URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Submission: On August 15 via manual from US — Scanned from DE

Summary

This website contacted 32 IPs in 4 countries across 28 domains to perform 98 HTTP transactions. The main IP is 2606:4700:10::ac43:ddf, located in United States and belongs to CLOUDFLARENET, US. The main domain is cymulate.com. The Cisco Umbrella rank of the primary domain is 162526.
TLS certificate: Issued by WE1 on July 18th 2024. Valid for: 3 months.
This is the only time cymulate.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
35 2606:4700:10:... 13335 (CLOUDFLAR...)
9 2606:4700::68... 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 151.101.8.157 54113 (FASTLY)
1 162.159.153.247 13335 (CLOUDFLAR...)
3 23.35.237.86 16625 (AKAMAI-AS)
1 52.85.65.125 16509 (AMAZON-02)
4 2a03:2880:f08... 32934 (FACEBOOK)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.72.154.65 14618 (AMAZON-AES)
1 93.184.221.165 15133 (EDGECAST)
1 104.244.42.195 13414 (TWITTER)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 52.20.195.32 14618 (AMAZON-AES)
2 70.42.32.63 22075 (AS-OUTBRAIN)
12 2a03:2880:f17... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
98 32
Apex Domain
Subdomains
Transfer
35 cymulate.com
cymulate.com — Cisco Umbrella Rank: 162526
1 MB
12 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
5 KB
9 cookiepro.com
cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 13568
152 KB
5 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 4363
tr.outbrain.com — Cisco Umbrella Rank: 4248
wave.outbrain.com — Cisco Umbrella Rank: 4246
10 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
471 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 669
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
2 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
81 KB
4 hubspot.com
js.hubspot.com — Cisco Umbrella Rank: 8139
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8074
track.hubspot.com — Cisco Umbrella Rank: 5359
forms.hubspot.com — Cisco Umbrella Rank: 11636
28 KB
3 clickcertain.com
a.clickcertain.com — Cisco Umbrella Rank: 11744
3 KB
2 quora.com
a.quora.com — Cisco Umbrella Rank: 10322
q.quora.com — Cisco Umbrella Rank: 7176
15 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
64 B
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3123
1 hsforms.com
perf-na1.hsforms.com — Cisco Umbrella Rank: 8524
927 B
1 okt.to
okt.to — Cisco Umbrella Rank: 96138
100 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 1356
396 B
1 t.co
t.co — Cisco Umbrella Rank: 979
377 B
1 digitaloceanspaces.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 267216
2 KB
1 remarketstats.com
a.remarketstats.com — Cisco Umbrella Rank: 14824
571 B
1 oktopost.com
static.oktopost.com — Cisco Umbrella Rank: 113791
4 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1253
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 7580
1 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 11009
92 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 5067
19 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 7189
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 5135
25 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019
303 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 14516
156 KB
98 28
Domain Requested by
35 cymulate.com cymulate.com
12 www.facebook.com cymulate.com
9 cookie-cdn.cookiepro.com cymulate.com
cookie-cdn.cookiepro.com
5 www.googletagmanager.com cymulate.com
www.googletagmanager.com
4 connect.facebook.net cymulate.com
connect.facebook.net
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 a.clickcertain.com 1 redirects cymulate.com
a.remarketstats.com
2 tr.outbrain.com amplify.outbrain.com
2 amplify.outbrain.com www.googletagmanager.com
amplify.outbrain.com
1 forms.hubspot.com js.hsleadflows.net
1 track.hubspot.com
1 pagead2.googlesyndication.com www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 perf-na1.hsforms.com cymulate.com
1 wave.outbrain.com amplify.outbrain.com
1 okt.to static.oktopost.com
1 px4.ads.linkedin.com cymulate.com
1 cta-service-cms2.hubspot.com js.hubspot.com
1 analytics.twitter.com cymulate.com
1 t.co cymulate.com
1 q.quora.com cymulate.com
1 metadata-static-files.sfo2.cdn.digitaloceanspaces.com cymulate.com
1 a.remarketstats.com 1 redirects
1 static.oktopost.com www.googletagmanager.com
1 a.quora.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 api.hubapi.com js.hsadspixel.net
1 js.hsleadflows.net cymulate.com
1 js.hs-banner.com cymulate.com
1 js.hsadspixel.net cymulate.com
1 js.hubspot.com cymulate.com
1 js.hs-analytics.net cymulate.com
1 geolocation.onetrust.com cookie-cdn.cookiepro.com
1 js.hsforms.net cymulate.com
98 35
Subject Issuer Validity Valid
cymulate.com
WE1
2024-07-18 -
2024-10-16
3 months crt.sh
cookiepro.com
E6
2024-07-17 -
2024-10-15
3 months crt.sh
*.google-analytics.com
WR2
2024-07-30 -
2024-10-22
3 months crt.sh
hsforms.net
WE1
2024-08-11 -
2024-11-09
3 months crt.sh
geolocation.onetrust.com
WE1
2024-08-13 -
2024-11-11
3 months crt.sh
hs-analytics.net
WE1
2024-08-09 -
2024-11-07
3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2024-01-06 -
2024-12-31
a year crt.sh
hsadspixel.net
WE1
2024-08-12 -
2024-11-10
3 months crt.sh
hs-banner.com
WE1
2024-07-27 -
2024-10-25
3 months crt.sh
hsleadflows.net
WE1
2024-07-31 -
2024-10-29
3 months crt.sh
hubapi.com
E6
2024-07-02 -
2024-09-30
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-25 -
2025-06-24
a year crt.sh
quora.com
R10
2024-07-29 -
2024-10-27
3 months crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-14 -
2024-12-14
a year crt.sh
*.oktopost.com
Amazon RSA 2048 M02
2024-07-29 -
2025-08-28
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-05-24 -
2024-08-22
3 months crt.sh
*.sfo2.cdn.digitaloceanspaces.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-20 -
2025-05-07
a year crt.sh
*.quora.com
R11
2024-07-29 -
2024-10-27
3 months crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-05-08 -
2025-05-07
a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-19 -
2024-09-17
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-07-01 -
2025-01-01
6 months crt.sh
okt.to
R10
2024-06-22 -
2024-09-20
3 months crt.sh
hsforms.com
WE1
2024-08-12 -
2024-11-10
3 months crt.sh
*.g.doubleclick.net
WR2
2024-07-30 -
2024-10-22
3 months crt.sh
clickcertain.com
WE1
2024-07-15 -
2024-10-13
3 months crt.sh

This page contains 2 frames:

Primary Page: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Frame ID: 4354A49A388F82C712824E058217BC11
Requests: 110 HTTP requests in this frame

Frame: https://a.clickcertain.com/px/cont/?c=24335bac5f4f324&ccid=febeee48-248b-43ec-8272-82b7b77f76bf&cn=DE&rid=764a558d-63bb-473c-a743-13cea6fb6e75
Frame ID: 6FBA3E4ECA5CDD9DBBDC32D775538E23
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Exploiting Pass-through Authentication Validation in Azure AD 

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

98
Requests

98 %
HTTPS

69 %
IPv6

28
Domains

35
Subdomains

32
IPs

4
Countries

2374 kB
Transfer

5417 kB
Size

26
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69
  • https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad HTTP 302
  • https://a.clickcertain.com/px/smart/a/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad HTTP 302
  • https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75
Request Chain 81
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFWmb-HeTX8dUhVfdj3u0IT-vJ36f6XZrjLJfMkRvFWcgyramKjCAO6zwAIjrSMApBsRdmPlwnnQQ

98 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
301 KB
53 KB
Document
General
Full URL
https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57294d13fa4aef7d107077478682297f6c2812cd13db25a11b6493b4bded78e9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8b3a20cc0b6271b8-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 15 Aug 2024 15:13:21 GMT
link
<https://cymulate.com/wp-json/>; rel="https://api.w.org/" <https://cymulate.com/wp-json/wp/v2/blog/22918>; rel="alternate"; title="JSON"; type="application/json" <https://cymulate.com/?p=22918>; rel=shortlink
permissions-policy
autoplay=(self), geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
referrer-policy
no-referrer-when-downgrade origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding
x-cache
HIT: 5
x-cache-group
normal
x-cacheable
SHORT
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
mm_a2d1e31d-58b7-45f1-b66f-2e3107549cf8-23218466.js
cymulate.com/wp-content/cache/min/1/js/
578 B
698 B
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/js/mm_a2d1e31d-58b7-45f1-b66f-2e3107549cf8-23218466.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e92096bd29fcb17b27edf69b590575685720d412144871ec907576a027561e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
10733
etag
W/"66ba2076-242"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20ceef3371b8-FRA
expires
Wed, 21 Aug 2024 12:21:13 GMT
starter-scripts.js
cymulate.com/wp-content/themes/cymulate-2022/build/js/
848 B
1 KB
Script
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/js/starter-scripts.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3f08b3cbc6ceb04bc62a9b85006ef3ee818f9cd4cedd2fb39e3058358682165
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Fri, 09 Aug 2024 16:37:46 GMT
server
cloudflare
age
95552
cf-polished
origSize=1554
etag
W/"66b645da-612"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20cedf1a71b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
Poppins-Regular.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/
154 KB
155 KB
Font
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Regular.ttf
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:39:32 GMT
server
cloudflare
age
10733
etag
"66b64644-269f0"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b3a20ceef2b71b8-FRA
content-length
158192
init-gtm.js
cymulate.com/wp-content/themes/cymulate-2022/build/js/
994 B
1 KB
Script
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a80fb50f58320df02bb209faa75baed165759153874be28cdc35e87cfd470fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 13:38:13 GMT
server
cloudflare
age
10733
cf-polished
origSize=1187
etag
W/"66ba1045-4a3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20ceef2f71b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
OtAutoBlock.js
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/
16 KB
4 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/OtAutoBlock.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07f134f5be6766081057b1d18f253f6da67f1efcd2bbbe601273ead941489544
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
gzip
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
19038
content-md5
Nt/Zdl5+UEbwO0LgtrY2/w==
content-length
3994
x-ms-lease-status
unlocked
last-modified
Mon, 12 Aug 2024 09:30:16 GMT
server
cloudflare
etag
0x8DCBAB1606DD4A0
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
283d8289-d01e-0052-3f9a-ec5754000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20cf09bf3626-FRA
otSDKStub.js
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/
20 KB
7 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea14b302d2386504b249b182fac6bdeff4b77b71921945c4cf70e73550ab503d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
gzip
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
19038
content-md5
pbJJi2bi48pCi90v1avuPA==
content-length
6924
x-ms-lease-status
unlocked
last-modified
Mon, 12 Aug 2024 09:30:16 GMT
server
cloudflare
etag
0x8DCBAB1606EBE01
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
81e57a90-201e-0034-799a-ec1874000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20cf09bd3626-FRA
Poppins-Light.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/
156 KB
156 KB
Font
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Light.ttf
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0499eb6bef276af5e98726f6476ad2a09fa0a792e430be776811890b0a9e4b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:39:28 GMT
server
cloudflare
etag
"66b64640-27068"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b3a20ceef3271b8-FRA
content-length
159848
Poppins-Medium.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/
153 KB
153 KB
Font
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Medium.ttf
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e554db189b5d944ef0e6f98ee0e4e8c75f69e95315dc9f4ae0c616a8756a2ba4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:39:29 GMT
server
cloudflare
age
95552
etag
"66b64641-26340"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b3a20ceef3571b8-FRA
content-length
156480
Poppins-SemiBold.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/
152 KB
152 KB
Font
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-SemiBold.ttf
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:39:36 GMT
server
cloudflare
age
10733
etag
"66b64648-25e38"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b3a20ceef3771b8-FRA
content-length
155192
Poppins-Bold.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/
150 KB
151 KB
Font
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Bold.ttf
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c24de5695a67f26e8e1a2770f7a62f82d1aae59a68c498412bf7986beeb7d84b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:39:33 GMT
server
cloudflare
age
10733
etag
"66b64645-2592c"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b3a20ceef3871b8-FRA
content-length
153900
gtm.js
www.googletagmanager.com/
336 KB
111 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7a3e40f5aae1d91a54d5485ad9d6d0647261d98a9e7b3bdcc3ac4470de6ffba7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
113426
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Aug 2024 15:13:21 GMT
gtm.js
www.googletagmanager.com/
183 KB
66 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N8MJTXDC
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c99760d7ed551cd0175afcc97ecb090823e535b0d91f19443993e15c9feb5116
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
67526
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Aug 2024 15:13:21 GMT
research-team.png.webp
cymulate.com/uploaded-files/2022/03/
17 KB
17 KB
Image
General
Full URL
https://cymulate.com/uploaded-files/2022/03/research-team.png.webp
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2223ff06c80eafecd7007744ffd5e885c876bbb3b7a1fdd6f6072fd8c85f4e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Mon, 12 Jun 2023 09:10:40 GMT
server
cloudflare
etag
"6486e110-42c8"
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20cf6fe871b8-FRA
content-length
17096
expires
Tue, 12 Nov 2024 19:15:34 GMT
jquery.min.js
cymulate.com/wp-includes/js/jquery/
86 KB
31 KB
Script
General
Full URL
https://cymulate.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 28 Aug 2023 17:14:23 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
age
95547
etag
W/"64ecd5ef-15601"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0088071b8-FRA
expires
Wed, 21 Aug 2024 12:21:15 GMT
jquery-migrate.min.js
cymulate.com/wp-includes/js/jquery/
13 KB
5 KB
Script
General
Full URL
https://cymulate.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
age
10733
etag
W/"6482bd64-3509"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0188671b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
form-awesome-public.js
cymulate.com/wp-content/cache/min/1/wp-content/plugins/form-awesome-plugin/public/js/
419 B
493 B
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/plugins/form-awesome-plugin/public/js/form-awesome-public.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0425a8f82b801c86dc4a6718f77b6675fbde4032abfe3601e846f53f6419df8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
10733
etag
W/"66ba2076-1a3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0188771b8-FRA
expires
Wed, 21 Aug 2024 12:21:13 GMT
v2.js
js.hsforms.net/forms/
483 KB
156 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:8d77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfdf1af1a230e3ee08968606c4322f5a9c51a5a6bf341687fedac60716c9ddab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
305
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5781/bundles/project-v2.js&cfRay=8b3a195ae99218c3-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"07033d485ccfcdda144e7a4173dbc0bc"
vary
accept-encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5781/bundles/project-v2.js
date
Thu, 15 Aug 2024 15:13:21 GMT
via
1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-version-id
__TkXxzKt.v8sm6CVT1EUR2QdTtEmM_4
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
87a221dc-a256-43e1-aa33-61c90381b20f
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
87a221dc-a256-43e1-aa33-61c90381b20f
last-modified
Wed, 07 Aug 2024 13:25:19 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NdrzHVz2U5qwLxw9F1QOyZ96L%2Fz4rBdWkTsmNTf%2Fee09MS1q6wzbrbsTwvw9VueNaeOJNtvWrOy5E1Y9XlzRnArlOFEXtVN%2B7dQh9aEQDAyG8iuuZVP3UYviZP3mADD52fgEOgMlKjs1339e"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-fj2sp
cf-ray
8b3a20cf8dd737f1-FRA
x-amz-cf-id
_vrbhsFLSga4hwKpeqpCvc-Gz-upeZhwqa257wwfJbKx435p_Qfu9Q==
Logo.png.webp
cymulate.com/uploaded-files/2024/07/
2 KB
2 KB
Image
General
Full URL
https://cymulate.com/uploaded-files/2024/07/Logo.png.webp
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22f7af7c1f0fda7b15222161020de20537ce540f08ba19284bb2e27def8e2f86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Sun, 14 Jul 2024 06:45:36 GMT
server
cloudflare
age
10733
etag
"66937410-6fa"
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20d0188a71b8-FRA
content-length
1786
expires
Tue, 12 Nov 2024 12:21:12 GMT
email-decode.min.js
cymulate.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
801 B
Script
General
Full URL
https://cymulate.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 09 Aug 2024 15:30:02 GMT
server
cloudflare
content-encoding
gzip
etag
W/"66b635fa-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
8b3a20cf7ff871b8-FRA
expires
Sat, 17 Aug 2024 15:13:21 GMT
jquery.visible.min.js
cymulate.com/wp-content/themes/cymulate-2022/assets/
885 B
640 B
Script
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/assets/jquery.visible.min.js?ver=21.7.27.04
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a303026a1e158c61d96ba96010352c24957181ee22828ce2b54cdd60c813529
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:34:12 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
age
95547
etag
W/"66b64504-375"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0188c71b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
jquery.fancybox.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/
88 KB
88 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/jquery.fancybox.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc61255a9862df6aabf82c0fdc17ad5eed0e763ed6b92b95cfb1e8d679ea4e8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
cf-polished
origSize=89762
etag
W/"66ba2076-15ea2"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0188d71b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
slick.min.js
cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/
42 KB
11 KB
Script
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/slick.min.js?ver=21.7.27.04
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceffda0001c0a6edf0cae48244e72c46d66bb5a75618d4ed5c03d0d24cd106eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:40:52 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
age
10733
etag
W/"66b64694-a779"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0188f71b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
longbow.slidercaptcha.min.js
cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/
7 KB
3 KB
Script
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/longbow.slidercaptcha.min.js?ver=21.7.27.04
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e051bcd1aa1760cd154bda6aeb6dc3b4c34633cfdbfa5418ae2243cdecb87599
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 09 Aug 2024 16:38:12 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
age
10733
etag
W/"66b645f4-1ae9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189171b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
jquery.validate.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/
31 KB
31 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/assets/jquery.validate.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94561d4d205db4224fdb2c247542009d40537aaf869dc8fda63912916f4e6543
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
cf-polished
origSize=31688
etag
W/"66ba2076-7bc8"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189271b8-FRA
expires
Wed, 21 Aug 2024 12:21:15 GMT
starter-scripts.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/
832 B
918 B
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/starter-scripts.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ceb950911d2b12a1cd67b2221b6dd703bb9743e8d960f7eb751c763bb1103a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
etag
W/"66ba2076-340"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189371b8-FRA
expires
Wed, 21 Aug 2024 12:21:15 GMT
general-scripts.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/
24 KB
25 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/general-scripts.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
984b17f585481fdbb2424e13bbb78e346023740f08f06958a428fbba1dbc0ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
10733
cf-polished
origSize=25021
etag
W/"66ba2076-61bd"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189471b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
scripts.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/
648 B
746 B
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/scripts.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
060d75de17d3e951c3ddbbd52f016c035789b8151676b1e2b3963f9c85623397
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
etag
W/"66ba2076-288"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189771b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
main-scripts.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/
20 KB
21 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/main-scripts.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41b4a5838294c17b4b8e8c380c13f4aa105e8ee20bfb78527afc8fda14216c49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
10733
etag
W/"66ba2076-51c9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189971b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
cookie-scripts.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/
2 KB
2 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/cookie-scripts.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dea6803bb490d3ced7f64b025151e27e9cb6fb79e72b6b7df5fe2ce93477dae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
10733
etag
W/"66ba2076-74e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189c71b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
ajax.js
cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/
1 KB
2 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/themes/cymulate-2022/build/js/ajax.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10dd819ad5850f580e622143a919a6f338b73f815e912a2062692c25f7c1f10b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
etag
W/"66ba2076-5bd"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d0189e71b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
widget.js
cymulate.com/wp-content/cache/min/1/reviews/public/Widget/js/
9 KB
9 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/reviews/public/Widget/js/widget.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5d56faa79ac6b2f06f6f63e4c93f3537aec12d5b23e9afa18ca8c7716641132
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
etag
W/"66ba2076-2447"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d018a071b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
front.js
cymulate.com/wp-content/cache/min/1/wp-content/plugins/code-block-pro/build/front/
6 KB
6 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/wp-content/plugins/code-block-pro/build/front/front.js?ver=1723704115
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a82bb710867f55be7db0b626115e5b2077e637aa61d636057fedfeb52def9056
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 15 Aug 2024 06:41:55 GMT
server
cloudflare
age
10733
etag
W/"66bda333-180f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d018a271b8-FRA
expires
Thu, 22 Aug 2024 06:43:37 GMT
lazyload.min.js
cymulate.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/
9 KB
3 KB
Script
General
Full URL
https://cymulate.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 14 Jul 2024 06:41:29 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
age
10733
etag
W/"66937319-22bc"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d018a371b8-FRA
expires
Wed, 21 Aug 2024 12:21:14 GMT
4347852.js
cymulate.com/wp-content/cache/min/1/
2 KB
2 KB
Script
General
Full URL
https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd1fd2875192579d70e969183c30fa0c470be73a0fbf01f356599c097878b27d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 12 Aug 2024 14:47:18 GMT
server
cloudflare
age
95547
etag
W/"66ba2076-956"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800, no-transform
cf-ray
8b3a20d018a671b8-FRA
expires
Wed, 21 Aug 2024 12:21:12 GMT
a25e10f7-7a3d-4179-8c72-630ea8882180.json
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/
5 KB
2 KB
XHR
General
Full URL
https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/a25e10f7-7a3d-4179-8c72-630ea8882180.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
892bd60ea96f88ef10e5fc372d6d34fe4f9de4460660e0596b8358e91875873f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
gzip
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
19038
content-md5
tMXB6RKYXEe5YWrLu9nTNA==
content-length
1793
x-ms-lease-status
unlocked
last-modified
Mon, 12 Aug 2024 09:30:16 GMT
server
cloudflare
etag
0x8DCBAB16046A285
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
884737f8-201e-0069-1e9a-ec12f0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20cf995fbbb3-FRA
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
908f709b6824f7973fefc1778ab7ee4d664cbbb9c124ab75785ea03019c4c7b4

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e461fa71ab99d660c0f0310212a00c827711c2f031ab5b44d37932c8d4b63d64

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6b9ece1299ec1617b7cdb30ce252ec01cbbe54c4e6867ce7ad8678afad6c0ae

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af0aaeda573b7b3566b9ec8ecace3246309814d39fea16d7667f5c4ee96bcc8e

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d4e233e8560d0403b932a14bbd2f0fcf7b1ab1c2be71842e14341cd92921c9e

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
66 B
303 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8b3a20d04ea11941-FRA
access-control-allow-headers
Content-Type
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9250c36f23dfaecaf750e3bc3c57c589032f5a32d5d7429b43429a2e3f53549

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4a868e1d129025f9907e1738c10688b5aa86c7911b34ecfab4f21e70f1e1b3d

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a9fded7e9c8304198cc3799357a93505196f2427686312588df98626f21a201c

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4032f7f315f7c69204e0f8c20889cb0e035d9e6d3d45af72e2f2e01091b3e36

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c16903de05444718bddc810c3db525b6292baf5fd3788bf0ef4f5384d52934a7

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
66 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7ac2e76a6c07b4ed8bef78f303d08167cec1561a99e1c8f5f1c247294ba9b5ad

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
66 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
639cd9a9b675392f0a38786644000084d9bdb5a8c8e374321351da4e58945b8c

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
66 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
38483bf56e4a876f08814cd0643d4c7a2f5b9fb9bcd1e0152b764644ab22fa69

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
4347852.js
js.hs-analytics.net/analytics/1723473900000/
69 KB
25 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1723473900000/4347852.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9bb517bf2cef096550eda67cb2a9d5aed019108b177f84c4b010670b06106c6

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
72BMWRER8EP54BT5
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
4773a539-86d0-463e-ac4a-36a15dc40ff4
age
44
x-envoy-upstream-service-time
67
x-amz-id-2
cXrrK3zc0gAUawwW7N54ulmOlhuiBATeGSH9OhkOqEN4EhCfLw/JtKeXtv/gITJgRbl3aqTnsSI=
x-evy-trace-listener
listener_https
x-request-id
4773a539-86d0-463e-ac4a-36a15dc40ff4
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 14 Aug 2024 17:29:23 GMT
server
cloudflare
etag
W/"1c78ed946f27f79de39285ed2d35a026"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-k5ntq
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
8b3a20d08f4d4d28-FRA
expires
Thu, 15 Aug 2024 15:17:38 GMT
web-interactives-embed.js
js.hubspot.com/
83 KB
24 KB
Script
General
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a58fb4ba57e791839c580c3ab186ee45d39e5558c62fa910a531e2225be9331
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1347/bundles/project.js&cfRay=8b3a20d08ff39a15-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"d5eb842cb627d3498b8eea8cb51bd4ba"
vary
accept-encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.1347/bundles/project.js
date
Thu, 15 Aug 2024 15:13:22 GMT
via
1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-version-id
qlSsOogDzDfjHYWqoRnPM3MeITU5eHaq
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
e3719e6c-09a1-4ad8-92a8-493df63316b4
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
x-evy-trace-route-configuration
listener_https/all
x-request-id
e3719e6c-09a1-4ad8-92a8-493df63316b4
last-modified
Tue, 13 Aug 2024 14:43:57 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99v6d9jkcx7JKBcexaPdMAD2WOG9s%2BjnEQ42uAQqtBn7i6RxkrfXwkZpFky8u%2Ffa7sIEDiFtej1DzihZuDia62Y84Z%2BH%2FLDvgletScQlR6veYZ61sX8tJdLZSPglFoWKJ6mqxPQwYBuwluXP"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-bhgvl
cf-ray
8b3a20d08ff39a15-FRA
x-amz-cf-id
ir4-YHfsxeN-3dOLyC-2X9aFdrgtswHDIkZs-hdZsw8CMdbYwzxQJw==
fb.js
js.hsadspixel.net/
6 KB
4 KB
Script
General
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e1b1a37caa8b7627123aeb0e23ad3a2ac14d4ad48be7aabb2ca7ca9da218ef5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
via
1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
x-amz-version-id
UIOsIr3qFS9r3wFn4ECf3yNr1.R8N2aA
cf-cache-status
HIT
x-content-type-options
nosniff
x-amz-cf-pop
IAD12-P3
age
501
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.572/bundles/pixels-release.js&cfRay=8b3a1495588e5d9c-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
2dca57d9-154e-40bd-9b2a-c3870e8d8121
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2dca57d9-154e-40bd-9b2a-c3870e8d8121
last-modified
Tue, 06 Aug 2024 19:11:03 UTC
server
cloudflare
etag
W/"45a803cc17701ff8c7710294960c14c7"
vary
accept-encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
MISS
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-tmvlw
cf-ray
8b3a20d08c0b1c30-FRA
x-amz-cf-id
XaDx42smCAbxpBEc781_UWIK6hL_0hGlUCFBdFo3cNUvjFqadiKULA==
x-hs-target-asset
adsscriptloaderstatic/static-1.572/bundles/pixels-release.js
4347852.js
js.hs-banner.com/
65 KB
19 KB
Script
General
Full URL
https://js.hs-banner.com/4347852.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:17b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f790dbbcf9f8ae42200fc5ebcbe945aae0a49709ab702f01b80439cb577d7860

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
x-amz-version-id
ojgBMBedjmcJmNCAyoRr1hPmxr5rDq1r
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
CPJNVQNN3AJQW4Z8
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
f973b703-0681-47d3-9156-c3d84ce71ba3
age
44
x-envoy-upstream-service-time
16
x-amz-id-2
Y4TECeXz/rNPt2XuSOkwP4K3Y1hELglAI0bpD8ihvd1zLO1ZTYmQrsae1bxYppdsfpHC81bMit0=
x-evy-trace-listener
listener_https
x-request-id
f973b703-0681-47d3-9156-c3d84ce71ba3
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 17 May 2024 10:12:55 GMT
server
cloudflare
etag
W/"810e9cc7361c9d897628e9a486cbb8c9"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://cymulate.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-qr8zh
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8b3a20d08b0818cb-FRA
expires
Thu, 15 Aug 2024 15:17:38 GMT
leadflows.js
js.hsleadflows.net/
551 KB
92 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/wp-content/cache/min/1/4347852.js?ver=1723474038
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8b11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
20079
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js&cfRay=8b1f2a37e8da4d94-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b6c788efa3b3fd53687b2c92c85a5a5f"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js
date
Thu, 15 Aug 2024 15:13:22 GMT
x-amz-version-id
TIDmoMti0Vib7LJNFwT63dnpWuuDUZfu
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
dbe73416-6ea7-412b-b48b-b08fd88423c5
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-request-id
dbe73416-6ea7-412b-b48b-b08fd88423c5
last-modified
Tue, 23 Jul 2024 12:57:23 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-fj2sp
cf-ray
8b3a20d079ee65c9-FRA
x-amz-cf-id
_NCqhmI2H_nl2ZbJTVjrsxAeEeKo1W4CFpOZFBGUH6PdtPOOPFSb2w==
otBannerSdk.js
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/
452 KB
110 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb60550070f9a5ce5d91b9cb0d34ee6777a3dcb25de950cb185d1c2b624b2590
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
btqcTGGxKzfJ1KoWzOA9vQ==
age
31457
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
112185
x-ms-lease-status
unlocked
last-modified
Thu, 01 Aug 2024 01:18:16 GMT
server
cloudflare
etag
0x8DCB1C7D285B359
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1f6da534-401e-0040-64c6-e32c84000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20d09b8e3626-FRA
expires
Fri, 16 Aug 2024 15:13:22 GMT
Code-Pro-JetBrains-Mono.woff2
cymulate.com/wp-content/plugins/code-block-pro//build/fonts/
68 KB
68 KB
Font
General
Full URL
https://cymulate.com/wp-content/plugins/code-block-pro//build/fonts/Code-Pro-JetBrains-Mono.woff2
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bceff0710e3a7fe5b3622265c48b6fbc055cf071df80ef5f36ffc69550296664
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
Origin
https://cymulate.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 10:36:02 GMT
server
cloudflare
age
5632
etag
"66ab6512-10f40"
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20d0d96871b8-FRA
content-length
69440
expires
Wed, 13 Nov 2024 06:40:58 GMT
Figure_1_PTA_authentication_process.jpg
cymulate.com/uploaded-files/2024/08/
79 KB
79 KB
Image
General
Full URL
https://cymulate.com/uploaded-files/2024/08/Figure_1_PTA_authentication_process.jpg
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86236fd9addfae28b79d07cd2abfbb3410e1708a29c71717068cf8ecd230f6d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
10814
cf-polished
origSize=80558
content-length
80525
cf-bgj
imgq:100,h2pri
last-modified
Tue, 13 Aug 2024 08:37:32 GMT
server
cloudflare
etag
"66bb1b4c-13aae"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20d0e98771b8-FRA
expires
Wed, 13 Nov 2024 06:40:50 GMT
blog-single-bg-desktop.png
cymulate.com/wp-content/themes/cymulate-2022/build/images/
6 KB
6 KB
Image
General
Full URL
https://cymulate.com/wp-content/themes/cymulate-2022/build/images/blog-single-bg-desktop.png
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c041cf82f0fc11784e05ff44e069061dc0eeb2d53bb286fbe9f900975fe95a6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
8503
cf-polished
origFmt=png, origSize=19098
content-disposition
inline; filename="blog-single-bg-desktop.webp"
content-length
6094
cf-bgj
imgq:100,h2pri
last-modified
Fri, 09 Aug 2024 16:36:57 GMT
server
cloudflare
etag
"66b645a9-4a9a"
vary
Accept
content-type
image/webp
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20d0e98c71b8-FRA
expires
Tue, 12 Nov 2024 12:33:30 GMT
Figure_1_PTA_authentication_process-1024x480.jpg.webp
cymulate.com/uploaded-files/2024/08/
38 KB
39 KB
Image
General
Full URL
https://cymulate.com/uploaded-files/2024/08/Figure_1_PTA_authentication_process-1024x480.jpg.webp
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b64bd8647b659618f2c3588c8ebcc585df43797bc6e0dbc3070b2e682809f62b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Tue, 13 Aug 2024 08:37:42 GMT
server
cloudflare
age
8500
etag
"66bb1b56-9988"
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20d0e98971b8-FRA
content-length
39304
expires
Wed, 13 Nov 2024 09:33:42 GMT
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/
188 B
1 KB
XHR
General
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=4347852
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f46c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19d2fd49a43025a4ba1f072aeb94e9f9f5ae3e2954fb4a64972d6f4527b3003a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
451901d4-72f7-4661-8ad1-f7017234099b
content-encoding
br
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
451901d4-72f7-4661-8ad1-f7017234099b
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://cymulate.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-78c8468c8b-kbddh
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4hG6gN8BY7sIJzjMoUhNTm%2FywfRWZazjQSVJLEbu9Hc0NPBk%2BbUFl2gCpv%2BDxxGU7HwMVQs9TfXin8w0SP1PpGvaPrI3ZdPXuwxWVl9VW1orJ20%2FkA6atkIzx0b%2FZzojpgx4Ys%2BbaEfom6%2FV"}],"group":"cf-nel","max_age":604800}
cf-ray
8b3a20d11b3e9152-FRA
access-control-allow-headers
*
js
www.googletagmanager.com/gtag/
319 KB
106 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9d6233deb90857bf8dd9cb36caa92c44f0f7084ab00782746e7913b382fa21b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
108037
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Aug 2024 15:13:22 GMT
destination
www.googletagmanager.com/gtag/
274 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-859674832&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
340c38400e5868a170944b5cf8a7a7e169c439c9fcf2f73a2468750c6a26e1d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96143
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Aug 2024 15:13:22 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2024 05:33:09 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=33350
accept-ranges
bytes
content-length
14597
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.8.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-eddf8230050-FRA
qevents.js
a.quora.com/
41 KB
15 KB
Script
General
Full URL
https://a.quora.com/qevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
x-amz-version-id
jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
M04HPBTPY5GDBBF5
age
12087577
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ=
last-modified
Thu, 28 Mar 2024 17:33:19 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:87b5ecaafd0e88097cbbb1bbb7695fe9
etag
W/"87b5ecaafd0e88097cbbb1bbb7695fe9"
vary
Accept-Encoding
content-type
text/plain
cache-control
public, max-age=14400
cf-ray
8b3a20d14b6f9bf5-FRA
expires
Thu, 15 Aug 2024 19:13:22 GMT
obtp.js
amplify.outbrain.com/cp/
28 KB
9 KB
Script
General
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-86.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 15 Aug 2024 15:13:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 Jul 2024 07:46:01 GMT
Server
AkamaiNetStorage
ETag
"484f007d650a3fc9fe7590700b8bf590:1721634587.188058"
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-RG
EU
Cache-Control
max-age=1200
X-CC
DE
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8617
Expires
Thu, 15 Aug 2024 15:33:22 GMT
oktrk.js
static.oktopost.com/
9 KB
4 KB
Script
General
Full URL
https://static.oktopost.com/oktrk.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.65.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-65-125.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 06:39:57 GMT
content-encoding
gzip
via
1.1 6b15d1c60d9f387a4132de8eb9595b1e.cloudfront.net (CloudFront)
last-modified
Mon, 27 Jan 2020 09:47:41 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P6
age
30806
etag
W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
8NSxflsh_FcDWKopO8WHLYi9pWvXEKDYMY6JwDL3d1Ry8YfPg8xcvQ==
fbevents.js
connect.facebook.net/en_US/
225 KB
60 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
63
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58865
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1328, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
ORL5h6StXp7lCiAX7lINYlT3qil59F678Lii0JXEL5yiupXtZLKgZzCio9yS4YisFrv70xC6UXuxalMBZ7ksZQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/
274 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-859674832
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c75f371cc2e9a10b24fe0f56d192a9bb84e36354506f478a26d92d730b3dda66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96028
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Aug 2024 15:13:22 GMT
/
a.clickcertain.com/px/
Redirect Chain
  • https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad
  • https://a.clickcertain.com/px/smart/a/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad
  • https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75
5 KB
2 KB
Script
General
Full URL
https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Server
2606:4700:20::681a:932 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64092de47640d7ebb501b0dceb1aaa02fedca06e65c668882e86a081eb86eeb9

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
br
x-frontend
cc-nginx-8674cc857-h4wwj:cc-nginx-8674cc857-h4wwj
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
0a95fc41-11ef-4641-8016-a446c0bb4f20
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uCxifp5vYYMdVznaeI1GeaxLS8Urmm8sByL74VKTNszt2XnO2%2F1h%2F4NMkIJVR5YIASSBOd5nFe2KDqwQVgL2acrvVumj1rvpThTU4aZM6isbKe%2BV%2BGXVIAxhxkd55Tx0qGpFxbKfY3Slfo5ShEz%2FyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cf-ray
8b3a20d2de27a034-FRA

Redirect headers

date
Thu, 15 Aug 2024 15:13:22 GMT
x-frontend
cc-nginx-8674cc857-fcgv5:cc-nginx-8674cc857-fcgv5
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
764a558d-63bb-473c-a743-13cea6fb6e75
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76%2BVJvl4F8xRWRn115LFf4lB0muiyKzzqwwCHBaxoiRmTLsk4awFm8UFspFfcDrjBYtscdJmC6swnHMjGqaY2c3wU%2BhuH48r28bjUzP0ePVjwtYGExi7kcaI8w2AYzlUSWJa5U69e0fp1ytoUndQTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
location
https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=764a558d-63bb-473c-a743-13cea6fb6e75
cf-ray
8b3a20d23d3ba034-FRA
lp.js
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/
6 KB
2 KB
Script
General
Full URL
https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:cc0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
tx0000017fcbf6bc503f379-0065ef2edd-54a620eb-sfo2a
age
84453
x-envoy-upstream-healthchecked-cluster
last-modified
Thu, 22 Sep 2022 17:10:43 GMT
server
cloudflare
etag
W/"9a8767fa98da937fb02cdbbc52a101bb"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type
application/x-javascript
x-do-cdn-uuid
80b6018b-293e-4962-9bc8-48075e637d03
x-rgw-object-type
Normal
cache-control
max-age=604800
cf-ray
8b3a20d14cd5048f-FRA
pixel
q.quora.com/_/ad/87ac9c2e891247c0aa664111139e6d1f/
43 B
422 B
Image
General
Full URL
https://q.quora.com/_/ad/87ac9c2e891247c0aa664111139e6d1f/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.154.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-154-65.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 15 Aug 2024 15:13:22 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Server
nginx
Connection
keep-alive
Content-Length
43
X-Q-Stat
,39cde6d10cdb625868d16f30dc5b147f,10.0.0.149,3208,45.141.152.72,,401776295845,1,1723734802.444,0.002,,.,0,0,0.000,0.004,-,0,0,203,277,138,10,26847,,,,,,-,
Content-Type
image/gif
en.json
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/01912cd2-c94b-701b-a076-85ba62638933/
91 KB
19 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/01912cd2-c94b-701b-a076-85ba62638933/en.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cfc1c4a8a1538804c897ce2127c9f876929b9521bd1b01b9616d100c166ab76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
60710
content-md5
EzeJ+xrDYld8Fspa+5oO1w==
content-length
18817
x-ms-lease-status
unlocked
last-modified
Mon, 12 Aug 2024 09:30:21 GMT
server
cloudflare
etag
0x8DCBAB1634B7592
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
d7e92660-801e-0002-0b9a-ec9504000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20d12bf1bbb3-FRA
adsct
t.co/i/
43 B
377 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=8b25a7d6-8cc7-45c9-abe4-a47f3881998c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=79cfa7cf-7e7b-4b97-94d0-9cd68b760e7e&tw_document_href=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0yw3&type=javascript&version=2.3.30
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time
175
date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
049455ceab2ddadd
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
52b95ce36bcb24ca728fb674adcd2ebe75c277ca847207a8d7ea1fb4a473c678
content-length
43
adsct
analytics.twitter.com/i/
43 B
396 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=8b25a7d6-8cc7-45c9-abe4-a47f3881998c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=79cfa7cf-7e7b-4b97-94d0-9cd68b760e7e&tw_document_href=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0yw3&type=javascript&version=2.3.30
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time
176
date
Thu, 15 Aug 2024 15:13:21 GMT
strict-transport-security
max-age=631138519
server
tsa_f
content-type
image/gif;charset=utf-8
x-transaction-id
7b99b809197b9b2a
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
19a7f49f29f6d8728f6286b92f92702e5b9d5a47026d298793713840efb6edbd
content-length
43
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/
95 B
1 KB
Fetch
General
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=4347852&currentUrl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c9185884-1c8e-414d-9d70-59b5e4cedcdf
content-encoding
br
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c9185884-1c8e-414d-9d70-59b5e4cedcdf
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://cymulate.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0CLqfQHzLOh8MK2ajXeTq3JcZFFwh41HShADQOJGE6iN7IxDXw8zQgiep3ZpLVZyUsOwwf8hlFAYr9OHJy2VgeeQPJ8I9XXifdvftre3ohpb%2B3lHUV%2FbWX2X5fs3ZbMc5CS6a3o0iflafg18NNxPwh4DK%2B5KKomhyQ%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8b3a20d179b29a15-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-hp85f
201397790656822
connect.facebook.net/signals/config/
70 KB
14 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/201397790656822?v=2.9.164&r=stable&domain=cymulate.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
76861f6d470210a2659de13bd9b3e39de48147be40e582c66087d7fca460e7b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
47
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=10, rtx=0, c=64, mss=1328, tbw=64390, tp=-1, tpl=-1, uplat=88, ullat=0
pragma
public
x-fb-debug
Gqh0+y40fsd8it2++zrie6AUym1+YyUfY+SxlKo5v5BC32Ccz8+agbGKaZaN5is6PUcT855pUv6qcy+vCp6GdQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
otCenterRounded.json
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCenterRounded.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64aff3262c56fa48ad38b8d9d4d674a6ee3759d1ce4cb52c66865e3fc2c16d2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
8iY1areeqAcFu6fI0Es3zg==
age
60710
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2597
x-ms-lease-status
unlocked
last-modified
Thu, 01 Aug 2024 01:18:07 GMT
server
cloudflare
etag
0x8DCB1C7CCD4EEB2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
92638a1d-b01e-0009-337a-e96e6f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20d1ac9ebbb3-FRA
expires
Fri, 16 Aug 2024 15:13:22 GMT
otCookieSettingsButton.json
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCookieSettingsButton.json
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
O3m9h96R8jrQiO6UBOWOVA==
age
5377
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1738
x-ms-lease-status
unlocked
last-modified
Thu, 01 Aug 2024 01:18:08 GMT
server
cloudflare
etag
0x8DCB1C7CD85EB83
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
4375bae1-301e-0028-667a-e94a14000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b3a20d1aca1bbb3-FRA
expires
Fri, 16 Aug 2024 15:13:22 GMT
otCommonStyles.css
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/
24 KB
4 KB
Fetch
General
Full URL
https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCommonStyles.css
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
HIT
content-md5
HyPJ72TNHxdfOI82cqKVqA==
age
5377
x-ms-lease-status
unlocked
last-modified
Thu, 01 Aug 2024 01:18:26 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
206a64ed-a01e-002a-487a-e9f4ac000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
cf-ray
8b3a20d1aca2bbb3-FRA
expires
Fri, 16 Aug 2024 15:13:22 GMT
attribution_trigger
px.ads.linkedin.com/
2 B
813 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
content-encoding
gzip
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: F4DA54003EC2437CAFE4FBFBA1BC8AD0 Ref B: FRAEDGE1318 Ref C: 2024-08-15T15:13:22Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-lva1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYfukiTV936YbKF0gbskQ==
x-fs-uuid
00061fba489357ddfa61b285d206ec91
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFW...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFWmb-HeTX8dUhVfdj3u0IT-vJ36f6XZrjLJfMkRvFWcgyramKjCAO6zwAIjrSMApBsRdmPlwnnQQ
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 96968A3BF8D247D89F60E78CC4BA001B Ref B: FRAEDGE1705 Ref C: 2024-08-15T15:13:22Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYfukibBIV8r87buUGxxA==

Redirect headers

date
Thu, 15 Aug 2024 15:13:21 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 1D76B5990649428AA07FF535826D4BF6 Ref B: FRAEDGE1116 Ref C: 2024-08-15T15:13:22Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1723734802188&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&e_ipv6=AQLDzhHuaWFZXAAAAZFWmb-HeTX8dUhVfdj3u0IT-vJ36f6XZrjLJfMkRvFWcgyramKjCAO6zwAIjrSMApBsRdmPlwnnQQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAYfukiT7JJ7ohVY93WX0w==
/
px.ads.linkedin.com/wa/
0
697 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 15 Aug 2024 15:13:21 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 1703CA0BC29848E78DE7078BC7930384 Ref B: FRAEDGE1116 Ref C: 2024-08-15T15:13:22Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
access-control-allow-origin
https://cymulate.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYfukiTVkikKASTsjUY1Q==
ping
okt.to/
0
100 B
Script
General
Full URL
https://okt.to/ping?uri=%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&aid=001t441s05ft70x&ts=1723734802238
Requested by
Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.20.195.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-195-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000;
content-type
text/javascript;charset=UTF-8
unifiedPixel
tr.outbrain.com/
53 B
321 B
Fetch
General
Full URL
https://tr.outbrain.com/unifiedPixel?au=true&bust=09925835668567107&referrer=&cht=ot&marketerId=00cac2de15d94f548d01b277003947c226&name=PAGE_VIEW&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&g=1&obApiVersion=1.0-gtm&obtpVersion=2.0.5
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
cache-control
no-cache
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-traceid
51823eaaaec6df3962a6d53145476b76
content-length
54
content-type
image/gif;
cachedClickId
tr.outbrain.com/
35 B
293 B
Script
General
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=00cac2de15d94f548d01b277003947c226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-traceid
dd0fc136f9a476fb5fbd84d8e44c49a0
content-length
39
content-type
application/javascript
00cac2de15d94f548d01b277003947c226
wave.outbrain.com/mtWavesBundler/handler/
2 B
448 B
Script
General
Full URL
https://wave.outbrain.com/mtWavesBundler/handler/00cac2de15d94f548d01b277003947c226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-86.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
Date
Thu, 15 Aug 2024 15:13:22 GMT
ob-sent-time
1723699800611
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-RG
EU
Cache-Control
max-age=60
X-CC
DE
Connection
keep-alive
x-traceid
8eac4bccf1ca4c87438c6782fa8291ac
Content-Length
2
Expires
Thu, 15 Aug 2024 15:14:22 GMT
topics
amplify.outbrain.com/
26 B
301 B
Fetch
General
Full URL
https://amplify.outbrain.com/topics
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-86.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 15 Aug 2024 15:13:22 GMT
Observe-Browsing-Topics
?1
Content-Type
text/html
Access-Control-Allow-Origin
*
X-RG
EU
Cache-Control
max-age=1200
X-CC
DE
Connection
keep-alive
Content-Length
26
Expires
Thu, 15 Aug 2024 15:33:22 GMT
ot_close.svg
cookie-cdn.cookiepro.com/logos/static/
651 B
580 B
Image
General
Full URL
https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
HIT
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
85060
x-ms-lease-status
unlocked
last-modified
Thu, 01 Aug 2024 01:18:25 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
2a99f935-f01e-0018-245d-e4f4db000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
cf-ray
8b3a20d21deb3626-FRA
expires
Fri, 16 Aug 2024 15:13:22 GMT
818712168779601
connect.facebook.net/signals/config/
27 KB
4 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/818712168779601?v=2.9.164&r=stable&domain=cymulate.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C130%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C123%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b2ffa6b06bc8eddcfd878a9e6393e761091c6ba3552d16a199c60d189691ce30
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
36
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4658, tp=12, tpl=0, uplat=65, ullat=0
pragma
public
x-fb-debug
t3PWcnikudvBSuXmecDaler/B5sPkh8cMKEZmJAJ454o47Q+3UPIUi+ZeGBp6jPV4tGtkD10Y4/yBbuDb5wwtg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
273 B
Image
General
Full URL
https://www.facebook.com/tr/?id=201397790656822&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802286&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=2790, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=201397790656822&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802286&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
54
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384603069630108", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=3323, tp=-1, tpl=-1, uplat=134, ullat=0
pragma
no-cache
x-fb-debug
/u3bgQdLUU6FwARegdNJZ7U2DbycBC4D5TwmUAkZQjNkgzJhwht31dJ4OXBlJOsYdmxc4xOiUo/IwcceHDvN4A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384603069630108"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
counters.gif
perf-na1.hsforms.com/embed/v3/
35 B
927 B
Image
General
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8c249a5c-1430-4b7e-ac17-d1d28e435e15
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8c249a5c-1430-4b7e-ac17-d1d28e435e15
last-modified
Thu, 15 Aug 2024 15:13:22 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-6srhk
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
8b3a20d26d3e90e0-FRA
1273790856111869
connect.facebook.net/signals/config/
22 KB
3 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1273790856111869?v=2.9.164&r=stable&domain=cymulate.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C130%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C123%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144%2C124
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
96a8fbd1711dfe1c6bfae78d6b293be5cade37ee755920998a17313d9c8de184
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
40
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=28, mss=1232, tbw=10704, tp=19, tpl=0, uplat=68, ullat=0
pragma
public
x-fb-debug
NhzKprbPX6fagRFvW60BFfierV9GTk+q8ls/+3R7ZYoPf8yB+6NusxTWac5b6VLZ1duvqNeHugZpU9iwUe3yUg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
102 B
Image
General
Full URL
https://www.facebook.com/tr/?id=818712168779601&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802365&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=3177, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
852 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=818712168779601&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802365&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&cs_est=true&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
69
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384602803921011", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=6330, tp=-1, tpl=-1, uplat=71, ullat=0
pragma
no-cache
x-fb-debug
4X1k8FIQKhHDdCZKbjMVE2BOsfZyyli+Pd4QJDSy6G6Da05+zlF+6mNiNFnDsiPwqBay/qKjxnb8f8WffKejpw==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384602803921011"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
19 B
Image
General
Full URL
https://www.facebook.com/tr/?id=201397790656822&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802447&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4898, tp=16, tpl=0, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
195 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=201397790656822&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802447&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
38
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384603568931200", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=24, mss=1232, tbw=5618, tp=23, tpl=0, uplat=37, ullat=0
pragma
no-cache
x-fb-debug
fDHtm4GP7ZCmVZBJDEiDsI8xSPvDt0KavhaZuVqG8RhJoW2zifWr72HHspR705YcrBkMDxEf/Z80rfFK/fTEOA==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384603568931200"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
16 B
Image
General
Full URL
https://www.facebook.com/tr/?id=818712168779601&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=5218, tp=18, tpl=0, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
193 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=818712168779601&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Thu, 15 Aug 2024 15:13:22 GMT
document-policy
force-load-at-top
x-fb-server-load
29
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384603551508250", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=26, mss=1232, tbw=8402, tp=27, tpl=0, uplat=211, ullat=0
pragma
no-cache
x-fb-debug
5GfcI6KVZqEr7cIxxJRbN8rxbg0IgID2epnLMHvbQFo5xidEZPONe11lfyRhBqSNO7X0RFev1MzOv7iGkcBmrQ==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384603551508250"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
16 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1273790856111869&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=5378, tp=20, tpl=0, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Aug 2024 15:13:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
192 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1273790856111869&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734802448&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET
Requested by
Host: cymulate.com
URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x2bd7f739d90047cb","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["21:1605859652795144","21:1565555643480638","21:1828166850547590","7817:1605859652795144","7817:1565555643480638","7817:1828166850547590","573:1605859652795144","573:1565555643480638","573:1828166850547590","11478:1605859652795144","11478:1565555643480638","11478:1828166850547590","10853:1605859652795144","10853:1565555643480638","10853:1828166850547590","38:1605859652795144","38:1565555643480638","38:1828166850547590","8048:1605859652795144","8048:1565555643480638","8048:1828166850547590","603:1605859652795144","603:1565555643480638","603:1828166850547590"]},"debug_reporting":true,"debug_key":"1"}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 15 Aug 2024 15:13:23 GMT
x-fb-server-load
37
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384601644303389", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=27, mss=1232, tbw=9330, tp=29, tpl=0, uplat=1021, ullat=0
pragma
no-cache
x-fb-debug
eCrNUa9Oe52fWpAf3yedGNjuc5Ap3CFLwLSzOsYdml16DNiQk1kdLiQvBMveQrzoah4pJ9A7o0aoMrzL2Xrx7A==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384601644303389"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-6ZSMQQR9V4&gtm=45je48e0v887322098z878928481za200zb78928481&_p=1723734801786&gcs=G100&gcd=13p3pPp2p5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=621335572.1723734803&ecid=929221011&ul=de-de&are=1&frm=0&pscdl=denied&ec_mode=a&_geo=1&_rdi=1&_s=1&sid=1723734802&sct=1&seg=0&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&dt=Exploiting%20Pass-through%20Authentication%20Validation%20in%20Azure%20AD%C2%A0&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1489
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Aug 2024 15:13:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cymulate.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
landing
pagead2.googlesyndication.com/pagead/
42 B
64 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p2p5&tag_exp=0&rnd=1356737669.1723734803&url=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&dma_cps=-&dma=1&npa=1&gtm=45He48e0n815Q2VT3Cv78928481za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Aug 2024 15:13:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
a.clickcertain.com/px/cont/ Frame 6FBA
0
0
Document
General
Full URL
https://a.clickcertain.com/px/cont/?c=24335bac5f4f324&ccid=febeee48-248b-43ec-8272-82b7b77f76bf&cn=DE&rid=764a558d-63bb-473c-a743-13cea6fb6e75
Requested by
Host: a.remarketstats.com
URL: https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=blog/exploiting-pta-credential-validation-in-azure-ad
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:932 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8b3a20d9e88e9b7c-FRA
content-encoding
br
content-type
text/html
date
Thu, 15 Aug 2024 15:13:23 GMT
etag
W/"ZmViZWVlNDhnMjQ4Ymc0M2VjZzgyNzJnODJiN2I3N2Y3NmJmLXow"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x0xcZaXpCjnRGtxba4h0TcsIYzHsR2xE%2FKyI1dYiwc26qe1T3jxqvGQVvstTunPDo1M%2FOpbJIHRox5v48Eta8OUBvrEIqXCfaho2v3yCtQdsrQpNPiN3GxTRgSGmQoPMm7snDr62k%2BGgmuNHsOonqw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frontend
cc-nginx-8674cc857-h4wwj:cc-nginx-8674cc857-h4wwj
x-requestid
e9b2ccef-699f-4bbf-beba-243cc3af0381
__ptq.gif
track.hubspot.com/
45 B
1 KB
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1240600147&v=1.1&a=4347852&rcu=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&pu=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&t=Exploiting+Pass-through+Authentication+Validation+in+Azure+AD%C2%A0&cts=1723734803487&vi=ea27e567b0671fcf4afeafa6bbe7b9e9&nc=true&u=145613419.ea27e567b0671fcf4afeafa6bbe7b9e9.1723734803484.1723734803484.1723734803484.1&b=145613419.1.1723734803484&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d1ec21e5-1f90-46d7-a8b8-e6c0113f528d
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
8
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d1ec21e5-1f90-46d7-a8b8-e6c0113f528d
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nIkoL3YdyG7nH0EzmB47ky4cvehOKs62iIr35LQGIxIMEFJp%2Fe6jRTcbMd8Q5vpjNr0tso9rdT1VjkWpaqvfrmnUSsCC%2BG5RNGWKWEDa%2B8ZApIoT8Its2cm2UvblO6UeQ12Nem%2BL%2FfATM42EHHm6"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-rtlfs
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8b3a20da085e5d39-FRA
x-robots-tag
none
/
www.facebook.com/tr/
0
16 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1273790856111869&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734803488&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=28, mss=1232, tbw=11026, tp=33, tpl=0, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Aug 2024 15:13:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
196 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1273790856111869&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&rl=&if=false&ts=1723734803488&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1723734802284.98137553911172808&ler=empty&cdl=API_unavailable&it=1723734802175&coo=false&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Thu, 15 Aug 2024 15:13:23 GMT
document-policy
force-load-at-top
x-fb-server-load
48
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403384606189072884", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=28, mss=1232, tbw=11266, tp=36, tpl=0, uplat=38, ullat=0
pragma
no-cache
x-fb-debug
Q0Lpg2BxHNYZdR/zqjZkBWMhPxeroGdeS6zEBDR+tJuSl+AdDZqpFCYbSKYRjPaLn845guXQWzGi/PHmKxMUIA==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403384606189072884"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
json
forms.hubspot.com/lead-flows-config/v1/config/
178 B
1 KB
XHR
General
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=4347852&utk=ea27e567b0671fcf4afeafa6bbe7b9e9&__hstc=145613419.ea27e567b0671fcf4afeafa6bbe7b9e9.1723734803484.1723734803484.1723734803484.1&__hssc=145613419.1.1723734803484&currentUrl=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa2e3d82416c0d86daaf6fcb0d6c187ebc7cf2636859e8cdaef18c873cd9cb93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e59d9aa6-9347-4bd8-95a9-f0c59ff6ba56
content-encoding
br
x-envoy-upstream-service-time
21
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e59d9aa6-9347-4bd8-95a9-f0c59ff6ba56
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://cymulate.com
x-evy-trace-virtual-host
all
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-vls5k
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20dllkpV3jCez7skk9BcnkAksgqM6GNG7laBZo7vIhp9FxuLYfwXLaRrf2TKioQ8LiKN2kPpOOwEltc%2FQwZGIAIqMAscIjvA6aaGJ911a%2FM8D0%2Fh9i4VQ3wfdGAuem3PYuD593BLxZ0e7L1flB3b"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8b3a20d9ec239a15-FRA
cymulate-logo-icon.png
cymulate.com/uploaded-files/2021/09/
412 B
618 B
Other
General
Full URL
https://cymulate.com/uploaded-files/2021/09/cymulate-logo-icon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:ddf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e13738f614b52e0d861b7cd9342face18efe7314aca70bc63db7fc8f0a68121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://cymulate.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 15:13:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
95543
cf-polished
origFmt=png, origSize=4239
content-disposition
inline; filename="cymulate-logo-icon.webp"
content-length
412
cf-bgj
imgq:100,h2pri
last-modified
Mon, 12 Jun 2023 08:35:36 GMT
server
cloudflare
etag
"6486d8d8-108f"
vary
Accept
content-type
image/webp
cache-control
public, max-age=7776000, no-transform
accept-ranges
bytes
cf-ray
8b3a20e05f7371b8-FRA
expires
Tue, 12 Nov 2024 12:20:48 GMT

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 string| mmGlobalJSTimestamp function| gtag object| dataLayer object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| rocket_lazyload_css_data object| cymulate_global object| codeBlockPro object| lazyLoadOptions function| LazyLoad object| _hsp function| jQuery object| otStubData object| google_tag_manager object| google_tag_data function| sliderCaptcha function| isInViewport function| setBodyHight number| window_width number| winWidth number| winHeight object| jparalax object| jtrigger object| jfixHeight object| jfixWidth function| doParalax function| doTrigger function| doFixHeight function| doFixWidth function| winScroll function| winResize function| top_btn_scroll function| autoHeightAnimate function| createHubSpotForm function| getParameterByName function| hrefScrollToElement function| offsetAnchor function| getCookie function| isElementInViewport function| GartnerPI_Widget function| codeBlockProInit object| images object| iframes object| rocket_lazy boolean| PIXELS_RAN object| enabledEventSettings object| _hsq object| jtarget boolean| _hspb_ran boolean| _hspb_loaded object| _paq function| sanitizeKey boolean| _hstc_loaded string| _linkedin_data_partner_id function| twq function| qp string| qpGtm function| obApi function| obTag string| OktopostTrackerObject function| _oktrk function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk object| globalRoot function| bindToWindowOnError object| leadflows function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| regeneratorRuntime object| twttr object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| Optanon object| OneTrust string| OnetrustActiveGroups string| OptanonActiveGroups object| Metadata object| qevents boolean| _already_called_lintrk object| ORIBILI function| onYouTubeIframeAPIReady function| apiObj object| gaGlobal boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| LEAD_FLOW_DOCUMENT_READY_RAN function| addEventListenerWPRocketBase

26 Cookies

Domain/Path Name / Value
.hsforms.net/ Name: __cf_bm
Value: ca9QLDf2gqEQgje6seg0VM1nye4BGur3B0Zzd6koXhk-1723734801-1.0.1.1-N3KNghsxuSB0JB6Vu9Rhi2AP4hPrb_nvmHwSeo4w8lUhju4NBinJiv3gqHvGuFwz76Qv71D2QwOCiY9jjK.iYQ
cymulate.com/ Name: blog_rsCount
Value: 1,expireDate=expires=Sat, 17 Aug 2024 15:13:22 GMT
.cymulate.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Aug+15+2024+17%3A13%3A22+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202407.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=15c0ae64-7bcf-4168-8961-42a974e0b7e3&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fcymulate.com%2Fblog%2Fexploiting-pta-credential-validation-in-azure-ad%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0
.cymulate.com/ Name: _fbp
Value: fb.1.1723734802284.98137553911172808
a.clickcertain.com/ Name: _ccpx_u
Value: febeee48%2d248b%2d43ec%2d8272%2d82b7b77f76bf
.twitter.com/ Name: personalization_id
Value: "v1_zP01NJG++1Fiqkq0CuzwYQ=="
.linkedin.com/ Name: bcookie
Value: "v=2&e8d797c9-1d78-4e96-81d4-0af7eedaf07b"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjM3MzQ4MDI7MjswMjFKrxAyXca8oCzxj8U/PyGc6ng04FoeC26nrJg7y8PJSQ==
.linkedin.com/ Name: lidc
Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2959:u=1:x=1:i=1723734802:t=1723821202:v=2:sig=AQHuFLGQW8JVK2X2Dy0tp3MsSMFvzSWJ"
.t.co/ Name: muc_ads
Value: b78f24f1-d34a-4969-8234-667961bfa408
a.clickcertain.com/ Name: _ccpx
Value: 24335bac5f4f324
a.clickcertain.com/ Name: _ccpx_24335bac5f4f324
Value: 1
.hsforms.com/ Name: __cf_bm
Value: 9ScBzDlCbIBy0j5sDwA1O3xiZfSr9Eb__DDTvck37M0-1723734802-1.0.1.1-VjZjnHvMEm7nI_DBGBajTfIxE21N6PbYicXmM2cxfziHFkhu8kWuyPFXph5BGTe38Wtad_G1LH5JahsF5oMkyA
.hsforms.com/ Name: _cfuvid
Value: Ib4kyLCDzNy60FasHarxqCYF6kgA8RyuArP4mlxswt4-1723734802481-0.0.1.1-604800000
.cymulate.com/ Name: __hstc
Value: 145613419.ea27e567b0671fcf4afeafa6bbe7b9e9.1723734803484.1723734803484.1723734803484.1
.cymulate.com/ Name: hubspotutk
Value: ea27e567b0671fcf4afeafa6bbe7b9e9
.cymulate.com/ Name: __hssrc
Value: 1
.cymulate.com/ Name: __hssc
Value: 145613419.1.1723734803484
.hubspot.com/ Name: __cf_bm
Value: 3hsbyjvDWFbX9qdZTv8oGPSf3gxlqRuPYTKJvEasidY-1723734803-1.0.1.1-J98bNR8RJH8g2j68Kckb5XsU1b_.xIbhV30j2kHAelZ7cIIIPhA6iQOHhMpGQWbOKoa9oGc0ayvuA69YTPHfaQ
.hubspot.com/ Name: _cfuvid
Value: MH46b8HOjswBwL.c3lg6AqThoyBl7nMPQtdHQNxz6iw-1723734803684-0.0.1.1-604800000
.tapad.com/ Name: TapAd_TS
Value: 1723734803763
.tapad.com/ Name: TapAd_DID
Value: e8c0373a-13c7-4fb2-b75e-3b89ef2dc7f4
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.bidr.io/ Name: bito
Value: AADN2U7NfDYAABXH2xqdcA
.bidr.io/ Name: bitoIsSecure
Value: ok
.a.usbrowserspeed.com/ Name: tuid
Value: 849e5ebe-86ca-4a21-b4dd-981de980229e

1 Console Messages

Source Level URL
Text
other warning URL: https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/(Line 492)
Message:
Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.clickcertain.com
a.quora.com
a.remarketstats.com
amplify.outbrain.com
analytics.twitter.com
api.hubapi.com
connect.facebook.net
cookie-cdn.cookiepro.com
cta-service-cms2.hubspot.com
cymulate.com
forms.hubspot.com
geolocation.onetrust.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
okt.to
pagead2.googlesyndication.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.google-analytics.com
snap.licdn.com
static.ads-twitter.com
static.oktopost.com
t.co
tr.outbrain.com
track.hubspot.com
wave.outbrain.com
www.facebook.com
www.googletagmanager.com
104.244.42.195
13.107.42.14
151.101.8.157
162.159.153.247
2001:4860:4802:34::36
23.35.237.86
2606:4700:10::ac43:ddf
2606:4700:20::681a:932
2606:4700:20::ac43:4549
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6811:80ac
2606:4700::6811:afc9
2606:4700::6812:17b7
2606:4700::6812:1d7f
2606:4700::6812:50cc
2606:4700::6812:8b11
2606:4700::6812:8d77
2606:4700::6812:cc0
2606:4700::6812:e3e
2606:4700::6812:f46c
2620:1ec:21::14
2a00:1450:4001:80e::2002
2a00:1450:4001:81d::2008
2a02:26f0:3500:10::210:a99
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
52.20.195.32
52.72.154.65
52.85.65.125
70.42.32.63
93.184.221.165
03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890
0425a8f82b801c86dc4a6718f77b6675fbde4032abfe3601e846f53f6419df8c
060d75de17d3e951c3ddbbd52f016c035789b8151676b1e2b3963f9c85623397
07f134f5be6766081057b1d18f253f6da67f1efcd2bbbe601273ead941489544
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
10dd819ad5850f580e622143a919a6f338b73f815e912a2062692c25f7c1f10b
19d2fd49a43025a4ba1f072aeb94e9f9f5ae3e2954fb4a64972d6f4527b3003a
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
22f7af7c1f0fda7b15222161020de20537ce540f08ba19284bb2e27def8e2f86
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a58fb4ba57e791839c580c3ab186ee45d39e5558c62fa910a531e2225be9331
2dea6803bb490d3ced7f64b025151e27e9cb6fb79e72b6b7df5fe2ce93477dae
340c38400e5868a170944b5cf8a7a7e169c439c9fcf2f73a2468750c6a26e1d5
38483bf56e4a876f08814cd0643d4c7a2f5b9fb9bcd1e0152b764644ab22fa69
3e92096bd29fcb17b27edf69b590575685720d412144871ec907576a027561e9
41b4a5838294c17b4b8e8c380c13f4aa105e8ee20bfb78527afc8fda14216c49
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57294d13fa4aef7d107077478682297f6c2812cd13db25a11b6493b4bded78e9
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
639cd9a9b675392f0a38786644000084d9bdb5a8c8e374321351da4e58945b8c
64092de47640d7ebb501b0dceb1aaa02fedca06e65c668882e86a081eb86eeb9
64aff3262c56fa48ad38b8d9d4d674a6ee3759d1ce4cb52c66865e3fc2c16d2f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
76861f6d470210a2659de13bd9b3e39de48147be40e582c66087d7fca460e7b9
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
7a303026a1e158c61d96ba96010352c24957181ee22828ce2b54cdd60c813529
7a3e40f5aae1d91a54d5485ad9d6d0647261d98a9e7b3bdcc3ac4470de6ffba7
7a80fb50f58320df02bb209faa75baed165759153874be28cdc35e87cfd470fc
7ac2e76a6c07b4ed8bef78f303d08167cec1561a99e1c8f5f1c247294ba9b5ad
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7ceb950911d2b12a1cd67b2221b6dd703bb9743e8d960f7eb751c763bb1103a4
7cfc1c4a8a1538804c897ce2127c9f876929b9521bd1b01b9616d100c166ab76
7e13738f614b52e0d861b7cd9342face18efe7314aca70bc63db7fc8f0a68121
86236fd9addfae28b79d07cd2abfbb3410e1708a29c71717068cf8ecd230f6d5
892bd60ea96f88ef10e5fc372d6d34fe4f9de4460660e0596b8358e91875873f
8d4e233e8560d0403b932a14bbd2f0fcf7b1ab1c2be71842e14341cd92921c9e
8e1b1a37caa8b7627123aeb0e23ad3a2ac14d4ad48be7aabb2ca7ca9da218ef5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
908f709b6824f7973fefc1778ab7ee4d664cbbb9c124ab75785ea03019c4c7b4
94561d4d205db4224fdb2c247542009d40537aaf869dc8fda63912916f4e6543
96a8fbd1711dfe1c6bfae78d6b293be5cade37ee755920998a17313d9c8de184
984b17f585481fdbb2424e13bbb78e346023740f08f06958a428fbba1dbc0ac5
9d6233deb90857bf8dd9cb36caa92c44f0f7084ab00782746e7913b382fa21b1
a5d56faa79ac6b2f06f6f63e4c93f3537aec12d5b23e9afa18ca8c7716641132
a82bb710867f55be7db0b626115e5b2077e637aa61d636057fedfeb52def9056
a9fded7e9c8304198cc3799357a93505196f2427686312588df98626f21a201c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af0aaeda573b7b3566b9ec8ecace3246309814d39fea16d7667f5c4ee96bcc8e
b0499eb6bef276af5e98726f6476ad2a09fa0a792e430be776811890b0a9e4b1
b2ffa6b06bc8eddcfd878a9e6393e761091c6ba3552d16a199c60d189691ce30
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b64bd8647b659618f2c3588c8ebcc585df43797bc6e0dbc3070b2e682809f62b
bb60550070f9a5ce5d91b9cb0d34ee6777a3dcb25de950cb185d1c2b624b2590
bc61255a9862df6aabf82c0fdc17ad5eed0e763ed6b92b95cfb1e8d679ea4e8c
bceff0710e3a7fe5b3622265c48b6fbc055cf071df80ef5f36ffc69550296664
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
c041cf82f0fc11784e05ff44e069061dc0eeb2d53bb286fbe9f900975fe95a6e
c16903de05444718bddc810c3db525b6292baf5fd3788bf0ef4f5384d52934a7
c24de5695a67f26e8e1a2770f7a62f82d1aae59a68c498412bf7986beeb7d84b
c75f371cc2e9a10b24fe0f56d192a9bb84e36354506f478a26d92d730b3dda66
c99760d7ed551cd0175afcc97ecb090823e535b0d91f19443993e15c9feb5116
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd1fd2875192579d70e969183c30fa0c470be73a0fbf01f356599c097878b27d
ceffda0001c0a6edf0cae48244e72c46d66bb5a75618d4ed5c03d0d24cd106eb
d2223ff06c80eafecd7007744ffd5e885c876bbb3b7a1fdd6f6072fd8c85f4e8
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dfdf1af1a230e3ee08968606c4322f5a9c51a5a6bf341687fedac60716c9ddab
e051bcd1aa1760cd154bda6aeb6dc3b4c34633cfdbfa5418ae2243cdecb87599
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4032f7f315f7c69204e0f8c20889cb0e035d9e6d3d45af72e2f2e01091b3e36
e461fa71ab99d660c0f0310212a00c827711c2f031ab5b44d37932c8d4b63d64
e4a868e1d129025f9907e1738c10688b5aa86c7911b34ecfab4f21e70f1e1b3d
e554db189b5d944ef0e6f98ee0e4e8c75f69e95315dc9f4ae0c616a8756a2ba4
e9250c36f23dfaecaf750e3bc3c57c589032f5a32d5d7429b43429a2e3f53549
e9bb517bf2cef096550eda67cb2a9d5aed019108b177f84c4b010670b06106c6
ea14b302d2386504b249b182fac6bdeff4b77b71921945c4cf70e73550ab503d
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f3f08b3cbc6ceb04bc62a9b85006ef3ee818f9cd4cedd2fb39e3058358682165
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f6b9ece1299ec1617b7cdb30ce252ec01cbbe54c4e6867ce7ad8678afad6c0ae
f790dbbcf9f8ae42200fc5ebcbe945aae0a49709ab702f01b80439cb577d7860
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
fa2e3d82416c0d86daaf6fcb0d6c187ebc7cf2636859e8cdaef18c873cd9cb93