-3650-4dd1-b25b-1254d1006ab2/ 49 KB
11 KB 18ms
18ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1b23d21a-86ff-483a-b234-d5d6ecbb43e7/fac92f41-3650-4dd1-b25b-1254d1006ab2/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0553aaa47905d2049d1f512a9b52807b90407be92afbed3e7f47daf3ea96e039

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: rvcFLyfQWY49oXtUlgTAMA==
age: 41611
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11065
x-ms-lease-status: unlocked
last-modified: Thu, 21 Apr 2022 13:24:28 GMT
server: cloudflare
etag: 0x8DA239A43622547
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d4139c0a-801e-012e-158a-551e74000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f44e439202-FRA
expires: Fri, 20 Jan 2023 19:35:46 GMT

GET
H2 200 tags Show response
www.rapid7.com/api/blog/ 18 KB
18 KB 369ms
369ms XHR
application/json 13.32.27.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rapid7.com/api/blog/tags

Requested by

Host: www.rapid7.com
URL: https://www.rapid7.com/includes/js/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-31.fra56.r.cloudfront.net

Software

Resource Hash

45a5422015e1cbc6dff6382bad0e9180c86c5e9302e3ea91212db83332ed67b3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.rapid7.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_source=marketo&utm_medium=email&utm_campaign=etr_cve-2022-47966&mkt_tok=NDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: frame-ancestors 'self' https://*.rapid7.com
date: Thu, 19 Jan 2023 19:35:40 GMT
x-content-type-options: nosniff
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
cache-control: no-cache
x-amz-cf-id: -AdTQ_UuTJS5hkLwKTN8FnUx2wxK_Biw7RY3t9naSVWMw0PaV1zfPQ==
x-xss-protection: 1; mode=block
expires: -1

POST
H2 204 collect
region1.google-analytics.com/g/ 0
339 B 54ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XVK5E64NXZ&gtm=2oe1i0&_p=1547500553&gcs=G100&cid=673655627.1674156947&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674156946&sct=1&seg=0&dl=https%3A%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2F2023%2F01%2F19%2Fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2F%3Futm_source%3Dmarketo%26utm_medium%3Demail%26utm_campaign%3Detr_cve-2022-47966%26mkt_tok%3DNDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM&dr=https%3A%2F%2Finfo.rapid7.com%2F&dt=CVE-2022-47966%3A%20Rapid7%20Observed%20Exploitation%20of%20Critical%20ManageEngine%20Vulnerability%20%7C%20Rapid7%20Blog&en=page_view&_fv=1&_ss=1&ep.hit_timestamp=2023-01-19T19%3A35%3A46.181%2B00%3A00&ep.gtm_version_info=GTM-WBTPTVC_321&ep.custom_pagepath=www.rapid7.com%2Fblog%2Fpost%2F2023%2F01%2F19%2Fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2F&ep.content_group=%2Fblog%2Fpost%2F%20-%20emergent%20threat%20response&up.auth_flag=false&up.customer_flag=false&up.trial_user_flag=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XVK5E64NXZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Jan 2023 19:35:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.rapid7.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/ 9 KB
3 KB 19ms
19ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea07c75cc70340374feb3872db77d7d5b74e6e8b62fd538f36209b1815ecd3d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: H5sekmzucUF8sFtSeINTKg==
age: 34369
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2584
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:14 GMT
server: cloudflare
etag: 0x8DA032EBF6EA85E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a2568523-b01e-012d-25a6-4e1d73000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f49ea99202-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/v2/ 47 KB
11 KB 20ms
19ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

146697e686c91fde6e30955bc6cba7bfe752c511b2f27545a6938266e49cdfcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ZpEAbh0BppVJFPu0Tn1v0w==
age: 83039
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11558
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:15 GMT
server: cloudflare
etag: 0x8DA032EC085471F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: bf71dd58-901e-015c-47a7-4e6f4a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f49eaa9202-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/ 5 KB
2 KB 21ms
20ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e413fe14135b1fe89832925dad54fd79bef183a189868be478726d11f3942d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: bZ6sFc9Mh4SBvE3dHyo0/Q==
age: 12501
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1780
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:15 GMT
server: cloudflare
etag: 0x8DA032EC020A07E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8e397a97-101e-0102-76a7-4e9c49000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78c203f49eab9202-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/ 21 KB
4 KB 28ms
27ms Fetch
text/css 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42da203fcc4325bd58c8c868e9213def8ca9b8d58e79d68e86c0fd8a5744e72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 19 Jan 2023 19:35:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: 2HSefDmVwJneRQMu6SXIPw==
age: 34949
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:31 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 19338d77-001e-0134-37a7-4e311b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 78c203f49eac9202-FRA

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 48ms
47ms Image
image/gif 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&aip=1&a=1547500553&t=pageview&_s=1&dl=https%3A%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2F2023%2F01%2F19%2Fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2F%3Futm_source%3Dmarketo%26utm_medium%3Demail%26utm_campaign%3Detr_cve-2022-47966%26mkt_tok%3DNDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM&dr=https%3A%2F%2Finfo.rapid7.com%2F&ul=en-us&de=UTF-8&dt=CVE-2022-47966%3A%20Rapid7%20Observed%20Exploitation%20of%20Critical%20ManageEngine%20Vulnerability%20%7C%20Rapid7%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEAAAAABEAAAAAAEKk~&cid=673655627.1674156947&tid=UA-4622520-13&_gid=1891247417.1674156947&gtm=2wg1i0WBTPTVC&cd10=GTM-WBTPTVC_321&cd12=1674156946183.s1yxp8&cd13=2023-01-19T19%3A35%3A46.183%2B00%3A00&gcs=G100&cd11=673655627.1674156947&z=1877371636

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Jan 2023 18:35:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3598
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
92 B 48ms
48ms Image
image/gif 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&aip=1&a=1547500553&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2F2023%2F01%2F19%2Fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2F%3Futm_source%3Dmarketo%26utm_medium%3Demail%26utm_campaign%3Detr_cve-2022-47966%26mkt_tok%3DNDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM&dr=https%3A%2F%2Finfo.rapid7.com%2F&ul=en-us&de=UTF-8&dt=CVE-2022-47966%3A%20Rapid7%20Observed%20Exploitation%20of%20Critical%20ManageEngine%20Vulnerability%20%7C%20Rapid7%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Audience&ea=Prospect&el=No%20Account&_u=aEgAAAABEAAAAAAEKk~&cid=673655627.1674156947&tid=UA-4622520-13&_gid=1446816716.1674156947&gtm=2wg1i0WBTPTVC&cd10=GTM-WBTPTVC_321&cd12=1674156946185.dl9vg4g&cd13=2023-01-19T19%3A35%3A46.186%2B00%3A00&gcs=G100&cd11=673655627.1674156947&z=130830412

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.rapid7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 Jan 2023 18:35:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3598
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
359 B 442ms
112ms XHR
text/plain 54.157.78.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/public/13222550/21485331595/281_a83d0b9d581dbee887069019dd457f2a7ffb21dd1f86fd4d570394fb3f0de774_tracking.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.157.78.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-157-78-203.compute-1.amazonaws.com
Software: nginx/1.21.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rapid7.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 19 Jan 2023 19:35:47 GMT
Server: nginx/1.21.0
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.rapid7.com
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: d50ddf31-8aa4-48dd-94fd-c7021d4ba146

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability	1970-01-20 09:45:48	Name: rapid_blog_15112021 Value: 1
.info.rapid7.com/	1970-01-20 09:02:38	Name: __cf_bm Value: i7TqMGtxD1bAMgvhtZoyAKA7cJ3B7qI_QYqdU7NrNQw-1674156944-0-AVgFEj5GINnvYfIlfh5J7vvsR6dxtRkthAeMw01H+VOHwEcHCvUhfmrQo/0yxX4MH30QypLnRInbvRM8ttU3xy4=
www.rapid7.com/	1969-12-31 23:59:59	Name: r7-session Value: edg4bukjrpldj0mesjoek1mq
.rapid7.com/	1969-12-31 23:59:59	Name: r7-lr Value: lang-detect-notify
.information.rapid7.com/	1970-01-20 09:02:38	Name: __cf_bm Value: o54gsbZ9NAd.zQTRhKeKNIwAeX7YlXrOsMvTp9VOa58-1674156945-0-AT+KFoRQfu44APphAhn53TUDMA0ZlxhrmuNh7MNuf5XQph9vaEFfraNQZ/VInWh1gVaWTHHXM4wP1kmBGChZZVw=
.app-sj20.marketo.com/	1970-01-20 09:02:38	Name: __cf_bm Value: DuweUkwkGymr3jcPnK0DmxiAI_9NzgWmxYqu8AlDLs4-1674156945-0-Ab9miOPTK+QloGMs3VK/Ci2ouyT8qe3BQEMYu2RHPwFd2zowzPIS9oD0t3aoWfc9LI8MJsMQjHk7x7kIQhxL2vI=
.rapid7.com/	1970-01-20 13:21:48	Name: optimizelyEndUserId Value: oeu1674156945520r0.8707373083892689
information.rapid7.com/	1969-12-31 23:59:59	Name: BIGipServersj20web-nginx-app_https Value: !P5BiWCv1eiz4C3TMZROflEEG2tCiklgIqFsaTCGU1x4W9eYAaf03e9x+CPdoKbhKI9lf4/xazRimXkU=
.rapid7.com/	1970-01-20 17:48:12	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jan+19+2023+19%3A35%3A46+GMT%2B0000+(GMT)&version=6.31.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2F2023%2F01%2F19%2Fetr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability%2F%3Futm_source%3Dmarketo%26utm_medium%3Demail%26utm_campaign%3Detr_cve-2022-47966%26mkt_tok%3DNDExLU5BSy05NzAAAAGJak1thqypM9Xh5Ip_LtezqYf08S91DfA3ZU1aixpOaHfd8e2jhk9cOwIUtKqeL3nZT6YtiYto4MASsPyiLJs8uCNWEiPtXHA7MjYmLVSRJQtKVHM&groups=C0001%3A1%2CC0005%3A0%2CC0004%3A0%2CC0002%3A0%2CC0003%3A0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY= Message: The Content-Security-Policy directive name 'form-action:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://info.rapid7.com/NDExLU5BSy05NzAAAAGJak1thrINMKleKBXyEqeWV1CDJJMeJ_H-M29hdKgFGzPXHaSroq1MPX55ObSgXd36cXPw7MY= Message: The Content-Security-Policy directive name 'frame-src:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-4MDDFrkf+rgv9KYeeXTWLAFyTEp+VPBkMwiCEOgfu48=';object-src 'none';form-action:'none';frame-src:'none'
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-sj20.marketo.com
blog.rapid7.com
cdn.cookielaw.org
cdn.optimizely.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
info.rapid7.com
information.rapid7.com
logx.optimizely.com
opt.rapid7.com
region1.google-analytics.com
www.google-analytics.com
www.googletagmanager.com
www.rapid7.com
104.16.92.80
104.17.70.206
104.17.72.206
13.32.121.30
13.32.27.31
2001:4860:4802:34::36
2606:4700::6810:9540
2606:4700::6811:180e
2606:4700::6811:aa24
2606:4700::6812:1b55
2a00:1450:4001:802::2003
2a00:1450:4001:827::2008
2a00:1450:400d:802::200a
2a00:1450:400d:807::200e
2a02:26f0:dc:38e::13b8
54.157.78.203
0028ae9273d2cecde304fb39566c6cf4b39fa897bbe4b7d2ea5ee944d8f0b079
0314e3d380921e9abdb4c8700519e1803ea20ccb909a9718f3da456e4522c0c9
04c1c1767e4e114200209ffb70e66b744ddbf113566215117e23cfb600070a36
0553aaa47905d2049d1f512a9b52807b90407be92afbed3e7f47daf3ea96e039
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
146697e686c91fde6e30955bc6cba7bfe752c511b2f27545a6938266e49cdfcd
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1e4a99ae8469afab431f2452d73429d3fd173fa45d74e02e5ee48c2aafc032f9
225d9fb81546e49253d0aa3f96b49051bf626c5bcd3ef06ffe9b025822343e2b
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
26896559e0cc85fb441792c86279304693546375f1144040e46cd910362b8e43
294c17e49ff26854bf356a06846376df6bb10f56f5f88dc0ef1502a07bac276d
2dd8e940e47cb067ab22aadfe8ccc4f744ddd724bfac7f058915413ae8974909
3a50103004f1b8789103e6f8ba96dd51f2c071a2b7a71dcc1f33f9c8de33382f
3d277a90920d78efa3d6e473d67240beb26100591c7b02a34bd444aa78ee5d5c
42654a13059f95ad356ca471088bae32122ac69cc9b99b1323a1425ba93866c5
42da203fcc4325bd58c8c868e9213def8ca9b8d58e79d68e86c0fd8a5744e72d
44fc485dc1ebae37e5b965b0295dd07e645a2a4065a68b1c2416d0911ac92007
456e7aee27d3381e0dcbf3e3cf9bbe5dfb5f32256bb9e809a3a4ec1e65233971
45a5422015e1cbc6dff6382bad0e9180c86c5e9302e3ea91212db83332ed67b3
4b20b79d8999b2516d971378ec1b7a3bb36108838a22d3c6f2e1d9a47dbe7f08
4b64da5850f448c54ac8e031f5addfadc209e259ce5a2d712401f7e4a7bdc30f
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5be5057e6371687abdb32f98bd3ad885f4cd902f96d3e06ce535fc89e4bf93cb
652667975f4e5bc9b68363e77211b87c5739566baed70c21fe835d7969995478
6803a69d6333e662f1b5d0eb846474f7b5e2da0f55cba3f49a771454df4e169d
700665df57e01f89193195cb47ccacbb5a9407a98b547896226343049affaa93
7af13bd0026dd2db67724d97879d3451237119fb4b9e7dbfa7de50bfe4c2a312
7d7f64f89927a0c843f4ae2f589c776643aa23ead9ce829bb39c8f3a40d4955d
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
7e4db0925a0f8500f77e268985894d2a77a600786d4c6eb0b8cd84781cb05743
81a424f3375227e729792a91aa78f4832542c5e1aaba1d07a667e8562f38cdb3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86f70df17d2db50839e6ffd22a3a1cbe152db714041146f8129edf72f7f78103
8c44af787f51e875d3ecc44f5bb1989fce5aeeaa1a48cc0851aec4344b5e6d73
8da72dacca3725d500bc789e5f506c76367804eecc46c4249ce0ff822d7a147e
8f0a8aeb7295594ad2a432cb24687f3bc9eef6837443f73a5aa7aeea7417e268
9904ff6810e17c1ffc108bf92dbee7f8a6318d0c8c58c1d70555d0a3945fb9da
9e413fe14135b1fe89832925dad54fd79bef183a189868be478726d11f3942d1
a1e5e79263b670b9f325e1b03db57992cc05c556289f2ea31b9393f265364263
a7118b1c3df79ef6d6c6f8eed16ae758675a9cb16fd9ac3b7270d04c810045d3
a83d0b9d581dbee887069019dd457f2a7ffb21dd1f86fd4d570394fb3f0de774
a8aa8c94d42d57cd377de305aed2169249f6f6bd2fd31b5f1d2671cc1502a1d1
ac2a270e60c15fdaaf9957f52bab00aaefd32ac7782a62b141c66c2ce3f6369c
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b3ba97f3a045ed917586356f411193b4548d91593729bcd31dccac1aa71f2b24
bf9940f385a564a9a4e67db71d622653fc438a66fe4d66bcaff47a6d52933777
c65ffa9b8e350747e5dec76cbf16729482008fa1b57be07c53d3c509bebcfadd
c89a8bee77d21587af1a9e0dcd26a779b62436084eaf136c354ff1bf39f2c280
cb30e0c12d8ad8be9c0c517226ba4ffa88802ce495dada60b6f7494075a8a133
cd717dd9d5a5d73739cd5d6e54b0d7ee44dfb25883185a093e2cb0125932cd82
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c4e44c5f2f262e905437e5763c228415cfbb0ee6e26f52c00099d7a3ef5a32
ea07c75cc70340374feb3872db77d7d5b74e6e8b62fd538f36209b1815ecd3d6
f31f95b6ce0501b9a05b665feb675c0467d33d0852488f153d5de47efcd83d6f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8b2f8bd2335fc60b88dbb49f790bd03b324252b7d9b2bf37465c452b56576b3
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
fe4946db1f133c18e59bde7de4f6e87a50d288f85ec8440451b998e0f3f17e66

www.rapid7.com Open in urlscan Pro 13.32.27.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

66 Requests

100 %HTTPS

63 %IPv6

10 Domains

16 Subdomains

17 IPs

5 Countries

1301 kBTransfer

3826 kBSize

9 Cookies

20 Outgoing links

Page URL History

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.rapid7.com Open in urlscan Pro
13.32.27.31 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

100 %
HTTPS

63 %
IPv6

10
Domains

16
Subdomains

17
IPs

5
Countries

1301 kB
Transfer

3826 kB
Size

9
Cookies

66 HTTP transactions
1 data transactions