cymulate.com Open in urlscan Pro
2606:4700:10::ac43:ddf  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

• https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad HTTP 302
• https://a.clickcertain.com/px/smart/a/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad HTTP 302
• https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75

Request Chain 81

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFWmb-HeTX8dUhVfdj3u0IT-vJ36f6XZrjLJfMkRvFWcgyramKjCAO6zwAIjrSMApBsRdmPlwnnQQ

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
13 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/	301 KB 53 KB	487ms 450ms	Document text/html	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 57294d13fa4aef7d107077478682297f6c2812cd13db25a11b6493b4bded78e9 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers cache-control max-age=600, must-revalidate cf-cache-status DYNAMIC cf-ray 8b3a20cc0b6271b8-FRA content-encoding br content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Thu, 15 Aug 2024 15:13:21 GMT link <https://cymulate.com/wp-json/>; rel="https://api.w.org/" <https://cymulate.com/wp-json/wp/v2/blog/22918>; rel="alternate"; title="JSON"; type="application/json" <https://cymulate.com/?p=22918>; rel=shortlink permissions-policy autoplay=(self), geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=() referrer-policy no-referrer-when-downgrade origin server cloudflare strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding x-cache HIT: 5 x-cache-group normal x-cacheable SHORT x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	mm_a2d1e31d-58b7-45f1-b66f-2e3107549cf8-23218466.js Show response cymulate.com/wp-content/cache/min/1/js/	578 B 698 B	46ms 45ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/js/mm_a2d1e31d-58b7-45f1-b66f-2e3107549cf8-23218466.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3e92096bd29fcb17b27edf69b590575685720d412144871ec907576a027561e9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 10733 etag W/"66ba2076-242" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20ceef3371b8-FRA expires Wed, 21 Aug 2024 12:21:13 GMT
GET H2	200	starter-scripts.js Show response cymulate.com/wp-content/themes/cymulate-2022/build/js/	848 B 1 KB	32ms 31ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/js/starter-scripts.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f3f08b3cbc6ceb04bc62a9b85006ef3ee818f9cd4cedd2fb39e3058358682165 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Fri, 09 Aug 2024 16:37:46 GMT server cloudflare age 95552 cf-polished origSize=1554 etag W/"66b645da-612" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20cedf1a71b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	Poppins-Regular.ttf cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/	154 KB 155 KB	44ms 43ms	Font application/octet-stream	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Regular.ttf Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:39:32 GMT server cloudflare age 10733 etag "66b64644-269f0" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 8b3a20ceef2b71b8-FRA content-length 158192
GET H2	200	init-gtm.js Show response cymulate.com/wp-content/themes/cymulate-2022/build/js/	994 B 1 KB	45ms 44ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7a80fb50f58320df02bb209faa75baed165759153874be28cdc35e87cfd470fc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 13:38:13 GMT server cloudflare age 10733 cf-polished origSize=1187 etag W/"66ba1045-4a3" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20ceef2f71b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	OtAutoBlock.js Show response cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/	16 KB 4 KB	93ms 64ms	Script application/x-javascript	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/OtAutoBlock.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 07f134f5be6766081057b1d18f253f6da67f1efcd2bbbe601273ead941489544 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:21 GMT content-encoding gzip cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 19038 content-md5 Nt/Zdl5+UEbwO0LgtrY2/w== content-length 3994 x-ms-lease-status unlocked last-modified Mon, 12 Aug 2024 09:30:16 GMT server cloudflare etag 0x8DCBAB1606DD4A0 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 283d8289-d01e-0052-3f9a-ec5754000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20cf09bf3626-FRA
GET H2	200	otSDKStub.js Show response cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/	20 KB 7 KB	97ms 68ms	Script application/x-javascript	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ea14b302d2386504b249b182fac6bdeff4b77b71921945c4cf70e73550ab503d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:21 GMT content-encoding gzip cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 19038 content-md5 pbJJi2bi48pCi90v1avuPA== content-length 6924 x-ms-lease-status unlocked last-modified Mon, 12 Aug 2024 09:30:16 GMT server cloudflare etag 0x8DCBAB1606EBE01 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 81e57a90-201e-0034-799a-ec1874000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20cf09bd3626-FRA
GET H2	200	Poppins-Light.ttf cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/	156 KB 156 KB	205ms 204ms	Font application/octet-stream	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Light.ttf Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b0499eb6bef276af5e98726f6476ad2a09fa0a792e430be776811890b0a9e4b1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:39:28 GMT server cloudflare etag "66b64640-27068" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 8b3a20ceef3271b8-FRA content-length 159848
GET H2	200	Poppins-Medium.ttf cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/	153 KB 153 KB	42ms 41ms	Font application/octet-stream	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Medium.ttf Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e554db189b5d944ef0e6f98ee0e4e8c75f69e95315dc9f4ae0c616a8756a2ba4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:39:29 GMT server cloudflare age 95552 etag "66b64641-26340" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 8b3a20ceef3571b8-FRA content-length 156480
GET H2	200	Poppins-SemiBold.ttf cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/	152 KB 152 KB	54ms 54ms	Font application/octet-stream	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-SemiBold.ttf Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:39:36 GMT server cloudflare age 10733 etag "66b64648-25e38" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 8b3a20ceef3771b8-FRA content-length 155192
GET H2	200	Poppins-Bold.ttf cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/	150 KB 151 KB	34ms 34ms	Font application/octet-stream	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Bold.ttf Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c24de5695a67f26e8e1a2770f7a62f82d1aae59a68c498412bf7986beeb7d84b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:39:33 GMT server cloudflare age 10733 etag "66b64645-2592c" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 8b3a20ceef3871b8-FRA content-length 153900
GET H2	200	gtm.js Show response www.googletagmanager.com/	336 KB 111 KB	58ms 35ms	Script application/javascript	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 7a3e40f5aae1d91a54d5485ad9d6d0647261d98a9e7b3bdcc3ac4470de6ffba7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 113426 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Aug 2024 15:13:21 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	183 KB 66 KB	50ms 27ms	Script application/javascript	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-N8MJTXDC Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c99760d7ed551cd0175afcc97ecb090823e535b0d91f19443993e15c9feb5116 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 67526 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Aug 2024 15:13:21 GMT
GET H2	200	research-team.png.webp cymulate.com/uploaded-files/2022/03/	17 KB 17 KB	162ms 161ms	Image image/webp	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cymulate.com/uploaded-files/2022/03/research-team.png.webp Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d2223ff06c80eafecd7007744ffd5e885c876bbb3b7a1fdd6f6072fd8c85f4e8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Mon, 12 Jun 2023 09:10:40 GMT server cloudflare etag "6486e110-42c8" vary Accept-Encoding content-type image/webp cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20cf6fe871b8-FRA content-length 17096 expires Tue, 12 Nov 2024 19:15:34 GMT
GET H2	200	jquery.min.js Show response cymulate.com/wp-includes/js/jquery/	86 KB 31 KB	28ms 25ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br cf-cache-status HIT last-modified Mon, 28 Aug 2023 17:14:23 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains age 95547 etag W/"64ecd5ef-15601" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0088071b8-FRA expires Wed, 21 Aug 2024 12:21:15 GMT
GET H2	200	jquery-migrate.min.js Show response cymulate.com/wp-includes/js/jquery/	13 KB 5 KB	32ms 30ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br cf-cache-status HIT last-modified Fri, 09 Jun 2023 05:49:24 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains age 10733 etag W/"6482bd64-3509" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0188671b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	form-awesome-public.js Show response cymulate.com/wp-content/cache/min/1/wp-content/plugins/form-awesome-plugin/public/js/	419 B 493 B	29ms 27ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/plugins/form-awesome-plugin/public/js/form-awesome-public.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0425a8f82b801c86dc4a6718f77b6675fbde4032abfe3601e846f53f6419df8c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 10733 etag W/"66ba2076-1a3" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0188771b8-FRA expires Wed, 21 Aug 2024 12:21:13 GMT
GET H3	200	v2.js Show response js.hsforms.net/forms/	483 KB 156 KB	43ms 27ms	Script application/javascript	2606:4700::6812:8d77 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:8d77 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dfdf1af1a230e3ee08968606c4322f5a9c51a5a6bf341687fedac60716c9ddab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-encoding gzip age 305 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5781/bundles/project-v2.js&cfRay=8b3a195ae99218c3-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"07033d485ccfcdda144e7a4173dbc0bc" vary accept-encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.5781/bundles/project-v2.js date Thu, 15 Aug 2024 15:13:21 GMT via 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-version-id __TkXxzKt.v8sm6CVT1EUR2QdTtEmM_4 cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 87a221dc-a256-43e1-aa33-61c90381b20f x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 87a221dc-a256-43e1-aa33-61c90381b20f last-modified Wed, 07 Aug 2024 13:25:19 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NdrzHVz2U5qwLxw9F1QOyZ96L%2Fz4rBdWkTsmNTf%2Fee09MS1q6wzbrbsTwvw9VueNaeOJNtvWrOy5E1Y9XlzRnArlOFEXtVN%2B7dQh9aEQDAyG8iuuZVP3UYviZP3mADD52fgEOgMlKjs1339e"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-5f4dcb8bc8-fj2sp cf-ray 8b3a20cf8dd737f1-FRA x-amz-cf-id _vrbhsFLSga4hwKpeqpCvc-Gz-upeZhwqa257wwfJbKx435p_Qfu9Q==
GET H2	200	Logo.png.webp cymulate.com/uploaded-files/2024/07/	2 KB 2 KB	34ms 32ms	Image image/webp	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cymulate.com/uploaded-files/2024/07/Logo.png.webp Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22f7af7c1f0fda7b15222161020de20537ce540f08ba19284bb2e27def8e2f86 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Sun, 14 Jul 2024 06:45:36 GMT server cloudflare age 10733 etag "66937410-6fa" vary Accept-Encoding content-type image/webp cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20d0188a71b8-FRA content-length 1786 expires Tue, 12 Nov 2024 12:21:12 GMT
GET H2	200	email-decode.min.js Show response cymulate.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/	1 KB 801 B	10ms 10ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Fri, 09 Aug 2024 15:30:02 GMT server cloudflare content-encoding gzip etag W/"66b635fa-4d7" vary Accept-Encoding x-frame-options DENY content-type application/javascript cache-control max-age=172800, public cf-ray 8b3a20cf7ff871b8-FRA expires Sat, 17 Aug 2024 15:13:21 GMT
GET H2	200	jquery.visible.min.js Show response cymulate.com/wp-content/themes/cymulate-2022/assets/	885 B 640 B	31ms 29ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/assets/jquery.visible.min.js?ver=21.7.27.04 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7a303026a1e158c61d96ba96010352c24957181ee22828ce2b54cdd60c813529 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:34:12 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains age 95547 etag W/"66b64504-375" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0188c71b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	jquery.fancybox.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/	88 KB 88 KB	38ms 36ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/jquery.fancybox.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bc61255a9862df6aabf82c0fdc17ad5eed0e763ed6b92b95cfb1e8d679ea4e8c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 cf-polished origSize=89762 etag W/"66ba2076-15ea2" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0188d71b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	slick.min.js Show response cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/	42 KB 11 KB	39ms 37ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/slick.min.js?ver=21.7.27.04 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ceffda0001c0a6edf0cae48244e72c46d66bb5a75618d4ed5c03d0d24cd106eb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:40:52 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains age 10733 etag W/"66b64694-a779" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0188f71b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	longbow.slidercaptcha.min.js Show response cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/	7 KB 3 KB	35ms 33ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/longbow.slidercaptcha.min.js?ver=21.7.27.04 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e051bcd1aa1760cd154bda6aeb6dc3b4c34633cfdbfa5418ae2243cdecb87599 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br cf-cache-status HIT last-modified Fri, 09 Aug 2024 16:38:12 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains age 10733 etag W/"66b645f4-1ae9" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189171b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	jquery.validate.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/	31 KB 31 KB	30ms 28ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/jquery.validate.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 94561d4d205db4224fdb2c247542009d40537aaf869dc8fda63912916f4e6543 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 cf-polished origSize=31688 etag W/"66ba2076-7bc8" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189271b8-FRA expires Wed, 21 Aug 2024 12:21:15 GMT
GET H2	200	starter-scripts.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/	832 B 918 B	35ms 33ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/starter-scripts.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7ceb950911d2b12a1cd67b2221b6dd703bb9743e8d960f7eb751c763bb1103a4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 etag W/"66ba2076-340" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189371b8-FRA expires Wed, 21 Aug 2024 12:21:15 GMT
GET H2	200	general-scripts.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/	24 KB 25 KB	45ms 44ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/general-scripts.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 984b17f585481fdbb2424e13bbb78e346023740f08f06958a428fbba1dbc0ac5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 10733 cf-polished origSize=25021 etag W/"66ba2076-61bd" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189471b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	scripts.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/	648 B 746 B	36ms 34ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/scripts.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 060d75de17d3e951c3ddbbd52f016c035789b8151676b1e2b3963f9c85623397 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 etag W/"66ba2076-288" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189771b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	main-scripts.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/	20 KB 21 KB	42ms 41ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/main-scripts.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 41b4a5838294c17b4b8e8c380c13f4aa105e8ee20bfb78527afc8fda14216c49 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 10733 etag W/"66ba2076-51c9" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189971b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	cookie-scripts.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/	2 KB 2 KB	44ms 43ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/cookie-scripts.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2dea6803bb490d3ced7f64b025151e27e9cb6fb79e72b6b7df5fe2ce93477dae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 10733 etag W/"66ba2076-74e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189c71b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	ajax.js Show response cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/	1 KB 2 KB	48ms 47ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/ajax.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 10dd819ad5850f580e622143a919a6f338b73f815e912a2062692c25f7c1f10b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 etag W/"66ba2076-5bd" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d0189e71b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	widget.js Show response cymulate.com/wp-content/cache/min/1/reviews/public/Widget/js/	9 KB 9 KB	46ms 45ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/reviews/public/Widget/js/widget.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a5d56faa79ac6b2f06f6f63e4c93f3537aec12d5b23e9afa18ca8c7716641132 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 etag W/"66ba2076-2447" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d018a071b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	front.js Show response cymulate.com/wp-content/cache/min/1/wp-content/plugins/code-block-pro/build/front/	6 KB 6 KB	43ms 42ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/wp-content/plugins/code-block-pro/build/front/front.js?ver=1723704115 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a82bb710867f55be7db0b626115e5b2077e637aa61d636057fedfeb52def9056 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Thu, 15 Aug 2024 06:41:55 GMT server cloudflare age 10733 etag W/"66bda333-180f" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d018a271b8-FRA expires Thu, 22 Aug 2024 06:43:37 GMT
GET H2	200	lazyload.min.js Show response cymulate.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/	9 KB 3 KB	38ms 37ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding br cf-cache-status HIT last-modified Sun, 14 Jul 2024 06:41:29 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains age 10733 etag W/"66937319-22bc" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d018a371b8-FRA expires Wed, 21 Aug 2024 12:21:14 GMT
GET H2	200	4347852.js Show response cymulate.com/wp-content/cache/min/1/	2 KB 2 KB	41ms 40ms	Script application/javascript	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cd1fd2875192579d70e969183c30fa0c470be73a0fbf01f356599c097878b27d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT cf-bgj minify last-modified Mon, 12 Aug 2024 14:47:18 GMT server cloudflare age 95547 etag W/"66ba2076-956" vary Accept-Encoding, Accept-Encoding, Accept-Encoding content-type application/javascript cache-control public, max-age=604800, no-transform cf-ray 8b3a20d018a671b8-FRA expires Wed, 21 Aug 2024 12:21:12 GMT
GET H2	200	a25e10f7-7a3d-4179-8c72-630ea8882180.json Show response cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/	5 KB 2 KB	77ms 60ms	XHR application/x-javascript	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/a25e10f7-7a3d-4179-8c72-630ea8882180.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 892bd60ea96f88ef10e5fc372d6d34fe4f9de4460660e0596b8358e91875873f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:21 GMT content-encoding gzip cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 19038 content-md5 tMXB6RKYXEe5YWrLu9nTNA== content-length 1793 x-ms-lease-status unlocked last-modified Mon, 12 Aug 2024 09:30:16 GMT server cloudflare etag 0x8DCBAB16046A285 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 884737f8-201e-0069-1e9a-ec12f0000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20cf995fbbb3-FRA
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 908f709b6824f7973fefc1778ab7ee4d664cbbb9c124ab75785ea03019c4c7b4 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e461fa71ab99d660c0f0310212a00c827711c2f031ab5b44d37932c8d4b63d64 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f6b9ece1299ec1617b7cdb30ce252ec01cbbe54c4e6867ce7ad8678afad6c0ae Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash af0aaeda573b7b3566b9ec8ecace3246309814d39fea16d7667f5c4ee96bcc8e Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8d4e233e8560d0403b932a14bbd2f0fcf7b1ab1c2be71842e14341cd92921c9e Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	location Show response geolocation.onetrust.com/cookieconsentpub/v1/geo/	66 B 303 B	70ms 42ms	XHR application/json	2606:4700::6812:1d7f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept application/json Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS content-type application/json access-control-allow-origin * cf-ray 8b3a20d04ea11941-FRA access-control-allow-headers Content-Type
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e9250c36f23dfaecaf750e3bc3c57c589032f5a32d5d7429b43429a2e3f53549 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e4a868e1d129025f9907e1738c10688b5aa86c7911b34ecfab4f21e70f1e1b3d Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a9fded7e9c8304198cc3799357a93505196f2427686312588df98626f21a201c Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e4032f7f315f7c69204e0f8c20889cb0e035d9e6d3d45af72e2f2e01091b3e36 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c16903de05444718bddc810c3db525b6292baf5fd3788bf0ef4f5384d52934a7 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	66 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ac2e76a6c07b4ed8bef78f303d08167cec1561a99e1c8f5f1c247294ba9b5ad Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	66 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 639cd9a9b675392f0a38786644000084d9bdb5a8c8e374321351da4e58945b8c Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	66 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 38483bf56e4a876f08814cd0643d4c7a2f5b9fb9bcd1e0152b764644ab22fa69 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	4347852.js Show response js.hs-analytics.net/analytics/1723473900000/	69 KB 25 KB	52ms 30ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1723473900000/4347852.js Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e9bb517bf2cef096550eda67cb2a9d5aed019108b177f84c4b010670b06106c6 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT x-amz-version-id null content-encoding gzip cf-cache-status HIT x-amz-request-id 72BMWRER8EP54BT5 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 4773a539-86d0-463e-ac4a-36a15dc40ff4 age 44 x-envoy-upstream-service-time 67 x-amz-id-2 cXrrK3zc0gAUawwW7N54ulmOlhuiBATeGSH9OhkOqEN4EhCfLw/JtKeXtv/gITJgRbl3aqTnsSI= x-evy-trace-listener listener_https x-request-id 4773a539-86d0-463e-ac4a-36a15dc40ff4 x-evy-trace-route-configuration listener_https/all last-modified Wed, 14 Aug 2024 17:29:23 GMT server cloudflare etag W/"1c78ed946f27f79de39285ed2d35a026" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-k5ntq cache-control max-age=300,public access-control-allow-credentials false cf-ray 8b3a20d08f4d4d28-FRA expires Thu, 15 Aug 2024 15:17:38 GMT
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	83 KB 24 KB	156ms 134ms	Script application/javascript	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a58fb4ba57e791839c580c3ab186ee45d39e5558c62fa910a531e2225be9331 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-encoding gzip x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1347/bundles/project.js&cfRay=8b3a20d08ff39a15-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"d5eb842cb627d3498b8eea8cb51bd4ba" vary accept-encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.1347/bundles/project.js date Thu, 15 Aug 2024 15:13:22 GMT via 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-version-id qlSsOogDzDfjHYWqoRnPM3MeITU5eHaq cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id e3719e6c-09a1-4ad8-92a8-493df63316b4 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 x-evy-trace-route-configuration listener_https/all x-request-id e3719e6c-09a1-4ad8-92a8-493df63316b4 last-modified Tue, 13 Aug 2024 14:43:57 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99v6d9jkcx7JKBcexaPdMAD2WOG9s%2BjnEQ42uAQqtBn7i6RxkrfXwkZpFky8u%2Ffa7sIEDiFtej1DzihZuDia62Y84Z%2BH%2FLDvgletScQlR6veYZ61sX8tJdLZSPglFoWKJ6mqxPQwYBuwluXP"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-5f4dcb8bc8-bhgvl cf-ray 8b3a20d08ff39a15-FRA x-amz-cf-id ir4-YHfsxeN-3dOLyC-2X9aFdrgtswHDIkZs-hdZsw8CMdbYwzxQJw==
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	42ms 21ms	Script application/javascript	2606:4700::6811:80ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8e1b1a37caa8b7627123aeb0e23ad3a2ac14d4ad48be7aabb2ca7ca9da218ef5 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip via 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront) x-amz-version-id UIOsIr3qFS9r3wFn4ECf3yNr1.R8N2aA cf-cache-status HIT x-content-type-options nosniff x-amz-cf-pop IAD12-P3 age 501 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.572/bundles/pixels-release.js&cfRay=8b3a1495588e5d9c-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 2dca57d9-154e-40bd-9b2a-c3870e8d8121 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 7 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 2dca57d9-154e-40bd-9b2a-c3870e8d8121 last-modified Tue, 06 Aug 2024 19:11:03 UTC server cloudflare etag W/"45a803cc17701ff8c7710294960c14c7" vary accept-encoding content-type application/javascript; charset=utf-8 x-hs-cache-status MISS x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-5f4dcb8bc8-tmvlw cf-ray 8b3a20d08c0b1c30-FRA x-amz-cf-id XaDx42smCAbxpBEc781_UWIK6hL_0hGlUCFBdFo3cNUvjFqadiKULA== x-hs-target-asset adsscriptloaderstatic/static-1.572/bundles/pixels-release.js
GET H2	200	4347852.js Show response js.hs-banner.com/	65 KB 19 KB	49ms 28ms	Script text/javascript	2606:4700::6812:17b7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/4347852.js Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:17b7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f790dbbcf9f8ae42200fc5ebcbe945aae0a49709ab702f01b80439cb577d7860 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT x-amz-version-id ojgBMBedjmcJmNCAyoRr1hPmxr5rDq1r content-encoding gzip cf-cache-status HIT x-amz-request-id CPJNVQNN3AJQW4Z8 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id f973b703-0681-47d3-9156-c3d84ce71ba3 age 44 x-envoy-upstream-service-time 16 x-amz-id-2 Y4TECeXz/rNPt2XuSOkwP4K3Y1hELglAI0bpD8ihvd1zLO1ZTYmQrsae1bxYppdsfpHC81bMit0= x-evy-trace-listener listener_https x-request-id f973b703-0681-47d3-9156-c3d84ce71ba3 x-evy-trace-route-configuration listener_https/all last-modified Fri, 17 May 2024 10:12:55 GMT server cloudflare etag W/"810e9cc7361c9d897628e9a486cbb8c9" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://cymulate.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-qr8zh vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 8b3a20d08b0818cb-FRA expires Thu, 15 Aug 2024 15:17:38 GMT
GET H2	200	leadflows.js Show response js.hsleadflows.net/	551 KB 92 KB	52ms 34ms	Script application/javascript	2606:4700::6812:8b11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: cymulate.com URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8b11 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-encoding gzip age 20079 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js&cfRay=8b1f2a37e8da4d94-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"b6c788efa3b3fd53687b2c92c85a5a5f" vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=86400, max-age=0 x-hs-target-asset lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js date Thu, 15 Aug 2024 15:13:22 GMT x-amz-version-id TIDmoMti0Vib7LJNFwT63dnpWuuDUZfu x-content-type-options nosniff cf-cache-status HIT via 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id dbe73416-6ea7-412b-b48b-b08fd88423c5 x-cache Hit from cloudfront cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-request-id dbe73416-6ea7-412b-b48b-b08fd88423c5 last-modified Tue, 23 Jul 2024 12:57:23 UTC server cloudflare access-control-max-age 3000 x-hs-cache-status MISS x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-5f4dcb8bc8-fj2sp cf-ray 8b3a20d079ee65c9-FRA x-amz-cf-id _NCqhmI2H_nl2ZbJTVjrsxAeEeKo1W4CFpOZFBGUH6PdtPOOPFSb2w==
GET H2	200	otBannerSdk.js Show response cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/	452 KB 110 KB	29ms 28ms	Script application/javascript	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bb60550070f9a5ce5d91b9cb0d34ee6777a3dcb25de950cb185d1c2b624b2590 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip cf-cache-status HIT content-md5 btqcTGGxKzfJ1KoWzOA9vQ== age 31457 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 112185 x-ms-lease-status unlocked last-modified Thu, 01 Aug 2024 01:18:16 GMT server cloudflare etag 0x8DCB1C7D285B359 vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 1f6da534-401e-0040-64c6-e32c84000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20d09b8e3626-FRA expires Fri, 16 Aug 2024 15:13:22 GMT
GET H2	200	Code-Pro-JetBrains-Mono.woff2 cymulate.com/wp-content/plugins/code-block-pro//build/fonts/	68 KB 68 KB	26ms 26ms	Font font/woff2	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/wp-content/plugins/code-block-pro//build/fonts/Code-Pro-JetBrains-Mono.woff2 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bceff0710e3a7fe5b3622265c48b6fbc055cf071df80ef5f36ffc69550296664 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ Origin https://cymulate.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Thu, 01 Aug 2024 10:36:02 GMT server cloudflare age 5632 etag "66ab6512-10f40" vary Accept-Encoding content-type font/woff2 cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20d0d96871b8-FRA content-length 69440 expires Wed, 13 Nov 2024 06:40:58 GMT
GET H2	200	Figure_1_PTA_authentication_process.jpg cymulate.com/uploaded-files/2024/08/	79 KB 79 KB	23ms 23ms	Image image/jpeg	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cymulate.com/uploaded-files/2024/08/Figure_1_PTA_authentication_process.jpg Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86236fd9addfae28b79d07cd2abfbb3410e1708a29c71717068cf8ecd230f6d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT age 10814 cf-polished origSize=80558 content-length 80525 cf-bgj imgq:100,h2pri last-modified Tue, 13 Aug 2024 08:37:32 GMT server cloudflare etag "66bb1b4c-13aae" vary Accept-Encoding content-type image/jpeg cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20d0e98771b8-FRA expires Wed, 13 Nov 2024 06:40:50 GMT
GET H2	200	blog-single-bg-desktop.png cymulate.com/wp-content/themes/cymulate-2022/build/images/	6 KB 6 KB	28ms 28ms	Image image/webp	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cymulate.com/wp-content/themes/cymulate-2022/build/images/blog-single-bg-desktop.png Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c041cf82f0fc11784e05ff44e069061dc0eeb2d53bb286fbe9f900975fe95a6e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT age 8503 cf-polished origFmt=png, origSize=19098 content-disposition inline; filename="blog-single-bg-desktop.webp" content-length 6094 cf-bgj imgq:100,h2pri last-modified Fri, 09 Aug 2024 16:36:57 GMT server cloudflare etag "66b645a9-4a9a" vary Accept content-type image/webp cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20d0e98c71b8-FRA expires Tue, 12 Nov 2024 12:33:30 GMT
GET H2	200	Figure_1_PTA_authentication_process-1024x480.jpg.webp cymulate.com/uploaded-files/2024/08/	38 KB 39 KB	27ms 27ms	Image image/webp	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cymulate.com/uploaded-files/2024/08/Figure_1_PTA_authentication_process-1024x480.jpg.webp Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b64bd8647b659618f2c3588c8ebcc585df43797bc6e0dbc3070b2e682809f62b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT last-modified Tue, 13 Aug 2024 08:37:42 GMT server cloudflare age 8500 etag "66bb1b56-9988" vary Accept-Encoding content-type image/webp cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20d0e98971b8-FRA content-length 39304 expires Wed, 13 Nov 2024 09:33:42 GMT
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	188 B 1 KB	154ms 134ms	XHR application/json	2606:4700::6812:f46c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=4347852 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:f46c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 19d2fd49a43025a4ba1f072aeb94e9f9f5ae3e2954fb4a64972d6f4527b3003a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 451901d4-72f7-4661-8ad1-f7017234099b content-encoding br x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 451901d4-72f7-4661-8ad1-f7017234099b server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://cymulate.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-78c8468c8b-kbddh access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4hG6gN8BY7sIJzjMoUhNTm%2FywfRWZazjQSVJLEbu9Hc0NPBk%2BbUFl2gCpv%2BDxxGU7HwMVQs9TfXin8w0SP1PpGvaPrI3ZdPXuwxWVl9VW1orJ20%2FkA6atkIzx0b%2FZzojpgx4Ys%2BbaEfom6%2FV"}],"group":"cf-nel","max_age":604800} cf-ray 8b3a20d11b3e9152-FRA access-control-allow-headers *
GET H2	200	js Show response www.googletagmanager.com/gtag/	319 KB 106 KB	35ms 35ms	Script application/javascript	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 9d6233deb90857bf8dd9cb36caa92c44f0f7084ab00782746e7913b382fa21b1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 108037 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Aug 2024 15:13:22 GMT
GET H2	200	destination Show response www.googletagmanager.com/gtag/	274 KB 94 KB	24ms 23ms	Script application/javascript	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-859674832&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 340c38400e5868a170944b5cf8a7a7e169c439c9fcf2f73a2468750c6a26e1d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 96143 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Aug 2024 15:13:22 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	65ms 16ms	Script application/javascript	2a02:26f0:3500:10::210:a99 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 24 Jul 2024 05:33:09 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=33350 accept-ranges bytes content-length 14597
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	46ms 9ms	Script application/javascript	151.101.8.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.8.157 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip last-modified Fri, 22 Mar 2024 21:07:24 GMT x-amz-server-side-encryption AES256 etag "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15412 x-served-by cache-iad-kiad7000168-IAD, cache-fra-eddf8230050-FRA
GET H3	200	qevents.js Show response a.quora.com/	41 KB 15 KB	64ms 31ms	Script text/plain	162.159.153.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a.quora.com/qevents.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H3 Security QUIC, , AES_128_GCM Server 162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT x-amz-version-id jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO content-encoding br cf-cache-status HIT x-amz-request-id M04HPBTPY5GDBBF5 age 12087577 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ= last-modified Thu, 28 Mar 2024 17:33:19 GMT server cloudflare x-amz-meta-s3cmd-attrs md5:87b5ecaafd0e88097cbbb1bbb7695fe9 etag W/"87b5ecaafd0e88097cbbb1bbb7695fe9" vary Accept-Encoding content-type text/plain cache-control public, max-age=14400 cf-ray 8b3a20d14b6f9bf5-FRA expires Thu, 15 Aug 2024 19:13:22 GMT
GET H/1.1	200 OK	obtp.js Show response amplify.outbrain.com/cp/	28 KB 9 KB	91ms 36ms	Script application/x-javascript	23.35.237.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/cp/obtp.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-237-86.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Thu, 15 Aug 2024 15:13:22 GMT Content-Encoding gzip Last-Modified Mon, 22 Jul 2024 07:46:01 GMT Server AkamaiNetStorage ETag "484f007d650a3fc9fe7590700b8bf590:1721634587.188058" Vary Accept-Encoding Content-Type application/x-javascript X-RG EU Cache-Control max-age=1200 X-CC DE Connection keep-alive Accept-Ranges bytes Content-Length 8617 Expires Thu, 15 Aug 2024 15:33:22 GMT
GET H2	200	oktrk.js Show response static.oktopost.com/	9 KB 4 KB	77ms 15ms	Script application/javascript	52.85.65.125 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.oktopost.com/oktrk.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.85.65.125 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-85-65-125.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash 09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 06:39:57 GMT content-encoding gzip via 1.1 6b15d1c60d9f387a4132de8eb9595b1e.cloudfront.net (CloudFront) last-modified Mon, 27 Jan 2020 09:47:41 GMT server AmazonS3 x-amz-cf-pop MUC50-P6 age 30806 etag W/"57315c24d6fec75c4d46a8cc3fa6e0d5" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id 8NSxflsh_FcDWKopO8WHLYi9pWvXEKDYMY6JwDL3d1Ry8YfPg8xcvQ==
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	225 KB 60 KB	23ms 8ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 63 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58865 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1328, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1 pragma public x-fb-debug ORL5h6StXp7lCiAX7lINYlT3qil59F678Lii0JXEL5yiupXtZLKgZzCio9yS4YisFrv70xC6UXuxalMBZ7ksZQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	274 KB 94 KB	30ms 28ms	Script application/javascript	2a00:1450:4001:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-859674832 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash c75f371cc2e9a10b24fe0f56d192a9bb84e36354506f478a26d92d730b3dda66 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 96028 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Aug 2024 15:13:22 GMT
GET H2	200	/ Show response a.clickcertain.com/px/ Redirect Chain https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad https://a.clickcertain.com/px/smart/a/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75	5 KB 2 KB	48ms 48ms	Script text/javascript	2606:4700:20::681a:932 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Server 2606:4700:20::681a:932 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 64092de47640d7ebb501b0dceb1aaa02fedca06e65c668882e86a081eb86eeb9 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding br x-frontend cc-nginx-8674cc857-h4wwj:cc-nginx-8674cc857-h4wwj cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-requestid 0a95fc41-11ef-4641-8016-a446c0bb4f20 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uCxifp5vYYMdVznaeI1GeaxLS8Urmm8sByL74VKTNszt2XnO2%2F1h%2F4NMkIJVR5YIASSBOd5nFe2KDqwQVgL2acrvVumj1rvpThTU4aZM6isbKe%2BV%2BGXVIAxhxkd55Tx0qGpFxbKfY3Slfo5ShEz%2FyQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cf-ray 8b3a20d2de27a034-FRA Redirect headers date Thu, 15 Aug 2024 15:13:22 GMT x-frontend cc-nginx-8674cc857-fcgv5:cc-nginx-8674cc857-fcgv5 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-requestid 764a558d-63bb-473c-a743-13cea6fb6e75 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76%2BVJvl4F8xRWRn115LFf4lB0muiyKzzqwwCHBaxoiRmTLsk4awFm8UFspFfcDrjBYtscdJmC6swnHMjGqaY2c3wU%2BhuH48r28bjUzP0ePVjwtYGExi7kcaI8w2AYzlUSWJa5U69e0fp1ytoUndQTw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript location https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75 cf-ray 8b3a20d23d3ba034-FRA
GET H2	200	lp.js Show response metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/	6 KB 2 KB	55ms 22ms	Script application/x-javascript	2606:4700::6812:cc0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:cc0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=15552000; includeSubDomains; preload content-encoding gzip cf-cache-status HIT x-amz-request-id tx0000017fcbf6bc503f379-0065ef2edd-54a620eb-sfo2a age 84453 x-envoy-upstream-healthchecked-cluster last-modified Thu, 22 Sep 2022 17:10:43 GMT server cloudflare etag W/"9a8767fa98da937fb02cdbbc52a101bb" vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding content-type application/x-javascript x-do-cdn-uuid 80b6018b-293e-4962-9bc8-48075e637d03 x-rgw-object-type Normal cache-control max-age=604800 cf-ray 8b3a20d14cd5048f-FRA
GET H/1.1	200 OK	pixel q.quora.com/_/ad/87ac9c2e891247c0aa664111139e6d1f/	43 B 422 B	405ms 100ms	Image image/gif	52.72.154.65 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://q.quora.com/_/ad/87ac9c2e891247c0aa664111139e6d1f/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.72.154.65 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-72-154-65.compute-1.amazonaws.com Software nginx / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Thu, 15 Aug 2024 15:13:22 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload Server nginx Connection keep-alive Content-Length 43 X-Q-Stat ,39cde6d10cdb625868d16f30dc5b147f,10.0.0.149,3208,45.141.152.72,,401776295845,1,1723734802.444,0.002,,.,0,0,0.000,0.004,-,0,0,203,277,138,10,26847,,,,,,-, Content-Type image/gif
GET H2	200	en.json Show response cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/01912cd2-c94b-701b-a076-85ba62638933/	91 KB 19 KB	40ms 40ms	Fetch application/x-javascript	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/01912cd2-c94b-701b-a076-85ba62638933/en.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7cfc1c4a8a1538804c897ce2127c9f876929b9521bd1b01b9616d100c166ab76 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 60710 content-md5 EzeJ+xrDYld8Fspa+5oO1w== content-length 18817 x-ms-lease-status unlocked last-modified Mon, 12 Aug 2024 09:30:21 GMT server cloudflare etag 0x8DCBAB1634B7592 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id d7e92660-801e-0002-0b9a-ec9504000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20d12bf1bbb3-FRA
GET H2	200	adsct t.co/i/	43 B 377 B	258ms 210ms	Image image/gif	93.184.221.165 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=8b25a7d6-8cc7-45c9-abe4-a47f3881998c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=79cfa7cf-7e7b-4b97-94d0-9cd68b760e7e&tw_document_href=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0yw3&type=javascript&version=2.3.30 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-response-time 175 date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 049455ceab2ddadd cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash 52b95ce36bcb24ca728fb674adcd2ebe75c277ca847207a8d7ea1fb4a473c678 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 396 B	247ms 198ms	Image image/gif	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=8b25a7d6-8cc7-45c9-abe4-a47f3881998c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=79cfa7cf-7e7b-4b97-94d0-9cd68b760e7e&tw_document_href=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0yw3&type=javascript&version=2.3.30 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-response-time 176 date Thu, 15 Aug 2024 15:13:21 GMT strict-transport-security max-age=631138519 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 7b99b809197b9b2a cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash 19a7f49f29f6d8728f6286b92f92702e5b9d5a47026d298793713840efb6edbd content-length 43
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	95 B 1 KB	130ms 129ms	Fetch application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=4347852&currentUrl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c9185884-1c8e-414d-9d70-59b5e4cedcdf content-encoding br x-envoy-upstream-service-time 8 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c9185884-1c8e-414d-9d70-59b5e4cedcdf server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://cymulate.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0CLqfQHzLOh8MK2ajXeTq3JcZFFwh41HShADQOJGE6iN7IxDXw8zQgiep3ZpLVZyUsOwwf8hlFAYr9OHJy2VgeeQPJ8I9XXifdvftre3ohpb%2B3lHUV%2FbWX2X5fs3ZbMc5CS6a3o0iflafg18NNxPwh4DK%2B5KKomhyQ%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 8b3a20d179b29a15-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-hp85f
GET H2	200	201397790656822 Show response connect.facebook.net/signals/config/	70 KB 14 KB	96ms 96ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/201397790656822?v=2.9.164&r=stable&domain=cymulate.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 76861f6d470210a2659de13bd9b3e39de48147be40e582c66087d7fca460e7b9 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 47 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=10, rtx=0, c=64, mss=1328, tbw=64390, tp=-1, tpl=-1, uplat=88, ullat=0 pragma public x-fb-debug Gqh0+y40fsd8it2++zrie6AUym1+YyUfY+SxlKo5v5BC32Ccz8+agbGKaZaN5is6PUcT855pUv6qcy+vCp6GdQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	otCenterRounded.json Show response cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/	9 KB 3 KB	36ms 35ms	Fetch application/json	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCenterRounded.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 64aff3262c56fa48ad38b8d9d4d674a6ee3759d1ce4cb52c66865e3fc2c16d2f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip cf-cache-status HIT content-md5 8iY1areeqAcFu6fI0Es3zg== age 60710 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 2597 x-ms-lease-status unlocked last-modified Thu, 01 Aug 2024 01:18:07 GMT server cloudflare etag 0x8DCB1C7CCD4EEB2 vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 92638a1d-b01e-0009-337a-e96e6f000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20d1ac9ebbb3-FRA expires Fri, 16 Aug 2024 15:13:22 GMT
GET H2	200	otCookieSettingsButton.json Show response cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/	5 KB 2 KB	27ms 26ms	Fetch application/json	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCookieSettingsButton.json Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:22 GMT content-encoding gzip cf-cache-status HIT content-md5 O3m9h96R8jrQiO6UBOWOVA== age 5377 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 1738 x-ms-lease-status unlocked last-modified Thu, 01 Aug 2024 01:18:08 GMT server cloudflare etag 0x8DCB1C7CD85EB83 vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 4375bae1-301e-0028-667a-e94a14000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b3a20d1aca1bbb3-FRA expires Fri, 16 Aug 2024 15:13:22 GMT
GET H2	200	otCommonStyles.css Show response cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/	24 KB 4 KB	29ms 29ms	Fetch text/css	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCommonStyles.css Requested by Host: cookie-cdn.cookiepro.com URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 HyPJ72TNHxdfOI82cqKVqA== age 5377 x-ms-lease-status unlocked last-modified Thu, 01 Aug 2024 01:18:26 GMT server cloudflare vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 206a64ed-a01e-002a-487a-e9f4ac000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 8b3a20d1aca2bbb3-FRA expires Fri, 16 Aug 2024 15:13:22 GMT
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 813 B	262ms 240ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers Accept * Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:21 GMT content-encoding gzip x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: F4DA54003EC2437CAFE4FBFBA1BC8AD0 Ref B: FRAEDGE1318 Ref C: 2024-08-15T15:13:22Z access-control-allow-methods GET, OPTIONS x-li-fabric prod-lva1 access-control-allow-origin * x-cache CONFIG_NOCACHE content-type application/json x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYfukiTV936YbKF0gbskQ== x-fs-uuid 00061fba489357ddfa61b285d206ec91
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFW...	0 264 B	463ms 189ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFWmb-HeTX8dUhVfdj3u0IT-vJ36f6XZrjLJfMkRvFWcgyramKjCAO6zwAIjrSMApBsRdmPlwnnQQ Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 96968A3BF8D247D89F60E78CC4BA001B Ref B: FRAEDGE1705 Ref C: 2024-08-15T15:13:22Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYfukibBIV8r87buUGxxA== Redirect headers date Thu, 15 Aug 2024 15:13:21 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 1D76B5990649428AA07FF535826D4BF6 Ref B: FRAEDGE1116 Ref C: 2024-08-15T15:13:22Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFWmb-HeTX8dUhVfdj3u0IT-vJ36f6XZrjLJfMkRvFWcgyramKjCAO6zwAIjrSMApBsRdmPlwnnQQ x-li-proto http/2 content-length 0 x-li-uuid AAYfukiT7JJ7ohVY93WX0w==
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 697 B	124ms 105ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept * Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Thu, 15 Aug 2024 15:13:21 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 1703CA0BC29848E78DE7078BC7930384 Ref B: FRAEDGE1116 Ref C: 2024-08-15T15:13:22Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 access-control-allow-origin https://cymulate.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYfukiTVkikKASTsjUY1Q==
GET H2	200	ping Show response okt.to/	0 100 B	314ms 109ms	Script text/javascript	52.20.195.32 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://okt.to/ping?uri=%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&aid=001t441s05ft70x&ts=1723734802238 Requested by Host: static.oktopost.com URL: https://static.oktopost.com/oktrk.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.20.195.32 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-20-195-32.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; content-type text/javascript;charset=UTF-8
GET H/1.1	200 OK	unifiedPixel Show response tr.outbrain.com/	53 B 321 B	266ms 88ms	Fetch image/gif	70.42.32.63 AS-OUTBRAIN
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/unifiedPixel?au=true&bust=09925835668567107&referrer=&cht=ot&marketerId=00cac2de15d94f548d01b277003947c226&name=PAGE_VIEW&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&g=1&obApiVersion=1.0-gtm&obtpVersion=2.0.5 Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US), Reverse DNS ny.outbrain.com Software / Resource Hash b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT cache-control no-cache content-encoding br strict-transport-security max-age=31536000; includeSubDomains; preload x-traceid 51823eaaaec6df3962a6d53145476b76 content-length 54 content-type image/gif;
GET H/1.1	200 OK	cachedClickId Show response tr.outbrain.com/	35 B 293 B	268ms 90ms	Script application/javascript	70.42.32.63 AS-OUTBRAIN
General Check archive.org Show headers Download Go to Full URL https://tr.outbrain.com/cachedClickId?marketerId=00cac2de15d94f548d01b277003947c226 Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US), Reverse DNS ny.outbrain.com Software / Resource Hash 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains; preload x-traceid dd0fc136f9a476fb5fbd84d8e44c49a0 content-length 39 content-type application/javascript
GET H/1.1	200 OK	00cac2de15d94f548d01b277003947c226 Show response wave.outbrain.com/mtWavesBundler/handler/	2 B 448 B	45ms 16ms	Script text/html	23.35.237.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://wave.outbrain.com/mtWavesBundler/handler/00cac2de15d94f548d01b277003947c226 Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-237-86.deploy.static.akamaitechnologies.com Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload Date Thu, 15 Aug 2024 15:13:22 GMT ob-sent-time 1723699800611 ETag W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8" Content-Type text/html; charset=utf-8 Access-Control-Allow-Origin * X-RG EU Cache-Control max-age=60 X-CC DE Connection keep-alive x-traceid 8eac4bccf1ca4c87438c6782fa8291ac Content-Length 2 Expires Thu, 15 Aug 2024 15:14:22 GMT
GET H/1.1	200 OK	topics Show response amplify.outbrain.com/	26 B 301 B	41ms 14ms	Fetch text/html	23.35.237.86 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://amplify.outbrain.com/topics Requested by Host: amplify.outbrain.com URL: https://amplify.outbrain.com/cp/obtp.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-35-237-86.deploy.static.akamaitechnologies.com Software / Resource Hash 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Thu, 15 Aug 2024 15:13:22 GMT Observe-Browsing-Topics ?1 Content-Type text/html Access-Control-Allow-Origin * X-RG EU Cache-Control max-age=1200 X-CC DE Connection keep-alive Content-Length 26 Expires Thu, 15 Aug 2024 15:33:22 GMT
GET H2	200	ot_close.svg cookie-cdn.cookiepro.com/logos/static/	651 B 580 B	25ms 25ms	Image image/svg+xml	2606:4700::6812:e3e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status HIT content-md5 pcXWFGpuVeSg/jVnYCseRg== age 85060 x-ms-lease-status unlocked last-modified Thu, 01 Aug 2024 01:18:25 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 2a99f935-f01e-0018-245d-e4f4db000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 cf-ray 8b3a20d21deb3626-FRA expires Fri, 16 Aug 2024 15:13:22 GMT
GET H3	200	818712168779601 Show response connect.facebook.net/signals/config/	27 KB 4 KB	74ms 73ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/818712168779601?v=2.9.164&r=stable&domain=cymulate.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C130%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C123%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b2ffa6b06bc8eddcfd878a9e6393e761091c6ba3552d16a199c60d189691ce30 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 36 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4658, tp=12, tpl=0, uplat=65, ullat=0 pragma public x-fb-debug t3PWcnikudvBSuXmecDaler/B5sPkh8cMKEZmJAJ454o47Q+3UPIUi+ZeGBp6jPV4tGtkD10Y4/yBbuDb5wwtg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 273 B	23ms 8ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=201397790656822&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802286&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=2790, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 3 KB	157ms 142ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=201397790656822&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802286&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 54 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384603069630108", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=3323, tp=-1, tpl=-1, uplat=134, ullat=0 pragma no-cache x-fb-debug /u3bgQdLUU6FwARegdNJZ7U2DbycBC4D5TwmUAkZQjNkgzJhwht31dJ4OXBlJOsYdmxc4xOiUo/IwcceHDvN4A== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384603069630108"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 927 B	197ms 184ms	Image image/gif	2606:4700::6812:50cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8c249a5c-1430-4b7e-ac17-d1d28e435e15 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8c249a5c-1430-4b7e-ac17-d1d28e435e15 last-modified Thu, 15 Aug 2024 15:13:22 GMT server cloudflare vary origin, Accept-Encoding content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-6srhk access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false accept-ranges bytes x-robots-tag none cf-ray 8b3a20d26d3e90e0-FRA
GET H3	200	1273790856111869 Show response connect.facebook.net/signals/config/	22 KB 3 KB	76ms 76ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1273790856111869?v=2.9.164&r=stable&domain=cymulate.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C130%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C123%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144%2C124 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 96a8fbd1711dfe1c6bfae78d6b293be5cade37ee755920998a17313d9c8de184 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 40 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=28, mss=1232, tbw=10704, tp=19, tpl=0, uplat=68, ullat=0 pragma public x-fb-debug NhzKprbPX6fagRFvW60BFfierV9GTk+q8ls/+3R7ZYoPf8yB+6NusxTWac5b6VLZ1duvqNeHugZpU9iwUe3yUg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 102 B	8ms 7ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=818712168779601&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802365&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=3177, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 852 B	80ms 80ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=818712168779601&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802365&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 69 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384602803921011", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=6330, tp=-1, tpl=-1, uplat=71, ullat=0 pragma no-cache x-fb-debug 4X1k8FIQKhHDdCZKbjMVE2BOsfZyyli+Pd4QJDSy6G6Da05+zlF+6mNiNFnDsiPwqBay/qKjxnb8f8WffKejpw== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384602803921011"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/	0 19 B	9ms 8ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=201397790656822&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802447&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4898, tp=16, tpl=0, uplat=1, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H3	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 195 B	45ms 44ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=201397790656822&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802447&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 38 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384603568931200", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=24, mss=1232, tbw=5618, tp=23, tpl=0, uplat=37, ullat=0 pragma no-cache x-fb-debug fDHtm4GP7ZCmVZBJDEiDsI8xSPvDt0KavhaZuVqG8RhJoW2zifWr72HHspR705YcrBkMDxEf/Z80rfFK/fTEOA== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384603568931200"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/	0 16 B	9ms 8ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=818712168779601&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=5218, tp=18, tpl=0, uplat=1, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H3	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 193 B	220ms 219ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=818712168779601&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Thu, 15 Aug 2024 15:13:22 GMT document-policy force-load-at-top x-fb-server-load 29 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384603551508250", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=26, mss=1232, tbw=8402, tp=27, tpl=0, uplat=211, ullat=0 pragma no-cache x-fb-debug 5GfcI6KVZqEr7cIxxJRbN8rxbg0IgID2epnLMHvbQFo5xidEZPONe11lfyRhBqSNO7X0RFev1MzOv7iGkcBmrQ== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384603551508250"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/	0 16 B	10ms 10ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1273790856111869&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=5378, tp=20, tpl=0, uplat=1, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 15 Aug 2024 15:13:22 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H3	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 192 B	1030ms 1030ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1273790856111869&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET Requested by Host: cymulate.com URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers attribution-reporting-register-trigger {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x2bd7f739d90047cb","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["21:1605859652795144","21:1565555643480638","21:1828166850547590","7817:1605859652795144","7817:1565555643480638","7817:1828166850547590","573:1605859652795144","573:1565555643480638","573:1828166850547590","11478:1605859652795144","11478:1565555643480638","11478:1828166850547590","10853:1605859652795144","10853:1565555643480638","10853:1828166850547590","38:1605859652795144","38:1565555643480638","38:1828166850547590","8048:1605859652795144","8048:1565555643480638","8048:1828166850547590","603:1605859652795144","603:1565555643480638","603:1828166850547590"]},"debug_reporting":true,"debug_key":"1"} content-encoding zstd x-content-type-options nosniff content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; strict-transport-security max-age=15552000; preload document-policy force-load-at-top date Thu, 15 Aug 2024 15:13:23 GMT x-fb-server-load 37 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384601644303389", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=27, mss=1232, tbw=9330, tp=29, tpl=0, uplat=1021, ullat=0 pragma no-cache x-fb-debug eCrNUa9Oe52fWpAf3yedGNjuc5Ap3CFLwLSzOsYdml16DNiQk1kdLiQvBMveQrzoah4pJ9A7o0aoMrzL2Xrx7A== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384601644303389"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 0	42ms 15ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-6ZSMQQR9V4&gtm=45je48e0v887322098z878928481za200zb78928481&_p=1723734801786&gcs=G100&gcd=13p3pPp2p5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=621335572.1723734803&ecid=929221011&ul=de-de&are=1&frm=0&pscdl=denied&ec_mode=a&_geo=1&_rdi=1&_s=1&sid=1723734802&sct=1&seg=0&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&dt=Exploiting%20Pass-through%20Authentication%20Validation%20in%20Azure%20AD%C2%A0&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1489 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Thu, 15 Aug 2024 15:13:22 GMT server Golfe2 content-type text/plain access-control-allow-origin https://cymulate.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	landing pagead2.googlesyndication.com/pagead/	42 B 64 B	35ms 18ms	Ping image/gif	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p2p5&tag_exp=0&rnd=1356737669.1723734803&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&dma_cps=-&dma=1&npa=1&gtm=45He48e0n815Q2VT3Cv78928481za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Thu, 15 Aug 2024 15:13:22 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ a.clickcertain.com/px/cont/ Frame 6FBA	0 0	187ms 167ms	Document text/html	2606:4700:20::681a:932 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a.clickcertain.com/px/cont/?c=24335bac5f4f324&ccid=febeee48-248b-43ec-8272-82b7b77f76bf&cn=DE&rid=764a558d-63bb-473c-a743-13cea6fb6e75 Requested by Host: a.remarketstats.com URL: https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:932 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8b3a20d9e88e9b7c-FRA content-encoding br content-type text/html date Thu, 15 Aug 2024 15:13:23 GMT etag W/"ZmViZWVlNDhnMjQ4Ymc0M2VjZzgyNzJnODJiN2I3N2Y3NmJmLXow" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x0xcZaXpCjnRGtxba4h0TcsIYzHsR2xE%2FKyI1dYiwc26qe1T3jxqvGQVvstTunPDo1M%2FOpbJIHRox5v48Eta8OUBvrEIqXCfaho2v3yCtQdsrQpNPiN3GxTRgSGmQoPMm7snDr62k%2BGgmuNHsOonqw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-frontend cc-nginx-8674cc857-h4wwj:cc-nginx-8674cc857-h4wwj x-requestid e9b2ccef-699f-4bbf-beba-243cc3af0381
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	199ms 169ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1240600147&v=1.1&a=4347852&rcu=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&pu=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&t=Exploiting+Pass-through+Authentication+Validation+in+Azure+AD%C2%A0&cts=1723734803487&vi=ea27e567b0671fcf4afeafa6bbe7b9e9&nc=true&u=145613419.ea27e567b0671fcf4afeafa6bbe7b9e9.1723734803484.1723734803484.1723734803484.1&b=145613419.1.1723734803484&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:23 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d1ec21e5-1f90-46d7-a8b8-e6c0113f528d p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 8 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d1ec21e5-1f90-46d7-a8b8-e6c0113f528d server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nIkoL3YdyG7nH0EzmB47ky4cvehOKs62iIr35LQGIxIMEFJp%2Fe6jRTcbMd8Q5vpjNr0tso9rdT1VjkWpaqvfrmnUSsCC%2BG5RNGWKWEDa%2B8ZApIoT8Its2cm2UvblO6UeQ12Nem%2BL%2FfATM42EHHm6"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-rtlfs x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 8b3a20da085e5d39-FRA x-robots-tag none
GET H3	200	/ www.facebook.com/tr/	0 16 B	7ms 6ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1273790856111869&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734803488&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=28, mss=1232, tbw=11026, tp=33, tpl=0, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 15 Aug 2024 15:13:23 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H3	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 196 B	46ms 45ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1273790856111869&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734803488&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Thu, 15 Aug 2024 15:13:23 GMT document-policy force-load-at-top x-fb-server-load 48 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384606189072884", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=28, mss=1232, tbw=11266, tp=36, tpl=0, uplat=38, ullat=0 pragma no-cache x-fb-debug Q0Lpg2BxHNYZdR/zqjZkBWMhPxeroGdeS6zEBDR+tJuSl+AdDZqpFCYbSKYRjPaLn845guXQWzGi/PHmKxMUIA== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384606189072884"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	178 B 1 KB	146ms 146ms	XHR application/json	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=4347852&utk=ea27e567b0671fcf4afeafa6bbe7b9e9&__hstc=145613419.ea27e567b0671fcf4afeafa6bbe7b9e9.1723734803484.1723734803484.1723734803484.1&__hssc=145613419.1.1723734803484&currentUrl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fa2e3d82416c0d86daaf6fcb0d6c187ebc7cf2636859e8cdaef18c873cd9cb93 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:23 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e59d9aa6-9347-4bd8-95a9-f0c59ff6ba56 content-encoding br x-envoy-upstream-service-time 21 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e59d9aa6-9347-4bd8-95a9-f0c59ff6ba56 server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://cymulate.com x-evy-trace-virtual-host all cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-vls5k access-control-max-age 180 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20dllkpV3jCez7skk9BcnkAksgqM6GNG7laBZo7vIhp9FxuLYfwXLaRrf2TKioQ8LiKN2kPpOOwEltc%2FQwZGIAIqMAscIjvA6aaGJ911a%2FM8D0%2Fh9i4VQ3wfdGAuem3PYuD593BLxZ0e7L1flB3b"}],"group":"cf-nel","max_age":604800} x-robots-tag none access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 8b3a20d9ec239a15-FRA
GET H2	200	cymulate-logo-icon.png cymulate.com/uploaded-files/2021/09/	412 B 618 B	29ms 29ms	Other image/webp	2606:4700:10::ac43:ddf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cymulate.com/uploaded-files/2021/09/cymulate-logo-icon.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7e13738f614b52e0d861b7cd9342face18efe7314aca70bc63db7fc8f0a68121 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://cymulate.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Thu, 15 Aug 2024 15:13:24 GMT strict-transport-security max-age=31536000; includeSubDomains cf-cache-status HIT age 95543 cf-polished origFmt=png, origSize=4239 content-disposition inline; filename="cymulate-logo-icon.webp" content-length 412 cf-bgj imgq:100,h2pri last-modified Mon, 12 Jun 2023 08:35:36 GMT server cloudflare etag "6486d8d8-108f" vary Accept content-type image/webp cache-control public, max-age=7776000, no-transform accept-ranges bytes cf-ray 8b3a20e05f7371b8-FRA expires Tue, 12 Nov 2024 12:20:48 GMT