www.mandiant.com Open in urlscan Pro
2606:4700:300b::a29f:f07d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mandiant.com/resources/log4shell-recommendations
Submission: On January 11 via api (January 11th 2022, 5:37:51 am UTC) from CA — Scanned from CA

Summary HTTP 101 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 36 IPs in 2 countries across 34 domains to perform 101 HTTP transactions. The main IP is 2606:4700:300b::a29f:f07d, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.mandiant.com. The Cisco Umbrella rank of the primary domain is 476579.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 4th 2021. Valid for: a year.

This is the only time www.mandiant.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	2606:4700:300... 2606:4700:300b::a29f:f07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:300... 2606:4700:300b::a29f:f67d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 9	2607:f8b0:400... 2607:f8b0:4006:824::2004	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.226.228.89 13.226.228.89	16509 (AMAZON-02) (AMAZON-02)
6	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:400... 2607:f8b0:4006:807::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.248.157 151.101.248.157	54113 (FASTLY) (FASTLY)
1	2600:141b:13:... 2600:141b:13::17d7:82d0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	184.87.87.25 184.87.87.25	16625 (AKAMAI-AS) (AKAMAI-AS)
8	23.5.233.176 23.5.233.176	16625 (AKAMAI-AS) (AKAMAI-AS)
2	13.226.222.148 13.226.222.148	16509 (AMAZON-02) (AMAZON-02)
1	13.226.210.81 13.226.210.81	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1 2	104.18.98.194 104.18.98.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	68.67.161.207 68.67.161.207	29990 (ASN-APPNEX) (ASN-APPNEX)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
2	34.200.179.101 34.200.179.101	14618 (AMAZON-AES) (AMAZON-AES)
4	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	40.91.78.9 40.91.78.9	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	13.226.228.88 13.226.228.88	16509 (AMAZON-02) (AMAZON-02)
2 2	34.232.192.29 34.232.192.29	14618 (AMAZON-AES) (AMAZON-AES)
2 4	52.85.193.76 52.85.193.76	16509 (AMAZON-02) (AMAZON-02)
2 2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
2 6	142.250.65.198 142.250.65.198	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:823::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4023:1404::9b	15169 (GOOGLE) (GOOGLE)
1	54.213.89.109 54.213.89.109	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	162.247.242.32 162.247.242.32	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
101	36

19 2606:4700:300b::a29f:f07d (United States)

ASN13335 (CLOUDFLARENET, US)

www.mandiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:300b::a29f:f67d (United States)

ASN13335 (CLOUDFLARENET, US)

www.fireeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:824::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.228.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-228-89.lax50.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:807::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.248.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:82d0 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.87.87.25 (Newark, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-87-25.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.5.233.176 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-5-233-176.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.222.148 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-222-148.lax50.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.210.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-210-81.lax50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States) 1 redirects

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.98.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.161.207 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 802.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

177-vpk-082.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.179.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-179-101.compute-1.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.91.78.9 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.228.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-228-88.lax50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.232.192.29 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-192-29.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.85.193.76 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-193-76.lax50.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.65.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net

11449174.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
11363283.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:823::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4023:1404::9b (Columbus, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.213.89.109 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-213-89-109.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.32 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: service.newrelic.co.nz

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	mandiant.com www.mandiant.com — Cisco Umbrella Rank: 476579	532 KB
11	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 8 adservice.google.com — Cisco Umbrella Rank: 69	45 KB
9	gstatic.com www.gstatic.com	788 KB
8	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 11449174.fls.doubleclick.net 11363283.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	2 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 7675 c.6sc.co — Cisco Umbrella Rank: 11173 b.6sc.co — Cisco Umbrella Rank: 5979	14 KB
6	clarity.ms 1 redirects i.clarity.ms — Cisco Umbrella Rank: 9085 c.clarity.ms — Cisco Umbrella Rank: 998	24 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	257 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
5	company-target.com 2 redirects api.company-target.com — Cisco Umbrella Rank: 3015 segments.company-target.com — Cisco Umbrella Rank: 1072	3 KB
5	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 433 www.linkedin.com — Cisco Umbrella Rank: 624 px4.ads.linkedin.com — Cisco Umbrella Rank: 5443	4 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 332 c.bing.com — Cisco Umbrella Rank: 239	12 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	133 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 656	453 B
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 450	1019 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 12192	432 B
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 514	539 B
2	segment.com cdn.segment.com — Cisco Umbrella Rank: 1486	25 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2764	6 KB
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3837	26 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 590	322 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 320	13 KB
1	google.ca www.google.ca — Cisco Umbrella Rank: 8216	501 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 991	143 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 88	407 B
1	mktoresp.com 177-vpk-082.mktoresp.com	311 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 351	692 B
1	t.co t.co — Cisco Umbrella Rank: 457	469 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 465	674 B
1	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 4556	16 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 828	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 559	6 KB
1	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 2781	363 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 202	5 KB
1	fireeye.com www.fireeye.com — Cisco Umbrella Rank: 190838	1019 B
101	34

	Domain	Requested by
19	www.mandiant.com	www.mandiant.com
9	www.gstatic.com	www.google.com
9	www.google.com	1 redirects www.mandiant.com www.gstatic.com
6	b.6sc.co	www.mandiant.com
6	www.googletagmanager.com	www.mandiant.com www.googletagmanager.com
5	www.google-analytics.com	www.googletagmanager.com www.mandiant.com
4	segments.company-target.com	2 redirects www.mandiant.com
4	i.clarity.ms	bat.bing.com i.clarity.ms
3	11363283.fls.doubleclick.net	1 redirects www.googletagmanager.com www.mandiant.com
3	11449174.fls.doubleclick.net	1 redirects www.googletagmanager.com www.mandiant.com
3	px.ads.linkedin.com	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.mandiant.com
3	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	adservice.google.com	11449174.fls.doubleclick.net 11363283.fls.doubleclick.net
2	id.rlcdn.com	2 redirects
2	match.prod.bidr.io	2 redirects
2	c.clarity.ms	1 redirects www.mandiant.com
2	epsilon.6sense.com	j.6sc.co
2	p.adsymptotic.com	1 redirects www.mandiant.com
2	cdn.segment.com	www.mandiant.com cdn.segment.com
2	munchkin.marketo.net	www.mandiant.com munchkin.marketo.net
2	static.addtoany.com	www.mandiant.com static.addtoany.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.mandiant.com
1	www.google.ca	www.mandiant.com
1	api.segment.io	cdn.segment.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	googleads.g.doubleclick.net	www.mandiant.com
1	api.company-target.com	tag.demandbase.com
1	www.facebook.com	www.mandiant.com
1	c.bing.com	1 redirects
1	177-vpk-082.mktoresp.com	munchkin.marketo.net
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	px4.ads.linkedin.com	1 redirects
1	www.linkedin.com	1 redirects
1	t.co	www.mandiant.com
1	analytics.twitter.com	static.ads-twitter.com
1	tag.demandbase.com	www.mandiant.com
1	j.6sc.co	www.mandiant.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	consent.trustarc.com	www.mandiant.com
1	cdnjs.cloudflare.com	www.mandiant.com
1	www.fireeye.com	www.mandiant.com
101	45

This site contains links to these domains. Also see Links.

Domain
investors.mandiant.com
login.mandiant.com
careers.smartrecruiters.com
cve.mitre.org
logging.apache.org
www.cisa.gov
www.microsoft.com
www.cvedetails.com
github.com
gist.github.com
www.splunk.com
access.redhat.com
docs.aws.amazon.com
community.fireeye.com
partners.fireeye.com
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
mandiant.com Cloudflare Inc ECC CA-3	`2021-11-04` - `2022-11-03`	a year	crt.sh
fireeye.com Cloudflare Inc ECC CA-3	`2021-12-07` - `2022-12-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-20` - `2022-01-18`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
*.segment.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-19` - `2022-08-09`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-18` - `2022-10-14`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.6sense.com Amazon	`2021-06-09` - `2022-07-08`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-20` - `2022-09-26`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 8 frames:

Primary Page: https://www.mandiant.com/resources/log4shell-recommendations
Frame ID: 0447DC4C04E1A8E8B65A321A22462198
Requests: 81 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 491DCDEA4BFB176FA1D8E61AB325F936
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=dstshkg7ppkf
Frame ID: D2EC84BF2D6A6CCF685FBEF91603BB51
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=xbsjkd22v2o0
Frame ID: 36F8DAC97D8D414E6E627F043240C109
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq
Frame ID: B5D6363B2CF9FC405BF53C1FE56AED59
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq
Frame ID: B5852826BA32F60384745A76AC8A7FBE
Requests: 3 HTTP requests in this frame

Frame: https://11449174.fls.doubleclick.net/activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations
Frame ID: A2EA35AD0F7A433F167834500E00BDFA
Requests: 2 HTTP requests in this frame

Frame: https://11363283.fls.doubleclick.net/activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations
Frame ID: FBFD91ED56207B42BB097588DAE0D3C6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log4Shell Initial Exploitation and Mitigation Recommendations | Mandiant

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+recaptcha
<div[^>]+class="g-recaptcha"
/recaptcha/api\.js

Page Statistics

101
Requests

95 %
HTTPS

43 %
IPv6

34
Domains

45
Subdomains

36
IPs

2
Countries

1933 kB
Transfer

4863 kB
Size

44
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://investors.mandiant.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://login.mandiant.com/
Title: .userlayer-1{fill:none;stroke-miterlimit:10;stroke-width:15px}

Search URL Search Domain Scan URL

URL: https://careers.smartrecruiters.com/mandiant/all/
Title: Careers

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832
Title: CVE-2021-44832

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/log4j-2.12.3/
Title: 2.12.3

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/log4j-2.3.1/
Title: 2.3.1

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
Title: CVE-2021-45105

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0
Title: 2.17.0

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/emergency-directive-22-02
Title: Emergency Directive 22-02

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
Title: threat actors based in other countries

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/2.x/
Title: Log4j 2

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Title: CVE-2021-44228

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
Title: CVE-2021-45046

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0
Title: 2.16.0

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/log4j-2.3.2/
Title: 2.3.2

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/log4j-2.12.4/
Title: 2.12.4

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/log4j-2.17.1
Title: 2.17.1

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
Title: CVE-2021-4104

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/1.2/
Title: end of life

Search URL Search Domain Scan URL

URL: https://www.cvedetails.com/cve/CVE-2019-17571/
Title: high severity security vulnerabilities

Search URL Search Domain Scan URL

URL: https://github.com/projectdiscovery/nuclei
Title: Nuclei

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/log4j-finder
Title: log4j-finder

Search URL Search Domain Scan URL

URL: https://github.com/fullhunt/log4j-scan
Title: log4j-scan

Search URL Search Domain Scan URL

URL: https://github.com/anchore/syft
Title: syft

Search URL Search Domain Scan URL

URL: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Title: matching patterns of potential exploitation attempts

Search URL Search Domain Scan URL

URL: https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html
Title: correlating any observed instances

Search URL Search Domain Scan URL

URL: https://github.com/cisagov/log4j-affected-db
Title: GitHub

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/2.x/security.html
Title: reported

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/2.x/changes-report.html#a2.15.0
Title: 2.15.0

Search URL Search Domain Scan URL

URL: https://logging.apache.org/log4j/log4j-2.12.2/
Title: 2.12.2

Search URL Search Domain Scan URL

URL: https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
Title: RedHat

Search URL Search Domain Scan URL

URL: https://gist.github.com/fox-srt/6b3735cf0f0855fcaf7a74f146025c5a#file-log4shell-exploitation-attempts-rules
Title: signatures

Search URL Search Domain Scan URL

URL: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
Title: evolving evasion tactics

Search URL Search Domain Scan URL

URL: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
Title: example environment variables that can be configured for Amazon Web Services

Search URL Search Domain Scan URL

URL: https://community.fireeye.com/
Title: Community

Search URL Search Domain Scan URL

URL: https://partners.fireeye.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Mandiant

Search URL Search Domain Scan URL

URL: https://twitter.com/Mandiant

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCexu0DP7VKdDByusuTA53FQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mandiant/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3460746%26time%3D1641879465987%26url%3Dhttps%253A%252F%252Fwww.mandiant.com%252Fresources%252Flog4shell-recommendations%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&cookiesTest=true&liSync=true&e_ipv6=AQIzjRV7kSQTJQAAAX5HpHEj24itt9dQtOmYVTKT6oEwv8kh9FYBFGbI0tmWooRFG7YfVymO HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0eb5d1e1-9724-469c-bce8-22b57470ab7f HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0eb5d1e1-9724-469c-bce8-22b57470ab7f&_expected_cookie=3fe0915da40666b036e4c961e5108806

Request Chain 56

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=7F8E727B90064538BE9C37BA21AA3144&RedC=c.clarity.ms&MXFR=16CF0D3852BA626F0A0F1C1156BA6C40 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7F8E727B90064538BE9C37BA21AA3144&MUID=2FED9C3824346EB00E8A8D11251E6FE4

Request Chain 63

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAI8jU7Dui8AAD_FPBGU6g HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAI8jU7Dui8AAD_FPBGU6g&verifyHash=c60148af62eb2e4af4c707e8c63f432adc336fc

Request Chain 64

https://id.rlcdn.com/464526.gif HTTP 307
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCKqv9I4GEgUI6AcQAEIASgA HTTP 307
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297oBAxUbOOw5xmg_UoeHFA_yvkngN8z4W6nRqr8WcA1WA HTTP 303
https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc1297oBAxUbOOw5xmg_UoeHFA_yvkngN8z4W6nRqr8WcA1WA&verifyHash=98cef2ad6b023904e8d208ca3452fa78a90f8c9b

Request Chain 71

https://www.google.com/pagead/landing?gcs=G111&gcd=G111&rnd=1411347033.1641879467&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&gtm=2wg150T72STLD&auid=800335896.1641879467 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=1411347033.1641879467&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&gtm=2wg150T72STLD&auid=800335896.1641879467

Request Chain 72

https://11449174.fls.doubleclick.net/activityi;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations HTTP 302
https://11449174.fls.doubleclick.net/activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations

Request Chain 73

https://11363283.fls.doubleclick.net/activityi;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations HTTP 302
https://11363283.fls.doubleclick.net/activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations

101 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request log4shell-recommendations Show response
www.mandiant.com/resources/ 94 KB
25 KB 215ms
155ms Document
text/html 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda14193dcd1162bdf3863a8b94e3f25eea0bf7773c66abb990fa3569521b9de

Security Headers

Name	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-type: text/html; charset=UTF-8
content-length: 24610
cache-control: max-age=2764800, public
link: <https://www.mandiant.com/resources/log4shell-recommendations>; rel="canonical" <https://www.mandiant.com/resources/log4shell-recommendations>; rel="alternate"; hreflang="en" <https://www.mandiant.jp/resources/log4shell-recommendations>; rel="alternate"; hreflang="ja" <https://www.mandiant.com/resources/log4shell-recommendations>; rel="revision"
x-ua-compatible: IE=edge
content-language: en
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 11 Jan 2022 04:41:33 GMT
etag: "1641876093"
vary: Cookie,Accept-Encoding
content-security-policy: report-uri /report-csp-violation
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin
expect-ct: max-age=86400
content-encoding: gzip
x-request-id: v-c0e5a5ce-7298-11ec-825c-e3230600a5ea
x-ah-environment: prod
age: 3370
via: varnish
x-cache: HIT
x-cache-hits: 13
accept-ranges: bytes
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6cbbcb7e293254c7-YYZ

GET
H2 200 google_tag.script.js Show response
www.mandiant.com/sites/default/files/google_tag/google_tag_manager/ 348 B
549 B 30ms
29ms Script
application/javascript 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/google_tag/google_tag_manager/google_tag.script.js?r59ae7

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b7eb2b28fbf8ad29058540ee28e8b49701e0e47351ff25d3b688fcef9b2a88a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 461020
x-cache: HIT
x-cache-hits: 20
x-ah-environment: prod
content-length: 280
x-request-id: v-d148e21a-6e6e-11ec-90ad-93a219086961
last-modified: Wed, 05 Jan 2022 21:30:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f4a6b54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 css_G5YARZu17GSUDC0nIIv0-f_93oapmxyzwNErH_f7i6E.css
www.mandiant.com/sites/default/files/css/ 9 KB
3 KB 40ms
39ms Stylesheet
text/css 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_G5YARZu17GSUDC0nIIv0-f_93oapmxyzwNErH_f7i6E.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b9600459bb5ec64940c2d27208bf4f9fffdde86a99b1cb3c0d12b1ff7fb8ba1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 984344
x-cache: HIT
x-cache-hits: 23
x-ah-environment: prod
content-length: 2495
x-request-id: v-49491452-5e2e-11ec-8ab9-bf731856c266
last-modified: Wed, 08 Dec 2021 22:07:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f5a6e54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 clientlibs_recaptcha.min.css
www.fireeye.com/etc/designs/fireeye-www/ 649 B
1019 B 439ms
388ms Stylesheet
text/css 2606:4700:300b::a29f:f67d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_recaptcha.min.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f67d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee33831b0f69f4fd2300024df8f2488a4a7a4093cfcc5e28062e128308478f9

Security Headers

Name	Value
Content-Security-Policy	worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://content.fireeye.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-dispatcher: dispatcher2uswest1
date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-vhost: publish
vary: Accept-Encoding,User-Agent
content-length: 373
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jan 2022 18:45:11 GMT
server: cloudflare
x-frame-options: ALLOW-FROM https://content.fireeye.com
etag: "289-5d50262fdbbc0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: public, max-age=14400
content-security-policy: worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
accept-ranges: bytes
cf-ray: 6cbbcb7f9b5553e3-YYZ
expires: Tue, 11 Jan 2022 09:37:45 GMT

GET
H2 200 css_3X6AxfM5DxgQzmwm-Sb7icFieRYVVJx6f5ZNTFES4NA.css
www.mandiant.com/sites/default/files/css/ 1 KB
413 B 30ms
30ms Stylesheet
text/css 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_3X6AxfM5DxgQzmwm-Sb7icFieRYVVJx6f5ZNTFES4NA.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd7e80c5f3390f1810ce6c26f926fb89c162791615549c7a7f964d4c5112e0d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 329033
x-cache: HIT
x-cache-hits: 6
x-ah-environment: prod
content-length: 280
x-request-id: v-d3eea3ea-6e70-11ec-bc22-43a65835c01a
last-modified: Wed, 22 Dec 2021 22:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f5a6f54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ 23 KB
5 KB 75ms
30ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10749557
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4364
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-5cbb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n4lQ2mrYqVlImx9PaUPYs3wgLbaVzdwApPL%2FUpOMzipGRQucLaFTivBxz8FpRuK%2FSGM8GzfngFBVD6JOok5KrRZdCjfxwc1NLLTkVSfnLA5QtVMNf8kRh2DWG6sOzS1dxbOPBdG9Qz2l%2BuJj339EgUCc"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cbbcb7f8ecf7144-YUL
expires: Sun, 01 Jan 2023 05:37:44 GMT

GET
H2 200 css_JuaZYhYzTuce8L3JZ6j0GyZOs2h_5fEgIt5Rk2gSDFk.css
www.mandiant.com/sites/default/files/css/ 143 KB
21 KB 37ms
36ms Stylesheet
text/css 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_JuaZYhYzTuce8L3JZ6j0GyZOs2h_5fEgIt5Rk2gSDFk.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26e6996216334ee71ef0bdc967a8f41b264eb3687fe5f12022de519368120c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985159
x-cache: HIT
x-cache-hits: 11
x-ah-environment: prod
content-length: 21680
x-request-id: v-c9b0ffec-5d89-11ec-9c57-cbcc09783be2
last-modified: Wed, 08 Dec 2021 22:07:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f5a7054c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
www.mandiant.com/sites/default/files/css/ 208 KB
26 KB 42ms
42ms Stylesheet
text/css 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5e52204236286b67a8515feef15af47eb8f762bb73779f40d01deeb8ecb50b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 461020
x-cache: HIT
x-cache-hits: 20
x-ah-environment: prod
content-length: 26156
x-request-id: v-d1506f76-6e6e-11ec-9079-37ca9574873f
last-modified: Wed, 05 Jan 2022 21:30:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f5a7254c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 js_OBliw_L7ClI2lQt0hiZ8tqDu-aD-b_roJ-E1kSnqqgw.js Show response
www.mandiant.com/sites/default/files/js/ 101 KB
34 KB 53ms
53ms Script
text/javascript 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/js/js_OBliw_L7ClI2lQt0hiZ8tqDu-aD-b_roJ-E1kSnqqgw.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

381962c3f2fb0a5236950b7486267cb6a0eef9a0fe6ffae827e1359129eaaa0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 984344
x-cache: HIT
x-cache-hits: 31
x-ah-environment: prod
content-length: 34989
x-request-id: v-bccbd842-6473-11ec-9146-5392712dcb40
last-modified: Wed, 22 Dec 2021 22:36:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f5a7d54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 910 B
994 B 108ms
61ms Script
text/javascript 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9ca4ce05a9eeb9d9183e71055a57e6759763581b4a9b0e0b801f3cb4114bbb77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 581
x-xss-protection: 1; mode=block
expires: Tue, 11 Jan 2022 05:37:44 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 84ms
31ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 67296
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 08:23:25 GMT
server: cloudflare
etag: W/"11ee2-5d2116348919c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6cbbcb80caaf7157-YUL
cf-bgj: minify

GET
H2 200 js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js Show response
www.mandiant.com/sites/default/files/js/ 174 KB
55 KB 36ms
36ms Script
text/javascript 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/js/js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9ab3e7109f42ef98afbad438ec60278ecafc571622d8b190a35c733dbcc0f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985158
x-cache: HIT
x-cache-hits: 21
x-ah-environment: prod
content-length: 56326
x-request-id: v-3d72a26e-642e-11ec-8450-537774e6682e
last-modified: Wed, 22 Dec 2021 22:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb7f5a7f54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:44 GMT

GET
H2 200 eb5srz Show response
consent.trustarc.com/v2/notice/ 90 B
363 B 435ms
256ms Script
text/javascript 13.226.228.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.trustarc.com/v2/notice/eb5srz
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.228.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-228-89.lax50.r.cloudfront.net
Software: openresty/1.15.8.2 /
Resource Hash: 83b34f175a9850d098edfacb50c3bb97a22975fa0d18570d11fc076676a87781

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: 1.1 5b376d8d1148dc51c7bf7c79d8c4c91a.cloudfront.net (CloudFront)
server: openresty/1.15.8.2
x-amz-cf-pop: LAX50-C3
vary: Origin
x-cache: Miss from cloudfront
content-type: text/javascript;charset=ISO-8859-1
content-length: 90
x-amz-cf-id: pIEagnJmz9guBPI2JbrBHmozD-swU8rCbRxSKXHDvsuUvcGvfIMD0w==

GET
H2 200 fontloader.built.js Show response
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/ 7 KB
2 KB 34ms
33ms Script
application/javascript 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/fontloader.built.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88cb9efe9226cab0669f7f6cdf082ec49a48a58f6411b69864b6f952928b979a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985158
x-cache: HIT
x-cache-hits: 6
x-ah-environment: prod
content-length: 2315
x-request-id: v-11b1f5c2-693c-11ec-87ca-8bf24e33784f
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb821e3154c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 arrow-red.svg
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/ 234 B
308 B 36ms
35ms Image
image/svg+xml 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/arrow-red.svg

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0eab324aea216ff6432155a5cdbd59b7c1429f7d27be852f9dd037c7ade0377c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985158
x-cache: HIT
x-cache-hits: 12
x-ah-environment: prod
content-encoding: gzip
x-request-id: v-2244b5c4-5dc9-11ec-b056-1bc346601bc1
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=1209600
cf-ray: 6cbbcb822e4554c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 gray-circle.png
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/backgrounds/ 9 KB
9 KB 42ms
42ms Image
image/png 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/backgrounds/gray-circle.png

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfbbb6a8bb9482b6bddbba133d70d9ac28fea886ede20ecdaf3110d5c70dba6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 312726
x-cache: HIT
x-cache-hits: 6
x-ah-environment: prod
content-length: 8943
x-request-id: v-d46fd474-6e70-11ec-8a9c-dbcf7d1f5519
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb822e4854c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 Barlow-Bold.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 56 KB
56 KB 30ms
30ms Font
text/plain 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-Bold.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ec192b1be13b5eb7d11e7c8a0f1466ef236e4ba88182bb4cec76a2c7919464e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985136
x-cache: HIT
x-cache-hits: 39
x-ah-environment: prod
content-length: 57572
x-request-id: v-ecbe27a8-5d52-11ec-9592-0b5ed00586a7
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb823e5f54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 974.bundle.js Show response
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/ 7 KB
2 KB 53ms
52ms Script
application/javascript 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/974.bundle.js?36372e

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/js/js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ed649e749e9698e805596809e2ede372229183ddb6b38fc96f696cff02f085

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985157
x-cache: HIT
x-cache-hits: 7
x-ah-environment: prod
content-length: 2308
x-request-id: v-82910a8e-69a6-11ec-ae97-b7ea3af043c8
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb82cf2a54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 404.bundle.js Show response
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/ 406 B
393 B 59ms
59ms Script
application/javascript 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/404.bundle.js?2c5f80

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/js/js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2cb383a30bee467e40ecebb49e4229b1b57efcc2c7632c921cd170a75c74d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 145773
x-cache: HIT
x-cache-hits: 3
x-ah-environment: prod
content-length: 263
x-request-id: v-1de7d5dc-6496-11ec-a42b-af828c89ba99
last-modified: Sun, 12 Dec 2021 23:55:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb82cf2f54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 331 KB
89 KB 126ms
69ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/google_tag/google_tag_manager/google_tag.script.js?r59ae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e3c5c4635ca84d4977c4a596f7956fc27794cfbd323b89b19ce92ae98bf90cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90516
x-xss-protection: 0
last-modified: Tue, 11 Jan 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jan 2022 05:37:45 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ 351 KB
139 KB 67ms
20ms Script
text/javascript 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mandiant.com/
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 00:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:33:21 GMT

GET
H2 200 sm.23.html Show response
static.addtoany.com/menu/ Frame 491D 741 B
554 B 29ms
28ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-type: text/html; charset=utf-8
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
etag: W/"2e5-5cc9e128a4c38"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
via: e2s
cf-cache-status: HIT
age: 2258914
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6cbbcb82fcea7157-YUL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 Barlow-Regular.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 55 KB
55 KB 33ms
33ms Font
text/plain 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-Regular.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f269cafacd48c650b7c76973b7192a4593125d9b957bfa3b57a89e835ec0df1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985136
x-cache: HIT
x-cache-hits: 34
x-ah-environment: prod
content-length: 56020
x-request-id: v-4a47b49e-5d43-11ec-86ca-bf0ad197c77c
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb830f7054c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 PTMono-Regular.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/mono/ 71 KB
71 KB 85ms
85ms Font
text/plain 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/mono/PTMono-Regular.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfaed587b938cc953c5008f257ed1e661e9d2e2f907bd5b520fc4b9348985a88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985136
x-cache: HIT
x-cache-hits: 70
x-ah-environment: prod
content-length: 72380
x-request-id: v-42ce6238-644d-11ec-964a-3b0a7097d3b4
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb830f7154c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 Barlow-Medium.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 55 KB
55 KB 31ms
31ms Font
text/plain 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-Medium.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe3bfdac05de97234a1a81c7f09c87f14708cf7bd9a341a63e68613c3c6e40d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985136
x-cache: HIT
x-cache-hits: 9
x-ah-environment: prod
content-length: 55968
x-request-id: v-92c1724a-686b-11ec-85cb-d7356695a104
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb83c84a54c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 Barlow-SemiBold.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 56 KB
57 KB 43ms
43ms Font
text/plain 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-SemiBold.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bb508d41bf1d0c5d56340c7df789b6589350a5f967e1fa937bee5c148d0cb0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985136
x-cache: HIT
x-cache-hits: 20
x-ah-environment: prod
content-length: 57764
x-request-id: v-4be6ebe4-5d43-11ec-9a0c-6f4f68d68ea9
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb83d85554c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H2 200 Barlow-MediumItalic.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 59 KB
59 KB 47ms
47ms Font
text/plain 2606:4700:300b::a29f:f07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-MediumItalic.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:300b::a29f:f07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34e89fde702aa592d82afbb8d98034150cb3a2e6bd67a922af1edd106cf87fe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_1eUiBCNihrZ6hRX-7xWvR-uPdiu3N3n0DQHe647LULU.css
Origin: https://www.mandiant.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985136
x-cache: HIT
x-cache-hits: 19
x-ah-environment: prod
content-length: 60612
x-request-id: v-b6c5e030-5d63-11ec-be63-7be6a0514643
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6cbbcb83d85654c7-YYZ
expires: Tue, 25 Jan 2022 05:37:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 165 KB
61 KB 136ms
82ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6642ZTDJ7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

270749f3569f14299a5e7bd98be7e83b6541f90cd8a5d5f1d0dd297fac67db8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62347
x-xss-protection: 0
expires: Tue, 11 Jan 2022 05:37:45 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 212ms
65ms Script
application/javascript 151.101.248.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.248.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 23:12:14 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000020-IAD, cache-bwi5027-BWI

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 240ms
55ms Script
application/x-javascript 2600:141b:13::17d7:82d0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82d0 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 303
Date: Tue, 11 Jan 2022 05:37:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
X-EdgeConnect-MidMile-RTT: 1
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=73344
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 191ms
62ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: sQOmvB0P46MBE/0Ky4qelPbt5gTQtYuEgGDSQr8rHD+yNe2Za7ZEdqrqjgXPBsiqnyMf3hvUNgBf5eyaf7SUeQ==
x-fb-trip-id: 1512268381
x-frame-options: DENY
date: Tue, 11 Jan 2022 05:37:45 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 36 KB
11 KB 212ms
77ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
last-modified: Fri, 03 Dec 2021 01:53:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4D9D414DA4894AE19FB002E16757003A Ref B: YTO01EDGE0815 Ref C: 2022-01-11T05:37:45Z
etag: "0cb09ee8e7d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 10468

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
35 KB 150ms
107ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10870294

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42231b10e994f29f80a27750dd181be671ebf616ce123bc1df008d924696d9e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36157
x-xss-protection: 0
last-modified: Tue, 11 Jan 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jan 2022 05:37:45 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 213ms
60ms Script
application/x-javascript 184.87.87.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.87.87.25 Newark, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-87-25.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 247ms
47ms Script
application/javascript 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Tue, 11 Jan 2022 05:37:45 GMT

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/XYDVFr8wlkTfdZhRFaaBO5Y8ZK1viC5D/ 89 KB
24 KB 571ms
258ms Script
text/javascript 13.226.222.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/XYDVFr8wlkTfdZhRFaaBO5Y8ZK1viC5D/analytics.min.js
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.222.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-222-148.lax50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7d5375c5c42c888e2166d20b83b4e50a5324c03572ff52d27e6e8da11988822

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: _rgfM5NAwYGxFXAysxV4lsL7V7DMFyhD
content-encoding: br
etag: W/"41eaf99027b7b29e63db884bc61a53e8"
x-amz-cf-pop: LAX50-C1
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-origin: *
last-modified: Fri, 19 Nov 2021 03:01:59 GMT
server: AmazonS3
date: Tue, 11 Jan 2022 05:37:47 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
via: 1.1 8d9b5e8482bf535887ab85bd4a6a4830.cloudfront.net (CloudFront)
cache-control: public, max-age=120
x-amz-cf-id: 9ce1Fqq3VaTo7eZjlou9eePaQdo4KACFYRRA47YSsF0xL8TMJKjcVQ==

GET
H2 200 41dad6d0.min.js Show response
tag.demandbase.com/ 58 KB
16 KB 494ms
159ms Script
application/javascript 13.226.210.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/41dad6d0.min.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.210.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-210-81.lax50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9ba17fa97dfcf22b549ac3362f681c82a8c654a5a9a63f8e4a6a071c8f049c17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: rpFyfLwiczshLWFNIjONrYD9WBIwMbpV
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 23:32:23 GMT
server: AmazonS3
x-amz-cf-pop: LAX50-C1
etag: W/"82ec0243a7aeb004541846030cd1d2af"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 924eb6575c2679d663c17bd1e792d09a.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Tue, 11 Jan 2022 05:37:46 GMT
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-id: TbN-EMNB-IJ5GIJgMAuxbLFSWKmuB-6qgXl-vfg8z3lX_IUaZO0qww==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
35 KB 171ms
131ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11363283

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e604b30bf74a99f8553aa1d811ba74cdde35188d99a30b3adac1fecc3121027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36158
x-xss-protection: 0
last-modified: Tue, 11 Jan 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jan 2022 05:37:45 GMT

GET
H3 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 78ms
30ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.48

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 20661
x-xss-protection: 0
pragma: public
x-fb-debug: br+de65NxmLko6LRIikkpQ4j+XLZ9lcwFwNXhWQs9pS0s66XWdXl90jKR7OT5CMMkaI+jnntEjacuNwFX3Nebg==
x-frame-options: DENY
date: Tue, 11 Jan 2022 05:37:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 880805232811859 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 117ms
70ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/880805232811859?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a8ebbe9b4f71b7b2483fff568469c24b7e5443623d6704f7cb7d8e30804f397f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: WVy9+cY2TVNMYCpurK4YhgLicGBKjzvqx9dnkW9Oh03msfICq37OB2Ctg1OUT6c7+TIJSSa3l2JkU/j4zF4QSw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 11 Jan 2022 05:37:46 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
674 B 152ms
46ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o5b0k&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ad3c4274-e86b-4da9-9a7a-5f49198ad78e&tw_document_href=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 9
pragma: no-cache
last-modified: Tue, 11 Jan 2022 05:37:46 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: c7273ea63261a9bc79c18a9559e8a8469b8612e495a6c5cb926d8d76a620d887
x-transaction: d1009c4f3622127a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
469 B 173ms
56ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o5b0k&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ad3c4274-e86b-4da9-9a7a-5f49198ad78e&tw_document_href=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 11
pragma: no-cache
last-modified: Tue, 11 Jan 2022 05:37:46 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 48540b424ae2aaf798e7592cb328da22132808a52d6d697c629e3e17d17e9e37
x-transaction: 68327ecc19cfec56
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 5870833.js Show response
bat.bing.com/p/action/ 684 B
739 B 85ms
85ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5870833.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3ebd26a55f8451eea14c5014a59e86ec22233003b3e510aeceaabdb56d3c2f8b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D8BB0F0C2554C408A03C77CC5506B66 Ref B: YTO01EDGE0815 Ref C: 2022-01-11T05:37:46Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 587

GET
H2 204 0
bat.bing.com/action/ 0
151 B 56ms
56ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5870833&tm=gtm002&Ver=2&mid=a1185094-d1ef-421d-b800-a2c17eaccd8b&sid=9ad6219072a011ec9943e91af6621923&vid=9ad648e072a011ec937619937bce781e&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant&p=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&r=&lt=809&evt=pageLoad&msclkid=N&sv=1&rn=958693
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A0B3D9E74124D0CBEEBF47C87212332 Ref B: YTO01EDGE0815 Ref C: 2022-01-11T05:37:46Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 45ms
44ms Script
application/x-javascript 184.87.87.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.87.87.25 Newark, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-87-25.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Thu, 21 Apr 2022 05:37:46 GMT

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3460746%26time%3D1641879465987%26url%3Dhttps%253A%252F%252Fwww.mandiant.com%252Fr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1641879465987&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&cookiesTest=true&liSync=true&e_ipv6=AQIzjRV...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0eb5d1e1-9724-469c-bce8-22b57470ab7f
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0eb5d1e1-9724-469c-bce8-22b57470ab7f&_expected_cookie=3fe0915da40666b036e4c961...

43 B
142 B

49ms
49ms

Image
image/gif

104.18.98.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0eb5d1e1-9724-469c-bce8-22b57470ab7f&_expected_cookie=3fe0915da40666b036e4c961e5108806
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Server: 104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6cbbcb89feee5467-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0eb5d1e1-9724-469c-bce8-22b57470ab7f&_expected_cookie=3fe0915da40666b036e4c961e5108806
date: Tue, 11 Jan 2022 05:37:46 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6cbbcb89ae6f5467-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
692 B 67ms
18ms XHR
application/json 68.67.161.207
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.161.207 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

802.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 05:37:46 GMT
X-Proxy-Origin: 149.56.153.186; 149.56.153.186; 802.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 3aecd31a-7e17-41d7-8051-e1b716ea00da
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.mandiant.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
372 B 82ms
17ms XHR
text/plain 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-5-233-176.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7b01a296367fc523c926b96ce5dc297bacbb008d7fa9191f88496c5770b82e3a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.mandiant.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
35 KB 46ms
46ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11363283&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

65998f681318c1497fe73e31a1f58397bded75650beda7854c40d344b11568c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36169
x-xss-protection: 0
last-modified: Tue, 11 Jan 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jan 2022 05:37:46 GMT

GET
H3 200 v1.js Show response
www.googletagmanager.com/dclk/ns/ 2 KB
1 KB 24ms
24ms Script
text/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/dclk/ns/v1.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10870294

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03bef1eeac54d221d1da744095e12a9caae78fb47a16f0d9a7598fa83cd79fcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 09:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1094
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
vary: Accept-Encoding
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
content-type: text/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 17 Jan 2022 09:08:31 GMT

POST
H/1.1 200
OK visitWebPage
177-vpk-082.mktoresp.com/webevents/ 2 B
311 B 389ms
95ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://177-vpk-082.mktoresp.com/webevents/visitWebPage?_mchNc=1641879466057&_mchCn=&_mchId=177-VPK-082&_mchTk=_mch-mandiant.com-1641879466056-15579&_mchHo=www.mandiant.com&_mchPo=&_mchRu=%2Fresources%2Flog4shell-recommendations&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 203d75ee-ad03-489d-970f-dbbe3b7b47d4

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame D2EC 40 KB
21 KB 80ms
52ms Document
text/html 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=dstshkg7ppkf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

479c4083dbc1b58b11fdb9f6c378e6de0a38e33a27dbbb4a5e7cd8ea228cf6ad

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lu4HkTasUkU1qpQY67RA2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 11 Jan 2022 05:37:46 GMT
content-security-policy: script-src 'report-sample' 'nonce-lu4HkTasUkU1qpQY67RA2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21170
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 36F8 40 KB
21 KB 75ms
51ms Document
text/html 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=xbsjkd22v2o0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

abd7f69296a0eacf7d5a7f88b4223074d6a945e648a44a2a35dc5e000f7b8f57

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-f8oNie9UTmuCNRO2OCjQjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 11 Jan 2022 05:37:46 GMT
content-security-policy: script-src 'report-sample' 'nonce-f8oNie9UTmuCNRO2OCjQjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21106
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 96ms
36ms Image
image/gif 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=null&session=6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A46%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&pageViewId=f154f2b9-186c-4307-8d83-8aa02a56cf72&an_uid=0

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 98ms
26ms Preflight 34.200.179.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.179.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-179-101.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,epsiloncookie
Origin: https://www.mandiant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
server: nginx
access-control-allow-origin: https://www.mandiant.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization,epsiloncookie

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 445 B
432 B 81ms
27ms XHR
application/json 34.200.179.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.179.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-179-101.compute-1.amazonaws.com
Software: nginx /
Resource Hash: beac42b65462ad4e2471bcfe647c84d5f7a7ee1de81e00cce603d302fe190b4d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
Authorization: Token 325d6d60e24c7cfc3a782839d85ce08c8d3bb27c
EpsilonCookie: 3c012417d0270000a917dd61e00300009e950100

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.mandiant.com
access-control-allow-credentials: true
content-length: 246

GET
H2 200 clarity.js Show response
i.clarity.ms/s/0.6.31/ 52 KB
23 KB 107ms
32ms Script
application/javascript 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/s/0.6.31/clarity.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5870833.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:45 GMT
content-encoding: br
etag: "1d7ffcbff747e00"
last-modified: Sun, 02 Jan 2022 11:29:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=7F8E727B90064538BE9C37BA21AA3144&RedC=c.clarity.ms&MXFR=16CF0D3852BA626F0A0F1C1156BA6C40
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7F8E727B90064538BE9C37BA21AA3144&MUID=2FED9C3824346EB00E8A8D11251E6FE4

42 B
443 B

89ms
88ms

Image
image/gif

40.91.78.9
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7F8E727B90064538BE9C37BA21AA3144&MUID=2FED9C3824346EB00E8A8D11251E6FE4
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Server: 40.91.78.9 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
last-modified: Fri, 05 Nov 2021 17:18:56 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "bf4ee43669d2d71:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 17CE284D3E284B7ABEA90F60F54CD87E Ref B: YTO01EDGE0815 Ref C: 2022-01-11T05:37:46Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7F8E727B90064538BE9C37BA21AA3144&MUID=2FED9C3824346EB00E8A8D11251E6FE4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 66ms
18ms Image
image/gif 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=880805232811859&ev=PageView&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&rl=&if=false&ts=1641879466158&sw=1600&sh=1200&v=2.9.48&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=29&fbp=fb.1.1641879466157.2053721697&it=1641879465956&coo=false&tm=1&exp=p0&rqm=GET

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 11 Jan 2022 05:37:46 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 36F8 51 KB
24 KB 47ms
21ms Stylesheet
text/css 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=xbsjkd22v2o0

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 17:04:59 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 36F8 351 KB
138 KB 44ms
19ms Script
text/javascript 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 00:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:33:21 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame D2EC 51 KB
24 KB 48ms
22ms Stylesheet
text/css 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 17:04:59 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame D2EC 351 KB
138 KB 54ms
28ms Script
text/javascript 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 00:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:33:21 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 414 B
921 B 344ms
139ms XHR
application/json 13.226.228.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&page_title=Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant&src=tag&key=8d2742040a7c03554594027a7fa2daa0
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/41dad6d0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.228.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-228-88.lax50.r.cloudfront.net
Software: nginx /
Resource Hash: b267f1104c66bd39686b5004c803b6f0106fcfd7d570d3e7db86e0f34118101f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: LAX50-C3
x-cache: Miss from cloudfront
request-id: 483ebea5-dbb7-4b4b-92a3-b8066ab167a5
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.mandiant.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 fca79858a379c5600416e25a5905844c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wFlKknCOzCtCKpoqXU11emlTuxSFQ7x3PnfGARcN6zmowlp6e7EIMA==
expires: Mon, 10 Jan 2022 05:37:46 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAI8jU7Dui8AAD_FPBGU6g
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAI8jU7Dui8AAD_FPBGU6g&verifyHash=c60148af62eb2e4af4c707e8c63f432adc336fc

26 B
409 B

156ms
156ms

Image
image/gif

52.85.193.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAI8jU7Dui8AAD_FPBGU6g&verifyHash=c60148af62eb2e4af4c707e8c63f432adc336fc
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: HTTP/1.1
Server: 52.85.193.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-193-76.lax50.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Via: 1.1 c1f73f35119dfd1dabd563068ceac236.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX50-C4
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: b7053ad3debc81e0
X-Amz-Cf-Id: B-Myygijt4cTvHP4rKisW1MHjfh_cF7116gM9gPGXnkRz9K4ugycmA==

Redirect headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Via: 1.1 c1f73f35119dfd1dabd563068ceac236.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX50-C4
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAI8jU7Dui8AAD_FPBGU6g&verifyHash=c60148af62eb2e4af4c707e8c63f432adc336fc
Connection: keep-alive
trace-id: ed8a941917f497be
Content-Length: 0
X-Amz-Cf-Id: NOwLgPhLYKIAjtn6_xx20oRwI66jnxz6nX9KlntUanmyunPky-T56g==

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://id.rlcdn.com/464526.gif
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCKqv9I4GEgUI6AcQAEIASgA
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297oBAxUbOOw5xmg_UoeHFA_yvkngN8z4W6nRqr8WcA1WA
https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc1297oBAxUbOOw5xmg_UoeHFA_yvkngN8z4W6nRqr8WcA1WA&verifyHash=98cef2ad6b023904e8d208ca3452fa78a90f8c9b

26 B
409 B

168ms
168ms

Image
image/gif

52.85.193.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc1297oBAxUbOOw5xmg_UoeHFA_yvkngN8z4W6nRqr8WcA1WA&verifyHash=98cef2ad6b023904e8d208ca3452fa78a90f8c9b
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: HTTP/1.1
Server: 52.85.193.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-193-76.lax50.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Via: 1.1 47782d990774b4d1f9e002852ed49468.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX50-C4
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 2719fb6e02c5a692
X-Amz-Cf-Id: lbIlu8ErwoHBy_8_zKx0hx6bmf7cmDeAiU6CDulnC0YwLdSn4R2GDg==

Redirect headers

Date: Tue, 11 Jan 2022 05:37:46 GMT
Via: 1.1 47782d990774b4d1f9e002852ed49468.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX50-C4
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=liveramp&user_id=Xc1297oBAxUbOOw5xmg_UoeHFA_yvkngN8z4W6nRqr8WcA1WA&verifyHash=98cef2ad6b023904e8d208ca3452fa78a90f8c9b
Connection: keep-alive
trace-id: 0e136957cc6c2e13
Content-Length: 0
X-Amz-Cf-Id: VEW9t4o6t1Ro-rf_pegxW_VaBULq1C2tQyRUT6Eh-4UghUmQF06cEQ==

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame D2EC 102 B
133 B 40ms
40ms Other
text/javascript 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

762bc62721580cd804e80ef3be945628fb5d4ebaa24dba64c13759d25809cc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=dstshkg7ppkf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Tue, 11 Jan 2022 05:37:46 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 36F8 102 B
133 B 40ms
39ms Other
text/javascript 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

762bc62721580cd804e80ef3be945628fb5d4ebaa24dba64c13759d25809cc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=xbsjkd22v2o0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:37:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Tue, 11 Jan 2022 05:37:46 GMT

POST
H2 204 collect Show response
i.clarity.ms/ 0
71 B 31ms
31ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Tue, 11 Jan 2022 05:37:45 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/XYDVFr8wlkTfdZhRFaaBO5Y8ZK1viC5D/ 583 B
1 KB 261ms
87ms XHR
application/json 13.226.222.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/XYDVFr8wlkTfdZhRFaaBO5Y8ZK1viC5D/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/XYDVFr8wlkTfdZhRFaaBO5Y8ZK1viC5D/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.222.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-222-148.lax50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97e7573ee44deaa2a2da4d901e4a40181959517f2cfd036c78e8d8555dea111c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 05:10:41 GMT
via: 1.1 81334f6fe96e23260863e829134fcdc2.cloudfront.net (CloudFront)
age: 1626
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 583
last-modified: Tue, 20 Jul 2021 21:51:47 GMT
server: AmazonS3
etag: "4c464a1f61abed8929723794647e8e04"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: 2VbtNDctMtboUaP_T2JY1.YlHkEJ6FXx
access-control-allow-origin: *
cache-control: public, max-age=10800
x-amz-cf-pop: LAX50-C1
accept-ranges: bytes
content-type: application/json; charset=utf-8
x-amz-cf-id: _o73mJJnEYYCnDWnh5ovcPUm5pP5BmQMo-RWZwh9bKnDRzjmT_NnBg==

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame B5D6 7 KB
1 KB 49ms
49ms Document
text/html 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5def95598d4d236dd9b2b346bee8c3572916f744fead7d2105531fa1aff31f5b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zL6U2F9P35DK8xMLHgSewQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 11 Jan 2022 05:37:46 GMT
content-security-policy: script-src 'report-sample' 'nonce-zL6U2F9P35DK8xMLHgSewQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1113
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame B585 7 KB
1 KB 44ms
44ms Document
text/html 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e790121cc1374fe17e880a8f4cf4e427002cb9bebd5bb1b3d80f6e802d6f0014

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ea3F++pcDwTHnVZGB53wUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 11 Jan 2022 05:37:46 GMT
content-security-policy: script-src 'report-sample' 'nonce-ea3F++pcDwTHnVZGB53wUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1113
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=G111&rnd=1411347033.1641879467&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&gtm=2wg150T72STLD&auid=800335896.1641879467
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=1411347033.1641879467&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&gtm=2wg150T72STLD&auid=8003...

42 B
681 B

95ms
33ms

Ping
image/gif

2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=1411347033.1641879467&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&gtm=2wg150T72STLD&auid=800335896.1641879467

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=1411347033.1641879467&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&gtm=2wg150T72STLD&auid=800335896.1641879467
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources... Show response
11449174.fls.doubleclick.net/ Frame A2EA
Redirect Chain

https://11449174.fls.doubleclick.net/activityi;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresour...
https://11449174.fls.doubleclick.net/activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https...

442 B
383 B

69ms
42ms

Document
text/html

142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11449174.fls.doubleclick.net/activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f6.1e100.net

Software

cafe /

Resource Hash

97d1e4d284e6fe8a095605d707f512d2d83d44c079e536f0781f2c1515bfe9a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jan 2022 05:37:46 GMT
expires: Tue, 11 Jan 2022 05:37:46 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 358
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jan 2022 05:37:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://11449174.fls.doubleclick.net/activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.ma... Show response
11363283.fls.doubleclick.net/ Frame FBFD
Redirect Chain

https://11363283.fls.doubleclick.net/activityi;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww...
https://11363283.fls.doubleclick.net/activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudien...

464 B
405 B

70ms
44ms

Document
text/html

142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11363283.fls.doubleclick.net/activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-11363283

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f6.1e100.net

Software

cafe /

Resource Hash

3ef81ca981e510402e45697cadcf31fce15f7cbd9a024b81a8c879fcca495f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jan 2022 05:37:46 GMT
expires: Tue, 11 Jan 2022 05:37:46 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 380
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jan 2022 05:37:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://11363283.fls.doubleclick.net/activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 activityi;register_conversion=1;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell...
11449174.fls.doubleclick.net/ 0
0 108ms
31ms Image
text/html 142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://11449174.fls.doubleclick.net/activityi;register_conversion=1;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.65.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s72-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 activityi;register_conversion=1;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2...
11363283.fls.doubleclick.net/ 0
0 108ms
31ms Image
text/html 142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://11363283.fls.doubleclick.net/activityi;register_conversion=1;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.65.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s72-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 66ms
19ms Script
text/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4554
date: Tue, 11 Jan 2022 04:21:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 11 Jan 2022 06:21:52 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
172 B 75ms
37ms Ping
text/plain 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X6642ZTDJ7&gtm=2oe150&_p=835152220&sr=1600x1200&gcs=G111&ul=en-us&cid=633636701.1641879467&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&dt=Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant&sid=1641879465&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6642ZTDJ7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mandiant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame B5D6 51 KB
24 KB 22ms
21ms Stylesheet
text/css 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 17:04:59 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame B5D6 351 KB
138 KB 23ms
22ms Script
text/javascript 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 00:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:33:21 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame B585 51 KB
24 KB 28ms
28ms Stylesheet
text/css 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 17:04:59 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame B585 351 KB
138 KB 35ms
35ms Script
text/javascript 2607:f8b0:4006:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 00:33:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:33:21 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 125ms
51ms XHR
text/plain 2607:f8b0:4023:1404::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-203244293-1&cid=633636701.1641879467&jid=745649051&gjid=1191876469&_gid=1420262179.1641879467&_u=YDDAgEABAAAAAE~&z=1905705781

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4023:1404::9b Columbus, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 11 Jan 2022 05:37:46 GMT
content-type: text/plain
access-control-allow-origin: https://www.mandiant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 47ms
19ms Image
image/gif 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=835152220&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&ul=en-us&de=UTF-8&dt=Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YDDAgEAB~&jid=745649051&gjid=1191876469&cid=633636701.1641879467&tid=UA-203244293-1&_gid=1420262179.1641879467&gtm=2wg150T72STLD&cg1=null&cg2=resources&cd2=Pageview&cd3=1641879465747.48m2uraq&cd4=2022-01-11T05%3A37%3A45.747%2B00%3A00&cd5=&cd15=dec%2015%2C%202021&cd16=dec%2015%2C%202021&gcs=G111&cd1=633636701.1641879467&z=1399209381

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 12:02:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 63293
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
20ms Image
image/gif 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=835152220&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&ul=en-us&de=UTF-8&dt=Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Resource%20Type&ea=null&el=null&_u=YDDAgEABAAAAAE~&jid=&gjid=&cid=633636701.1641879467&tid=UA-203244293-1&_gid=1420262179.1641879467&gtm=2wg150T72STLD&cg1=null&cg2=resources&cd3=1641879465749.lak7navq&cd4=2022-01-11T05%3A37%3A45.749%2B00%3A00&cd5=&cd15=dec%2015%2C%202021&cd16=dec%2015%2C%202021&gcs=G111&cd1=633636701.1641879467&z=1555050156

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 12:02:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 63293
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 47ms
19ms Image
image/gif 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=835152220&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&ul=en-us&de=UTF-8&dt=Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6sense&ea=company%20details%20sent&el=%2Fresources%2Flog4shell-recommendations&_u=YDDAgEABAAAAAE~&jid=&gjid=&cid=633636701.1641879467&tid=UA-203244293-1&_gid=1420262179.1641879467&gtm=2wg150T72STLD&cg1=null&cg2=resources&cd2=Event&cd3=1641879466428.urvwr6jm&cd4=2022-01-11T05%3A37%3A46.428%2B00%3A00&cd5=&cd8=&cd9=&cd10=Canada&cd11=&cd12=&cd15=dec%2015%2C%202021&cd16=dec%2015%2C%202021&gcs=G111&cd1=633636701.1641879467&z=301630524

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 12:02:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 63293
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
143 B 272ms
87ms Fetch
application/json 54.213.89.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/XYDVFr8wlkTfdZhRFaaBO5Y8ZK1viC5D/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.213.89.109 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-213-89-109.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Tue, 11 Jan 2022 05:37:47 GMT
content-length: 21
vary: Origin
content-type: application/json

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 97ms
97ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Tue, 11 Jan 2022 05:37:46 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations
adservice.google.com/ddm/fls/z/ Frame A2EA 42 B
494 B 83ms
36ms Image
image/gif 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations

Requested by

Host: 11449174.fls.doubleclick.net
URL: https://11449174.fls.doubleclick.net/activityi;dc_pre=CPGQgNP9qPUCFcZkcgodwOsOHg;src=11449174;type=hmpg;cat=mandi0;ord=3953606767633;gtm=2wg150;gcs=G111;auiddc=800335896.1641879467;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://11449174.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=*;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4...
adservice.google.com/ddm/fls/z/ Frame FBFD 42 B
107 B 80ms
38ms Image
image/gif 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=*;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations

Requested by

Host: 11363283.fls.doubleclick.net
URL: https://11363283.fls.doubleclick.net/activityi;dc_pre=CJKTgNP9qPUCFVJfcgodG_YNDA;src=11363283;type=invmedia;cat=mandi0;ord=4618789648566;gtm=2od150;gcs=G111;auiddc=800335896.1641879467;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://11363283.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 36ms
36ms Image
image/gif 2607:f8b0:4006:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-203244293-1&cid=633636701.1641879467&jid=745649051&_u=YDDAgEABAAAAAE~&z=832929294

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
501 B 94ms
37ms Image
image/gif 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-203244293-1&cid=633636701.1641879467&jid=745649051&_u=YDDAgEABAAAAAE~&z=832929294

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 05:37:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 35ms
35ms Image
image/gif 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=3c012417d0270000a917dd61e00300009e950100&session=6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A46%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&pageViewId=f154f2b9-186c-4307-8d83-8aa02a56cf72&an_uid=0

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:47 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 nr-1212.min.js Show response
js-agent.newrelic.com/ 34 KB
13 KB 41ms
10ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1212.min.js
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/log4shell-recommendations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding: gzip
etag: "9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id: JFXHP4JMP2JXQF8D
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 12828
x-amz-id-2: 7xuK/rXf81qTphcQiXAlcxAgFlOeXwx7At7JdSKBtTGOve4DeHnMqZOr3CXSX9gUpe2NrJPZMP0=
x-served-by: cache-yul12822-YUL
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1641879467.117216,VS0,VE0
date: Tue, 11 Jan 2022 05:37:47 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 496

GET
H/1.1 200
OK NRJS-890ead692fb1e944fb6 Show response
bam.nr-data.net/1/ 57 B
322 B 118ms
27ms Script
text/javascript 162.247.242.32
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-890ead692fb1e944fb6?a=1404479750&v=1212.e95d35c&to=YlRVYERZV0ZSWhINX1sedldCUVZbHH0UEUBUXWtaWVxcaXBWCBBCWl1bUURkd1pXXDANVUJyWFpCSlZZX1wUSQ5DWFJD&rst=2530&ck=1&ref=https://www.mandiant.com/resources/log4shell-recommendations&ap=322&be=245&fe=2482&dc=792&perf=%7B%22timing%22:%7B%22of%22:1641879464598,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:13,%22c%22:13,%22s%22:30,%22ce%22:61,%22rq%22:61,%22rp%22:216,%22rpe%22:218,%22dl%22:220,%22di%22:792,%22ds%22:792,%22de%22:809,%22dc%22:2480,%22l%22:2481,%22le%22:2488%7D,%22navigation%22:%7B%7D%7D&fp=768&fcp=768&at=ThNWFgxDREg%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.32 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: service.newrelic.co.nz
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript;charset=iso-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 35ms
35ms Image
image/gif 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=3c012417d0270000a917dd61e00300009e950100&session=6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A47%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&pageViewId=f154f2b9-186c-4307-8d83-8aa02a56cf72&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:48 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 31ms
31ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mandiant.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Tue, 11 Jan 2022 05:37:48 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 36ms
35ms Image
image/gif 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=3c012417d0270000a917dd61e00300009e950100&session=6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&pageViewId=f154f2b9-186c-4307-8d83-8aa02a56cf72&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:49 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 36ms
36ms Image
image/gif 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=3c012417d0270000a917dd61e00300009e950100&session=6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A49%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&pageViewId=f154f2b9-186c-4307-8d83-8aa02a56cf72&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:50 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 42ms
41ms Image
image/gif 23.5.233.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=3c012417d0270000a917dd61e00300009e950100&session=6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2011%20Jan%202022%2005%3A37%3A50%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%225016%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Log4Shell%20Initial%20Exploitation%20and%20Mitigation%20Recommendations%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Flog4shell-recommendations&pageViewId=f154f2b9-186c-4307-8d83-8aa02a56cf72&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.5.233.176 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-5-233-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 05:37:51 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bing.com/	1970-01-20 09:26:15	Name: MUID Value: 2FED9C3824346EB00E8A8D11251E6FE4
.bat.bing.com/	1970-01-20 00:14:44	Name: MR Value: 0
.mandiant.com/	1970-01-20 00:06:05	Name: _uetsid Value: 9ad6219072a011ec9943e91af6621923
.mandiant.com/	1970-01-20 09:26:15	Name: _uetvid Value: 9ad648e072a011ec937619937bce781e
.6sc.co/	1970-01-20 17:35:51	Name: 6suuid Value: 3c012417d0270000a917dd61e00300009e950100
.mandiant.com/	1970-01-20 17:35:51	Name: _mkto_trk Value: id:177-VPK-082&token:_mch-mandiant.com-1641879466056-15579
.linkedin.com/	1970-01-20 02:14:15	Name: li_sugr Value: 0eb5d1e1-9724-469c-bce8-22b57470ab7f
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:36:33	Name: bcookie Value: "v=2&cc682d2f-65ef-48ac-80cb-a496896e6fae"
.linkedin.com/	1970-01-20 00:06:05	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=2519:u=1:x=1:i=1641879466:t=1641965866:v=2:sig=AQEh6KLzULTAeLwQbBXgwhld0vV3jk4l"
.twitter.com/	1970-01-20 17:35:51	Name: personalization_id Value: "v1_g6l2KwjNPEaVzFYMxzDGIQ=="
www.mandiant.com/	1970-01-20 00:14:44	Name: _an_uid Value: 0
www.mandiant.com/	1970-01-20 17:35:51	Name: _gd_visitor Value: 018c3352-90d1-491c-8d5e-0b76bad19b7a
www.mandiant.com/	1970-01-20 00:04:53	Name: _gd_session Value: 6e20d2c3-7fe3-43c0-80a7-d74b5f6ca0d2
www.mandiant.com/	1970-01-20 17:35:51	Name: _gd_svisitor Value: 3c012417d0270000a917dd61e00300009e950100
.mandiant.com/	1970-01-20 02:14:15	Name: _fbp Value: fb.1.1641879466157.2053721697
.linkedin.com/	1970-01-20 00:47:51	Name: UserMatchHistory Value: AQIHM4RFv1PTKgAAAX5HpHC7LJC9lEHT49h0ZHX8Ri8WNz-aBZtnV-Na1-SmYgF0oix0LF36fMONkw
.linkedin.com/	1970-01-20 00:47:51	Name: AnalyticsSyncHistory Value: AQIXl-dj-phA_gAAAX5HpHC7URTG7rqJIGGZpq7DpUsZZ-Igy727EYWu0HQD-t6GDo-Zrdu5z8qWeDLLN0Ha7g
.facebook.com/	1970-01-20 02:14:15	Name: fr Value: 0YS8upkMqqE816pBC..Bh3Req...1.0.Bh3Req.
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 17:36:33	Name: bscookie Value: "v=1&20220111053746a97bda78-5920-4c19-87a1-637d3c229803AQHXhCz70vDspsJxfHIod9fJL7NP8pk2"
.mandiant.com/	1970-01-20 08:50:15	Name: _clck Value: y0exmm\|1\|ey1\|0
.rlcdn.com/	1970-01-20 08:50:15	Name: rlas3 Value: i8H1373z+WyyXg8BMxSWrwMbMLgiSbW90wB5JwyzK4s=
.bidr.io/	1970-01-20 09:33:09	Name: bito Value: AAI8jU7Dui8AAD_FPBGU6g
.bidr.io/	1970-01-20 09:33:09	Name: bitoIsSecure Value: ok
.rlcdn.com/	1970-01-20 01:31:03	Name: pxrc Value: CKqv9I4GEgUI6AcQABIGCMrdKhAA
.mandiant.com/	1970-01-20 00:06:05	Name: _clsk Value: 8fq9iv\|1641879466511\|1\|1\|i.clarity.ms/collect
.c.bing.com/	1970-01-20 00:14:44	Name: MR Value: 0
.c.bing.com/	1970-01-20 09:26:15	Name: SRM_B Value: 2FED9C3824346EB00E8A8D11251E6FE4
.adsymptotic.com/	1970-01-20 02:14:15	Name: U Value: 3fe0915da40666b036e4c961e5108806
.mandiant.com/	1970-01-20 02:14:15	Name: _gcl_au Value: 1.1.800335896.1641879467
.mandiant.com/	1970-01-20 17:35:51	Name: _ga_X6642ZTDJ7 Value: GS1.1.1641879465.1.0.1641879465.0
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 09:26:15	Name: MUID Value: 2FED9C3824346EB00E8A8D11251E6FE4
.c.clarity.ms/	1970-01-20 00:14:44	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 00:04:40	Name: ANONCHK Value: 0
.mandiant.com/	1970-01-20 17:35:51	Name: _ga Value: GA1.2.633636701.1641879467
.mandiant.com/	1970-01-20 00:06:05	Name: _gid Value: GA1.2.1420262179.1641879467
.mandiant.com/	1970-01-20 00:04:39	Name: _dc_gtm_UA-203244293-1 Value: 1
.doubleclick.net/	1970-01-20 17:35:51	Name: IDE Value: AHWqTUkyxJn5LANuWvNOY5ZgHuZcOMCuBVgz6gTgsv8ybT1nFc5Kx4zdIMz3syeOujs
.mandiant.com/	1970-01-20 08:50:15	Name: ajs_anonymous_id Value: 106c5e60-c335-42a1-ba1b-5ef33dcf8f6f
.company-target.com/	1970-01-20 17:35:51	Name: tuuid_lu Value: 1641879466
.company-target.com/	1970-01-20 17:35:51	Name: tuuid Value: 4948b152-0d39-4949-8f48-ee6a0591d189
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: db17a83a7f9124b0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11363283.fls.doubleclick.net
11449174.fls.doubleclick.net
177-vpk-082.mktoresp.com
adservice.google.com
analytics.twitter.com
api.company-target.com
api.segment.io
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.segment.com
cdnjs.cloudflare.com
connect.facebook.net
consent.trustarc.com
epsilon.6sense.com
googleads.g.doubleclick.net
i.clarity.ms
id.rlcdn.com
j.6sc.co
js-agent.newrelic.com
match.prod.bidr.io
munchkin.marketo.net
p.adsymptotic.com
px.ads.linkedin.com
px4.ads.linkedin.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
www.facebook.com
www.fireeye.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.mandiant.com
104.18.98.194
104.244.42.133
104.244.42.195
108.174.10.14
13.226.210.81
13.226.222.148
13.226.228.88
13.226.228.89
142.250.65.198
151.101.248.157
151.101.66.137
162.247.242.32
184.87.87.25
192.28.147.68
23.5.233.176
2600:141b:13::17d7:82d0
2606:4700:10::6816:47c5
2606:4700:300b::a29f:f07d
2606:4700:300b::a29f:f67d
2606:4700::6810:135e
2607:f8b0:4006:807::2003
2607:f8b0:4006:816::2002
2607:f8b0:4006:81d::2003
2607:f8b0:4006:81d::2008
2607:f8b0:4006:823::200e
2607:f8b0:4006:824::2002
2607:f8b0:4006:824::2004
2607:f8b0:4023:1404::9b
2620:1ec:21::14
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.200.179.101
34.232.192.29
35.190.60.146
40.91.78.9
52.167.85.21
52.85.193.76
54.213.89.109
68.67.161.207
03bef1eeac54d221d1da744095e12a9caae78fb47a16f0d9a7598fa83cd79fcf
07ed649e749e9698e805596809e2ede372229183ddb6b38fc96f696cff02f085
0c9ab3e7109f42ef98afbad438ec60278ecafc571622d8b190a35c733dbcc0f6
0eab324aea216ff6432155a5cdbd59b7c1429f7d27be852f9dd037c7ade0377c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1b9600459bb5ec64940c2d27208bf4f9fffdde86a99b1cb3c0d12b1ff7fb8ba1
1bb508d41bf1d0c5d56340c7df789b6589350a5f967e1fa937bee5c148d0cb0d
1e604b30bf74a99f8553aa1d811ba74cdde35188d99a30b3adac1fecc3121027
26e6996216334ee71ef0bdc967a8f41b264eb3687fe5f12022de519368120c59
270749f3569f14299a5e7bd98be7e83b6541f90cd8a5d5f1d0dd297fac67db8e
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34e89fde702aa592d82afbb8d98034150cb3a2e6bd67a922af1edd106cf87fe8
381962c3f2fb0a5236950b7486267cb6a0eef9a0fe6ffae827e1359129eaaa0c
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3ebd26a55f8451eea14c5014a59e86ec22233003b3e510aeceaabdb56d3c2f8b
3ef81ca981e510402e45697cadcf31fce15f7cbd9a024b81a8c879fcca495f95
42231b10e994f29f80a27750dd181be671ebf616ce123bc1df008d924696d9e7
479c4083dbc1b58b11fdb9f6c378e6de0a38e33a27dbbb4a5e7cd8ea228cf6ad
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5def95598d4d236dd9b2b346bee8c3572916f744fead7d2105531fa1aff31f5b
65998f681318c1497fe73e31a1f58397bded75650beda7854c40d344b11568c7
762bc62721580cd804e80ef3be945628fb5d4ebaa24dba64c13759d25809cc52
7b01a296367fc523c926b96ce5dc297bacbb008d7fa9191f88496c5770b82e3a
7b7eb2b28fbf8ad29058540ee28e8b49701e0e47351ff25d3b688fcef9b2a88a
7e3c5c4635ca84d4977c4a596f7956fc27794cfbd323b89b19ce92ae98bf90cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b34f175a9850d098edfacb50c3bb97a22975fa0d18570d11fc076676a87781
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
88cb9efe9226cab0669f7f6cdf082ec49a48a58f6411b69864b6f952928b979a
97d1e4d284e6fe8a095605d707f512d2d83d44c079e536f0781f2c1515bfe9a0
97e7573ee44deaa2a2da4d901e4a40181959517f2cfd036c78e8d8555dea111c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ba17fa97dfcf22b549ac3362f681c82a8c654a5a9a63f8e4a6a071c8f049c17
9ca4ce05a9eeb9d9183e71055a57e6759763581b4a9b0e0b801f3cb4114bbb77
9ec192b1be13b5eb7d11e7c8a0f1466ef236e4ba88182bb4cec76a2c7919464e
9ee33831b0f69f4fd2300024df8f2488a4a7a4093cfcc5e28062e128308478f9
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a8ebbe9b4f71b7b2483fff568469c24b7e5443623d6704f7cb7d8e30804f397f
abd7f69296a0eacf7d5a7f88b4223074d6a945e648a44a2a35dc5e000f7b8f57
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b267f1104c66bd39686b5004c803b6f0106fcfd7d570d3e7db86e0f34118101f
b2cb383a30bee467e40ecebb49e4229b1b57efcc2c7632c921cd170a75c74d24
b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad
beac42b65462ad4e2471bcfe647c84d5f7a7ee1de81e00cce603d302fe190b4d
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfbbb6a8bb9482b6bddbba133d70d9ac28fea886ede20ecdaf3110d5c70dba6c
d5e52204236286b67a8515feef15af47eb8f762bb73779f40d01deeb8ecb50b5
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7e80c5f3390f1810ce6c26f926fb89c162791615549c7a7f964d4c5112e0d0
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfaed587b938cc953c5008f257ed1e661e9d2e2f907bd5b520fc4b9348985a88
dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e790121cc1374fe17e880a8f4cf4e427002cb9bebd5bb1b3d80f6e802d6f0014
e7d5375c5c42c888e2166d20b83b4e50a5324c03572ff52d27e6e8da11988822
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
eda14193dcd1162bdf3863a8b94e3f25eea0bf7773c66abb990fa3569521b9de
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f269cafacd48c650b7c76973b7192a4593125d9b957bfa3b57a89e835ec0df1f
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6
fe3bfdac05de97234a1a81c7f09c87f14708cf7bd9a341a63e68613c3c6e40d6
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.mandiant.com Open in urlscan Pro 2606:4700:300b::a29f:f07d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

101 Requests

95 %HTTPS

43 %IPv6

34 Domains

45 Subdomains

36 IPs

2 Countries

1933 kBTransfer

4863 kBSize

44 Cookies

40 Outgoing links

Redirected requests

101 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mandiant.com Open in urlscan Pro
2606:4700:300b::a29f:f07d Public Scan

Screenshot
Live screenshot

Full Image

101
Requests

95 %
HTTPS

43 %
IPv6

34
Domains

45
Subdomains

36
IPs

2
Countries

1933 kB
Transfer

4863 kB
Size

44
Cookies

101 HTTP transactions
0 data transactions