Edit tour

Windows Analysis Report
https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38F

Overview

General Information

Sample URL:	https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMV
Analysis ID:	1514467
Infos:

Detection

Follina CVE-2022-30190

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected Microsoft Office Exploit Follina CVE-2022-30190

Yara detected Powershell decode and execute

Yara detected Powershell download and execute

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Yara signature match

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,5053550496788528240,1529284334004214173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Follina	Yara detected Microsoft Office Exploit Follina / CVE-2022-30190	Joe Security
sslproxydump.pcap	apt_c16_win_wateringhole	Detects code from APT wateringhole	@dragonthreatlab	0x1d15b98:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String( 0x1d1661b:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String( 0x22807e0:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String( 0x2281263:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(
sslproxydump.pcap	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x26d511f:$b1: ::WriteAllBytes( 0x1d15c1d:$b2: ::FromBase64String( 0x1d166a0:$b2: ::FromBase64String( 0x2280865:$b2: ::FromBase64String( 0x22812e8:$b2: ::FromBase64String( 0xc4a24:$s3: reverse 0x157fd2:$s3: reverse 0x15801e:$s3: reverse 0x15802b:$s3: reverse 0x16f94e:$s3: reverse 0x18c5f0:$s3: reverse 0x1c83ae:$s3: reverse 0x1c9ca5:$s3: reverse 0x1ca08c:$s3: reverse 0x1de91f:$s3: Reverse 0x1dea8b:$s3: Reverse 0x1debfb:$s3: Reverse 0x1dedad:$s3: Reverse 0x1def20:$s3: Reverse 0x1df08d:$s3: Reverse 0x1df1ff:$s3: Reverse

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_736	JoeSecurity_Follina	Yara detected Microsoft Office Exploit Follina / CVE-2022-30190	Joe Security
dropped/chromecache_892	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
dropped/chromecache_892	JoeSecurity_PowershellDecodeAndExecute	Yara detected Powershell decode and execute	Joe Security
dropped/chromecache_892	apt_c16_win_wateringhole	Detects code from APT wateringhole	@dragonthreatlab	0x186e7:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String( 0x190de:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(
dropped/chromecache_632	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
dropped/chromecache_632	JoeSecurity_PowershellDecodeAndExecute	Yara detected Powershell decode and execute	Joe Security
dropped/chromecache_632	apt_c16_win_wateringhole	Detects code from APT wateringhole	@dragonthreatlab	0x186e7:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String( 0x190de:$str2: Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(
dropped/chromecache_624	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
dropped/chromecache_617	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
dropped/chromecache_406	JoeSecurity_Follina	Yara detected Microsoft Office Exploit Follina / CVE-2022-30190	Joe Security
Click to see the 5 entries

Suricata Signatures

ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-20T14:30:05.186319+0200	2037083	1	Attempted User Privilege Gain	13.50.141.112	443	192.168.2.4	50883	TCP
2024-09-20T14:30:09.769681+0200	2037083	1	Attempted User Privilege Gain	13.50.141.112	443	192.168.2.4	50971	TCP

ETPRO MALWARE PowerShell Decoding Potential Stage 2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-20T14:30:01.784587+0200	2832502	1	A Network Trojan was detected	13.50.141.112	443	192.168.2.4	50811	TCP
2024-09-20T14:30:06.964322+0200	2832502	1	A Network Trojan was detected	13.50.141.112	443	192.168.2.4	50914	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Exploits

Yara detected Microsoft Office Exploit Follina CVE-2022-30190

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: dropped/chromecache_736, type: DROPPED
Source: Yara match	File source: dropped/chromecache_406, type: DROPPED

Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email

HTTP Parser: Base64 decoded: !nu961,*;p,@

Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No favicon
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No favicon
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No favicon
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No favicon
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.foundationsoft.com/	HTTP Parser: No favicon
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No favicon

Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="author".. found
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="author".. found
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="author".. found
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="author".. found
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No <meta name="author".. found
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No <meta name="author".. found
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No <meta name="author".. found

Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="copyright".. found
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="copyright".. found
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="copyright".. found
Source: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email	HTTP Parser: No <meta name="copyright".. found
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No <meta name="copyright".. found
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No <meta name="copyright".. found
Source: https://www.huntress.com/blog-categories/response-to-incidents	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2832502 - Severity 1 - ETPRO MALWARE PowerShell Decoding Potential Stage 2 : 13.50.141.112:443 -> 192.168.2.4:50811
Source: Network traffic	Suricata IDS: 2037083 - Severity 1 - ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) : 13.50.141.112:443 -> 192.168.2.4:50883
Source: Network traffic	Suricata IDS: 2832502 - Severity 1 - ETPRO MALWARE PowerShell Decoding Potential Stage 2 : 13.50.141.112:443 -> 192.168.2.4:50914
Source: Network traffic	Suricata IDS: 2037083 - Severity 1 - ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) : 13.50.141.112:443 -> 192.168.2.4:50971

Source: global traffic

TCP traffic: 192.168.2.4:50511 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04 HTTP/1.1Host: www.cyderes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /events/public/v1/encoded/track/tc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04?_ud=28cdcd9f-4952-4113-9730-b18c8709f120&_jss=1&_fl=8&_pl=5&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1280,1024 HTTP/1.1Host: www.cyderes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=KkZwfeAeRB9T3Ybkgxb1ljk89rKhWegExK7sV_biT_0-1726835342-1.0.1.1-ihP7Soyii0PDzt6vpGoSYPfB0PMbdsMPRtae1IWyYeWBRU_sHMhGQIMDu1.2XR6Lhv0v9.S2ib6GUzgGRjIQow; __cfruid=1e21363c4ffbf205a55d4495409a89a07e4b73c5-1726835342
Source: global traffic	HTTP traffic detected: GET /blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email HTTP/1.1Host: www.huntress.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /npm/slick-carousel@1.8.1/slick/slick.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.css HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/medium-zoom@1.0.3/dist/medium-zoom.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-richtext@1/richtext.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66abcfee331da80089b29d7e_Huntress%20Logo%20Wide%20Teal.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/js/huntress-new.28c3b280d.js HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rich-text-enhancer/bundle.v1.0.0.js HTTP/1.1Host: tools.refokus.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2 HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3911692.js HTTP/1.1Host: js.hs-scripts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2 HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2 HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2 HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gleeda/7d3165787015692aec4d2aad740ab8fe.js HTTP/1.1Host: gist.github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/slick-carousel@1.8.1/slick/slick.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66abcfee331da80089b29d7e_Huntress%20Logo%20Wide%20Teal.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rich-text-enhancer/bundle.v1.0.0.js HTTP/1.1Host: tools.refokus.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3911692.js HTTP/1.1Host: js.hs-scripts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /us1/v5/datadog-rum.js HTTP/1.1Host: www.datadoghq-browser-agent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /include/1726835400000/5d3cypit2iz8.js HTTP/1.1Host: js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/gist-embed-38aeddf8d15a.css HTTP/1.1Host: github.githubassets.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/js/huntress-new.28c3b280d.js HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gleeda/7d3165787015692aec4d2aad740ab8fe.js HTTP/1.1Host: gist.github.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/66e88ca4db87912b833221bc_AD_4nXfOwDpF0yBEfx9g2KQU_7gC1nQg6KooRMNo04vFs1ifPF6jT0n6r4w0SZAd9fd5olhmUACBtCzTKgcB4_cTsAwdFPOcqi1EKiAeOCNkiYXMbTYFUgVNlXkA_YNsqmR84gUmAr0CZKGM0HE7qSitXg4ZgvI.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3_24_2_kzhk9kjvjzpzdnk61lg3.js HTTP/1.1Host: static.huntresscdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives-embed.js HTTP/1.1Host: js.hubspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /leadflows.js HTTP/1.1Host: js.hsleadflows.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/1726835100000/3911692.js HTTP/1.1Host: js.hs-analytics.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3911692.js HTTP/1.1Host: js.hs-banner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fb.js HTTP/1.1Host: js.hsadspixel.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collectedforms.js HTTP/1.1Host: js.hscollectedforms.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=yya36n8lxzog HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/pixel.js HTTP/1.1Host: www.redditstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/hotjar-2159185.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: cta-service-cms2.hubspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collected-forms/v1/config/json?portalId=3911692&utk= HTTP/1.1Host: forms.hscollectedforms.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widget/dist/NeverBounce.js HTTP/1.1Host: cdn.neverbounce.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ping.min.js HTTP/1.1Host: pixel.byspotify.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%2520EMDR%2520Intelligence%2520Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email&e= HTTP/1.1Host: tracking.g2crowd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /events.js HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry HTTP/1.1Host: www.redditstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pixels/t2_12z44i/config HTTP/1.1Host: pixel-config.reddit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-GCTMBVFESS&gacid=802109752.1726835353&gtm=45je49j0v9122196611z89171248136za200zb9171248136&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421&z=1522092947 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rp.gif?ts=1726835352270&id=t2_12z44i&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=817e47f3-3def-4930-9b06-a0005d41eba1&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_e9773deb&dpm=&dpcc=&dprc= HTTP/1.1Host: alb.reddit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embed/v3/counters.gif?key=config-loaded-success&value=1 HTTP/1.1Host: perf-na1.hsforms.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2 HTTP/1.1Host: forms.hsforms.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/66e88ca4db87912b833221bc_AD_4nXfOwDpF0yBEfx9g2KQU_7gC1nQg6KooRMNo04vFs1ifPF6jT0n6r4w0SZAd9fd5olhmUACBtCzTKgcB4_cTsAwdFPOcqi1EKiAeOCNkiYXMbTYFUgVNlXkA_YNsqmR84gUmAr0CZKGM0HE7qSitXg4ZgvI.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fb.js HTTP/1.1Host: js.hsadspixel.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3_24_2_kzhk9kjvjzpzdnk61lg3.js HTTP/1.1Host: static.huntresscdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives-embed.js HTTP/1.1Host: js.hubspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /leadflows.js HTTP/1.1Host: js.hsleadflows.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/1726835100000/3911692.js HTTP/1.1Host: js.hs-analytics.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collectedforms.js HTTP/1.1Host: js.hscollectedforms.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3911692.js HTTP/1.1Host: js.hs-banner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/pixel.js HTTP/1.1Host: www.redditstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /us1/v5/datadog-rum.js HTTP/1.1Host: www.datadoghq-browser-agent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /include/1726835400000/5d3cypit2iz8.js HTTP/1.1Host: js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sa.css HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw
Source: global traffic	HTTP traffic detected: GET /saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&t=Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress&tip=EdLJ8wtMAAZjrQjdUHdYQjeX1-gsKyUY41w1YDIrVrc&host=https%3A%2F%2Fwww.huntress.com&l_src=&l_src_d=&u_src=hs_email&u_src_d=2024-09-20T12%3A29%3A14.958Z&shop=false&sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw&sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo&sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw
Source: global traffic	HTTP traffic detected: GET /sa.jpeg HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/action/187135658.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /signals/config/403957864408442?v=2.9.167&r=stable&domain=www.huntress.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/t3bQSayBNZay3AlGqfTWX-kXKQVLgnR7Ylzfc1IrTxc.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=yya36n8lxzogAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4f26952d-2a31-4087-afd0-8204d6df9832&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=daf947f7-18a2-44e3-9bf3-3ce82a5c298c&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4f26952d-2a31-4087-afd0-8204d6df9832&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=daf947f7-18a2-44e3-9bf3-3ce82a5c298c&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_567032 HTTP/1.1Host: api.neverbounce.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /modules.0721e7cf944cf9d78a0b.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry HTTP/1.1Host: www.redditstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collected-forms/v1/config/json?portalId=3911692&utk= HTTP/1.1Host: forms.hscollectedforms.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: cta-service-cms2.hubspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=yDTqM.QV_yon5q0wCQwxmm_SMsU9tC.R.bzgeueScyM-1726835357-1.0.1.1-Jm09yUDqJRDaZUBlOBhE7GuqHlpUbXtHk3D1jryOgT2WG97SIcQQKTRs7P0Kps8yh7MI_4q3Sbntjy6ysFL5aQ; _cfuvid=7Kr9.OpOE3xOMKgFNycrVxwF3RIEUG.pXAjb7_zSC.w-1726835357756-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /action/0?ti=187135658&Ver=2&mid=cb6bc014-c188-4332-9eca-25b6791c6740&sid=f3f1cd40774b11ef8c236b760e7c7256&vid=f3f2c300774b11efada401c2fdee9d80&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&r=&lt=9693&evt=pageLoad&sv=1&cdb=AQAQ&rn=898361 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /ping.min.js HTTP/1.1Host: pixel.byspotify.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%2520EMDR%2520Intelligence%2520Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email&e= HTTP/1.1Host: tracking.g2crowd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=sYnno6Exr4ULsoo4qxaPykw.usUpdQsfQs1Hxr9QuOk-1726835355-1.0.1.1-QZbaa..IfeHX7iIOZ0sRUZUE0fNUFe8IFhv4zZeWB1H8lXY4cpR59P3UdxVsNr9uDUY_GVnh2ovadjMzQWMF4A
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=yya36n8lxzogAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a/gif.gif?actTypeId=31&cid=17715818&r=1726835354763&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&version=2.4 HTTP/1.1Host: ibc-flow.techtarget.comConnection: keep-aliveibc_rate_tier: 17715818sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widget/dist/NeverBounce.js HTTP/1.1Host: cdn.neverbounce.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /events.js HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw
Source: global traffic	HTTP traffic detected: GET /c/hotjar-2159185.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2 HTTP/1.1Host: forms.hsforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=kw7a54PKmOoyTHlYMczA4UQhqk0VkawKjpHJieRlyOg-1726835357-1.0.1.1-50XuMmnxDipENnxkNr6CF67zOg7ivkQakljNfouZroBz.Rx00N5Be86aGD3LoWjBKAIJeu9xSSUon9FC5pswPQ; _cfuvid=MhPxD.t5a.s6O381J.rDJPFirRLuGmKh6biQ6yC83Ps-1726835357354-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /pixels/t2_12z44i/config HTTP/1.1Host: pixel-config.reddit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /embed/v3/counters.gif?key=config-loaded-success&value=1 HTTP/1.1Host: perf-na1.hsforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=kw7a54PKmOoyTHlYMczA4UQhqk0VkawKjpHJieRlyOg-1726835357-1.0.1.1-50XuMmnxDipENnxkNr6CF67zOg7ivkQakljNfouZroBz.Rx00N5Be86aGD3LoWjBKAIJeu9xSSUon9FC5pswPQ; _cfuvid=MhPxD.t5a.s6O381J.rDJPFirRLuGmKh6biQ6yC83Ps-1726835357354-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /getuidj HTTP/1.1Host: secure.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835358399&sw=1280&sh=1024&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835358399&sw=1280&sh=1024&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: not-navigation-source, trigger, event-sourceReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rp.gif?ts=1726835352270&id=t2_12z44i&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=817e47f3-3def-4930-9b06-a0005d41eba1&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_e9773deb&dpm=&dpcc=&dprc= HTTP/1.1Host: alb.reddit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4f26952d-2a31-4087-afd0-8204d6df9832&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=daf947f7-18a2-44e3-9bf3-3ce82a5c298c&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=05132678-e7b1-4701-b864-66f5b78b3c42; __cf_bm=4To780TRpV.vS99OlTsuo_.9XkOZuSiVrEK9Z26CY_0-1726835358-1.0.1.1-zRrZR4yVPsEtrblTpk.k40CMY0uznfgbiQyXyDy5bfhTPiQWVWZNTDj5Vv7ok8tItEB9rEnn6ETV_hGN1WSLVA
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/action/187135658.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MR=0
Source: global traffic	HTTP traffic detected: GET /v1/ingest HTTP/1.1Host: pixels.spotify.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4f26952d-2a31-4087-afd0-8204d6df9832&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=daf947f7-18a2-44e3-9bf3-3ce82a5c298c&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: guest_id_marketing=v1%3A172683535853486226; guest_id_ads=v1%3A172683535853486226; personalization_id="v1_fY3Bce5v/Rs00ev+LxzE8w=="; guest_id=v1%3A172683535853486226
Source: global traffic	HTTP traffic detected: GET /js/bg/t3bQSayBNZay3AlGqfTWX-kXKQVLgnR7Ylzfc1IrTxc.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&t=Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress&tip=EdLJ8wtMAAZjrQjdUHdYQjeX1-gsKyUY41w1YDIrVrc&host=https%3A%2F%2Fwww.huntress.com&l_src=&l_src_d=&u_src=hs_email&u_src_d=2024-09-20T12%3A29%3A14.958Z&shop=false&sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw&sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo&sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw
Source: global traffic	HTTP traffic detected: GET /sa.jpeg HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw
Source: global traffic	HTTP traffic detected: GET /v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_567032 HTTP/1.1Host: api.neverbounce.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a/gif.gif?actTypeId=31&cid=17715818&r=1726835354763&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&version=2.4 HTTP/1.1Host: ibc-flow.techtarget.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=z5ATAeghYXQscaur.ko6LBOj8iVb0E4ErVdYaGvtU64-1726835355-1.0.1.1-SXNa208dIRPuxtaoWVpz67RlwXNZ46gjdgZ0IY6Sn6_ZPzhTetfuv3S2By7FIrDktLjTDNDXYdlFIBwTltwGcQ
Source: global traffic	HTTP traffic detected: GET /signals/config/403957864408442?v=2.9.167&r=stable&domain=www.huntress.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /modules.0721e7cf944cf9d78a0b.js HTTP/1.1Host: script.hotjar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getuidj HTTP/1.1Host: secure.adnxs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835358399&sw=1280&sh=1024&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835358399&sw=1280&sh=1024&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lead-flows-config/v1/config/json?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: forms.hubspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lead-flows-config/v1/config/json?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: forms.hubspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=yDTqM.QV_yon5q0wCQwxmm_SMsU9tC.R.bzgeueScyM-1726835357-1.0.1.1-Jm09yUDqJRDaZUBlOBhE7GuqHlpUbXtHk3D1jryOgT2WG97SIcQQKTRs7P0Kps8yh7MI_4q3Sbntjy6ysFL5aQ; _cfuvid=7Kr9.OpOE3xOMKgFNycrVxwF3RIEUG.pXAjb7_zSC.w-1726835357756-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /js_tracking?url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software&uid=yZKscIIzalsoNin7qAYxQw&v=1&host=https%3A%2F%2Fwww.huntress.com&l_src=&l_src_d=&u_src=hs_email&u_src_d=2024-09-20T12%3A29%3A14.958Z&shop=false HTTP/1.1Host: tags.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id=s%3A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%2BnIDtZVp3vzenSYI; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v2=s%3ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw; sa-user-id-v3=s%3AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%2BOtibvooVqq7ObUEv5%2BSNuwF%2BSNTLTHw
Source: global traffic	HTTP traffic detected: GET /zi-tag.js HTTP/1.1Host: js.zi-scripts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=3911692&rcu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&t=Cracks+in+the+Foundation%3A+Intrusions+of+FOUNDATION+Accounting+Software+%7C+Huntress&cts=1726835369872&vi=e7b8316db2e32b920a737d5d0e9995fd&nc=true&ce=false&pt=1&cc=0 HTTP/1.1Host: track.hubspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=yDTqM.QV_yon5q0wCQwxmm_SMsU9tC.R.bzgeueScyM-1726835357-1.0.1.1-Jm09yUDqJRDaZUBlOBhE7GuqHlpUbXtHk3D1jryOgT2WG97SIcQQKTRs7P0Kps8yh7MI_4q3Sbntjy6ysFL5aQ; _cfuvid=7Kr9.OpOE3xOMKgFNycrVxwF3RIEUG.pXAjb7_zSC.w-1726835357756-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /zi-tag.js HTTP/1.1Host: js.zi-scripts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=3911692&rcu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&t=Cracks+in+the+Foundation%3A+Intrusions+of+FOUNDATION+Accounting+Software+%7C+Huntress&cts=1726835369872&vi=e7b8316db2e32b920a737d5d0e9995fd&nc=true&ce=false&pt=1&cc=0 HTTP/1.1Host: track.hubspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=yDTqM.QV_yon5q0wCQwxmm_SMsU9tC.R.bzgeueScyM-1726835357-1.0.1.1-Jm09yUDqJRDaZUBlOBhE7GuqHlpUbXtHk3D1jryOgT2WG97SIcQQKTRs7P0Kps8yh7MI_4q3Sbntjy6ysFL5aQ; _cfuvid=7Kr9.OpOE3xOMKgFNycrVxwF3RIEUG.pXAjb7_zSC.w-1726835357756-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /com.snowplowanalytics.snowplow/tp2 HTTP/1.1Host: t.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835370..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.2; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c
Source: global traffic	HTTP traffic detected: GET /unified/v1/master/getSubscriptions HTTP/1.1Host: js.zi-scripts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"Content-Type: application/jsonsec-ch-ua-mobile: ?0Authorization: Bearer 5880e3e5891679926699User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36visited_url: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_emailAccept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /unified/v1/master/getSubscriptions HTTP/1.1Host: js.zi-scripts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2 HTTP/1.1Host: webhooks.fivetran.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pixel/62f67a71a4cf97008ef6d460/?iszitag=true HTTP/1.1Host: ws.zoominfo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/javascriptvisited-url: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email_vtok: OC40Ni4xMjMuMzM=_zitok: c59f3dabf15c2190f28e1726835373sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr/?id=403957864408442&ev=SubscribedButtonClick&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835372587&cd[buttonFeatures]=%7B%22classList%22%3A%22%22%2C%22destination%22%3A%22%22%2C%22id%22%3A%22hs-en-cookie-confirmation-buttons-area%22%2C%22imageUrl%22%3A%22%22%2C%22innerText%22%3A%22Accept%5CnDecline%22%2C%22numChildButtons%22%3A3%2C%22tag%22%3A%22div%22%2C%22type%22%3Anull%7D&cd[buttonText]=Accept%0ADecline&cd[formFeatures]=%5B%5D&cd[pageFeatures]=%7B%22title%22%3A%22Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress%22%7D&cd[parameters]=%5B%5D&sw=1280&sh=1024&v=2.9.167&r=stable&ec=1&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&es=automatic&tm=3&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=403957864408442&ev=SubscribedButtonClick&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835372587&cd[buttonFeatures]=%7B%22classList%22%3A%22%22%2C%22destination%22%3A%22%22%2C%22id%22%3A%22hs-en-cookie-confirmation-buttons-area%22%2C%22imageUrl%22%3A%22%22%2C%22innerText%22%3A%22Accept%5CnDecline%22%2C%22numChildButtons%22%3A3%2C%22tag%22%3A%22div%22%2C%22type%22%3Anull%7D&cd[buttonText]=Accept%0ADecline&cd[formFeatures]=%5B%5D&cd[pageFeatures]=%7B%22title%22%3A%22Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress%22%7D&cd[parameters]=%5B%5D&sw=1280&sh=1024&v=2.9.167&r=stable&ec=1&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&es=automatic&tm=3&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: trigger=navigation-source, event-sourceReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pixel/62f67a71a4cf97008ef6d460/?iszitag=true HTTP/1.1Host: ws.zoominfo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=mdJ4ZkOM50BCbDNEloZIoEn8Ve94aTg4K8wEjRTrAz0-1726835374-1.0.1.1-1A_nkRjWJ3MG9GfKK5q6RtVynjAv25NXoF71F8ctNLctJtjAvcf55nEP0WnZHr4RhEhXYCkvG40RumpIccp.6g; _cfuvid=J.B0J.468L.9BJ8qt5O.wNhQJEjtoQscsY5FlKPHW0c-1726835374842-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /tr/?id=403957864408442&ev=SubscribedButtonClick&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835372587&cd[buttonFeatures]=%7B%22classList%22%3A%22%22%2C%22destination%22%3A%22%22%2C%22id%22%3A%22hs-en-cookie-confirmation-buttons-area%22%2C%22imageUrl%22%3A%22%22%2C%22innerText%22%3A%22Accept%5CnDecline%22%2C%22numChildButtons%22%3A3%2C%22tag%22%3A%22div%22%2C%22type%22%3Anull%7D&cd[buttonText]=Accept%0ADecline&cd[formFeatures]=%5B%5D&cd[pageFeatures]=%7B%22title%22%3A%22Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress%22%7D&cd[parameters]=%5B%5D&sw=1280&sh=1024&v=2.9.167&r=stable&ec=1&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&es=automatic&tm=3&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=403957864408442&ev=SubscribedButtonClick&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&rl=&if=false&ts=1726835372587&cd[buttonFeatures]=%7B%22classList%22%3A%22%22%2C%22destination%22%3A%22%22%2C%22id%22%3A%22hs-en-cookie-confirmation-buttons-area%22%2C%22imageUrl%22%3A%22%22%2C%22innerText%22%3A%22Accept%5CnDecline%22%2C%22numChildButtons%22%3A3%2C%22tag%22%3A%22div%22%2C%22type%22%3Anull%7D&cd[buttonText]=Accept%0ADecline&cd[formFeatures]=%5B%5D&cd[pageFeatures]=%7B%22title%22%3A%22Cracks%20in%20the%20Foundation%3A%20Intrusions%20of%20FOUNDATION%20Accounting%20Software%20%7C%20Huntress%22%7D&cd[parameters]=%5B%5D&sw=1280&sh=1024&v=2.9.167&r=stable&ec=1&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835354947&coo=false&es=automatic&tm=3&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835374650&i=gtm&dwt=4775&ive=blur HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835374650&i=gtm&dwt=4775&ive=blur HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets/css/cookie-notice.css?ver=3.4.19 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/style.css?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/framework/dist/css/site/stacks/integrity-light.css?ver=6.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro-child/style.css?ver=6.5.7.1724669600 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/searchwp/assets/css/frontend/search-forms.css?ver=4.3.16 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835375916&i=gtm&dwt=8&ive=blur HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro-child/scripts.js?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4.1680526300 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/presto-player/dist/components/web-components/web-components.esm.js?ver=1726113917 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.foundationsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/fonts/fa-solid-900.woff2?ver=6.5.2 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.foundationsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/fonts/fa-regular-400.woff2?ver=6.5.2 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.foundationsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/iframe-resizer/4.2.11/iframeResizer.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/06/fsl-logo.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/09/ConstructionHeader-V2-3-compressed.jpg HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/02/64303163-0-2023-05-ATT-Mobile-p.webp HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/07/WhyFoundationSection-compressed.webp HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835375916&i=gtm&dwt=8&ive=blur HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro-child/scripts.js?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4.1680526300 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/presto-player/dist/components/web-components/web-components.esm.js?ver=1726113917 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/iframe-resizer/4.2.11/iframeResizer.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/fonts/fa-brands-400.woff2?ver=6.5.2 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.foundationsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /l/970183/2022-10-11/2cxrl HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /l/970183/2022-10-06/2c3zl HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/06/fsl-logo.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/js/site/cs-classic.7.5.7.js?ver=7.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/09/ConstructionHeader-V2-3-compressed.jpg HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/07/WhyFoundationSection-compressed.webp HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/02/64303163-0-2023-05-ATT-Mobile-p.webp HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /l/970183/2022-10-11/2cxrl HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/form.css?ver=2021-09-20 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /js/piUtils.js?ver=2021-09-20 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MR=0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets/js/cookie-notice-front.js?ver=3.4.19 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/framework/dist/js/site/x.js?ver=6.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/js/site/cs-accordion.7.5.7.js?ver=7.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/js/site/cs-sliders.7.5.7.js?ver=7.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /dcjs/970183/558/dc.js?asset_type=form&asset_id=5297 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-06/2c3zlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /javascript/highlight.js HTTP/1.1Host: cdn.schemaapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dcjs/970183/558/dc.js?asset_type=form&asset_id=5360 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/presto-player/dist/components/web-components/p-43f79dfb.js HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.foundationsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/presto-player/dist/components/web-components/p-e1255160.js HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.foundationsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/comment-reply.min.js?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/js/site/cs-accordion.7.5.7.js?ver=7.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /dcjs/970183/558/dc.js?asset_type=form&asset_id=5360 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets/js/cookie-notice-front.js?ver=3.4.19 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /dcjs/970183/558/dc.js?asset_type=form&asset_id=5297 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /dcjs/970183/558/dc.js?asset_type=form&asset_id=5360 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /js/piUtils.js?ver=2021-09-20 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/cornerstone/assets/js/site/cs-sliders.7.5.7.js?ver=7.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/04/2nd-Section.jpg HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/04/p4c-logo.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/pro/framework/dist/js/site/x.js?ver=6.5.7 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/iframe-resizer/4.2.11/iframeResizer.contentWindow.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/hotjar-2150031.js?sv=7 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/05/workmax-hover-1536x342.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-S26LX9DYQD&gacid=1755879698.1726835380&gtm=45je49j0v869536148z878376671za200zb78376671&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=991962348 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/08/SafetyHQ-Logo.webp HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/presto-player/dist/components/web-components/p-e1255160.js HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /dcjs/970183/558/dc.js?asset_type=form&asset_id=5360 HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/presto-player/dist/components/web-components/p-43f79dfb.js HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/comment-reply.min.js?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/04/p4c-logo.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/04/2nd-Section.jpg HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /ajax/libs/iframe-resizer/4.2.11/iframeResizer.contentWindow.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /javascript/highlight.js HTTP/1.1Host: cdn.schemaapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdnr/94/acton/bn/tracker/17367 HTTP/1.1Host: info.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /p/action/5740310.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MR=0
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4 HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/05/workmax-hover-1536x342.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /c/hotjar-2150031.js?sv=7 HTTP/1.1Host: static.hotjar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bbbcf811d8437a575d796a4c1e5d4fad"If-Modified-Since: Tue, 26 Mar 2024 20:58:07 GMT
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=b1bcdb4a-20c4-4018-8f69-9ae3e4c1e79e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66ca7fd3-6b8c-4e97-9b70-221f6b4586bd&tw_document_href=https%3A%2F%2Fwww.foundationsoft.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzica&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=05132678-e7b1-4701-b864-66f5b78b3c42; __cf_bm=4To780TRpV.vS99OlTsuo_.9XkOZuSiVrEK9Z26CY_0-1726835358-1.0.1.1-zRrZR4yVPsEtrblTpk.k40CMY0uznfgbiQyXyDy5bfhTPiQWVWZNTDj5Vv7ok8tItEB9rEnn6ETV_hGN1WSLVA
Source: global traffic	HTTP traffic detected: GET /com.snowplowanalytics.snowplow/tp2 HTTP/1.1Host: t.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835380..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4
Source: global traffic	HTTP traffic detected: GET /modules.0721e7cf944cf9d78a0b.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=b1bcdb4a-20c4-4018-8f69-9ae3e4c1e79e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66ca7fd3-6b8c-4e97-9b70-221f6b4586bd&tw_document_href=https%3A%2F%2Fwww.foundationsoft.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzica&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: guest_id_marketing=v1%3A172683535853486226; guest_id_ads=v1%3A172683535853486226; personalization_id="v1_fY3Bce5v/Rs00ev+LxzE8w=="; guest_id=v1%3A172683535853486226
Source: global traffic	HTTP traffic detected: GET /td/rul/1072600148?random=1726835380865&cv=11&fst=1726835380865&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49j0v868615713z878376671za201zb78376671&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.foundationsoft.com%2F&hn=www.googleadservices.com&frm=0&tiba=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&npa=0&pscdl=noapi&auid=1327568034.1726835378&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/08/SafetyHQ-Logo.webp HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga=GA1.1.1755879698.1726835380; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0
Source: global traffic	HTTP traffic detected: GET /action/0?ti=5740310&tm=gtm002&Ver=2&mid=f5b4423b-545f-4fdc-838d-56ad636fd170&sid=024628b0774c11efb170275a5f1ff82f&vid=02463e70774c11ef8a0619cbd0a972f9&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&p=https%3A%2F%2Fwww.foundationsoft.com%2F&r=&lt=5449&evt=pageLoad&sv=1&cdb=AQAA&rn=980122 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MR=0
Source: global traffic	HTTP traffic detected: GET /p/action/5740310.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MR=0
Source: global traffic	HTTP traffic detected: GET /pagead/viewthroughconversion/1072600148/?random=1726835380865&cv=11&fst=1726835380865&bg=ffffff&guid=ON&async=1&gtm=45be49j0v868615713z878376671za201zb78376671&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.foundationsoft.com%2F&hn=www.googleadservices.com&frm=0&tiba=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&npa=0&pscdl=noapi&auid=1327568034.1726835378&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlpzIjr-7VIIrf-0-WV127xY26qDVbNIuqhuRJe7zi5Jh67nYagqHenXAR-
Source: global traffic	HTTP traffic detected: GET /signals/config/347646367428939?v=2.9.167&r=stable&domain=www.foundationsoft.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /highlighter/prod/FoundationSoftware/FoundationSoftware1/v2/aHR0cHM6Ly93d3cuZm91bmRhdGlvbnNvZnQuY29t HTTP/1.1Host: cdn.schemaapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonx-account-id: FoundationSoftware/FoundationSoftware1sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.foundationsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9oZWxsby5mb3VuZGF0aW9uc29mdC5jb206NDQz&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=5qjg13nelqok HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9oZWxsby5mb3VuZGF0aW9uc29mdC5jb206NDQz&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=dz5us94o35s1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=b1bcdb4a-20c4-4018-8f69-9ae3e4c1e79e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66ca7fd3-6b8c-4e97-9b70-221f6b4586bd&tw_document_href=https%3A%2F%2Fwww.foundationsoft.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzica&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=05132678-e7b1-4701-b864-66f5b78b3c42; __cf_bm=4To780TRpV.vS99OlTsuo_.9XkOZuSiVrEK9Z26CY_0-1726835358-1.0.1.1-zRrZR4yVPsEtrblTpk.k40CMY0uznfgbiQyXyDy5bfhTPiQWVWZNTDj5Vv7ok8tItEB9rEnn6ETV_hGN1WSLVA
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9oZWxsby5mb3VuZGF0aW9uc29mdC5jb206NDQz&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=rml808mevu76 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4 HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
Source: global traffic	HTTP traffic detected: GET /FoundationSoftware/FoundationSoftware1/aHR0cHM6Ly93d3cuZm91bmRhdGlvbnNvZnQuY29tLw HTTP/1.1Host: data.schemaapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonx-account-id: FoundationSoftware/FoundationSoftware1sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.foundationsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=b1bcdb4a-20c4-4018-8f69-9ae3e4c1e79e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66ca7fd3-6b8c-4e97-9b70-221f6b4586bd&tw_document_href=https%3A%2F%2Fwww.foundationsoft.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzica&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: guest_id_marketing=v1%3A172683535853486226; guest_id_ads=v1%3A172683535853486226; personalization_id="v1_fY3Bce5v/Rs00ev+LxzE8w=="; guest_id=v1%3A172683535853486226
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=7&site_id=2150031 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://www.foundationsoft.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: Kgp2nFEGuJRhfNzuYUgKbQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/1072600148/?random=1726835380865&cv=11&fst=1726833600000&bg=ffffff&guid=ON&async=1&gtm=45be49j0v868615713z878376671za201zb78376671&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.foundationsoft.com%2F&hn=www.googleadservices.com&frm=0&tiba=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&npa=0&pscdl=noapi&auid=1327568034.1726835378&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfJsjAqrUzF_1z5e5XMCafD0fPo8HLglmCms9ePNiJnkuDa3IR&random=1223636476&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2 HTTP/1.1Host: webhooks.fivetran.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/viewthroughconversion/1072600148/?random=1726835380865&cv=11&fst=1726835380865&bg=ffffff&guid=ON&async=1&gtm=45be49j0v868615713z878376671za201zb78376671&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.foundationsoft.com%2F&hn=www.googleadservices.com&frm=0&tiba=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&npa=0&pscdl=noapi&auid=1327568034.1726835378&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkVw5RGLc2q89x7ihwhM-m5faLgJ9_jFnEwcxLR_EBykyPkk6QV64U87AkH
Source: global traffic	HTTP traffic detected: GET /tr/?id=347646367428939&ev=PageView&dl=https%3A%2F%2Fwww.foundationsoft.com%2F&rl=&if=false&ts=1726835382603&sw=1280&sh=1024&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1726835382602.901974263764085373&ler=empty&cdl=API_unavailable&it=1726835381310&coo=false&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=347646367428939&ev=PageView&dl=https%3A%2F%2Fwww.foundationsoft.com%2F&rl=&if=false&ts=1726835382603&sw=1280&sh=1024&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1726835382602.901974263764085373&ler=empty&cdl=API_unavailable&it=1726835381310&coo=false&tm=1&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: trigger, event-sourceReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signals/config/347646367428939?v=2.9.167&r=stable&domain=www.foundationsoft.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /highlighter/prod/FoundationSoftware/FoundationSoftware1/v2/aHR0cHM6Ly93d3cuZm91bmRhdGlvbnNvZnQuY29t HTTP/1.1Host: cdn.schemaapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9oZWxsby5mb3VuZGF0aW9uc29mdC5jb206NDQz&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=dz5us94o35s1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/t3bQSayBNZay3AlGqfTWX-kXKQVLgnR7Ylzfc1IrTxc.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9oZWxsby5mb3VuZGF0aW9uc29mdC5jb206NDQz&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&cb=dz5us94o35s1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?site_id=2150031&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/1072600148/?random=1726835380865&cv=11&fst=1726833600000&bg=ffffff&guid=ON&async=1&gtm=45be49j0v868615713z878376671za201zb78376671&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.foundationsoft.com%2F&hn=www.googleadservices.com&frm=0&tiba=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&npa=0&pscdl=noapi&auid=1327568034.1726835378&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfJsjAqrUzF_1z5e5XMCafD0fPo8HLglmCms9ePNiJnkuDa3IR&random=1223636476&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tr/?id=347646367428939&ev=PageView&dl=https%3A%2F%2Fwww.foundationsoft.com%2F&rl=&if=false&ts=1726835382603&sw=1280&sh=1024&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1726835382602.901974263764085373&ler=empty&cdl=API_unavailable&it=1726835381310&coo=false&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=347646367428939&ev=PageView&dl=https%3A%2F%2Fwww.foundationsoft.com%2F&rl=&if=false&ts=1726835382603&sw=1280&sh=1024&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1726835382602.901974263764085373&ler=empty&cdl=API_unavailable&it=1726835381310&coo=false&tm=1&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /FoundationSoftware/FoundationSoftware1/aHR0cHM6Ly93d3cuZm91bmRhdGlvbnNvZnQuY29tLw HTTP/1.1Host: data.schemaapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pd.js HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/05/cropped-chevron-icon-32x32.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146571&account_id=971183&title=&url=https%3A%2F%2Fhello.foundationsoft.com%2Fl%2F970183%2F2022-10-11%2F2cxrl&referrer=https%3A%2F%2Fwww.foundationsoft.com%2F HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146556&account_id=971183&title=&url=https%3A%2F%2Fhello.foundationsoft.com%2Fl%2F970183%2F2022-10-06%2F2c3zl&referrer=https%3A%2F%2Fwww.foundationsoft.com%2F HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-06/2c3zlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146436&account_id=971183&title=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&url=https%3A%2F%2Fwww.foundationsoft.com%2F&referrer= HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /pd.js HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/05/cropped-chevron-icon-32x32.png HTTP/1.1Host: www.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /core/assets/js/runtime~main.23dacaf3.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://rc-widget-frame.js.driftt.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/9.4a3e9801.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://rc-widget-frame.js.driftt.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146571&account_id=971183&title=&url=https%3A%2F%2Fhello.foundationsoft.com%2Fl%2F970183%2F2022-10-11%2F2cxrl&referrer=https%3A%2F%2Fwww.foundationsoft.com%2F HTTP/1.1Host: hello.foundationsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146571&account_id=971183&title=&url=https%3A%2F%2Fhello.foundationsoft.com%2Fl%2F970183%2F2022-10-11%2F2cxrl&referrer=https%3A%2F%2Fwww.foundationsoft.com%2F HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146556&account_id=971183&title=&url=https%3A%2F%2Fhello.foundationsoft.com%2Fl%2F970183%2F2022-10-06%2F2c3zl&referrer=https%3A%2F%2Fwww.foundationsoft.com%2F HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373
Source: global traffic	HTTP traffic detected: GET /analytics?conly=true&visitor_id=313668642&visitor_id_sign=b069f543db16259c3cfd994c855a51d87936a452ddeaf0ba3be58cb6697f32b5c2449dfeb6e49280b577d65e115faae086148a09&pi_opt_in=&campaign_id=146436&account_id=971183&title=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20\|%20Foundation%20Software&url=https://www.foundationsoft.com/&referrer= HTTP/1.1Host: pi.pardot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=7&site_id=2150031 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://www.foundationsoft.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: WC1qEz2EUnKniFD0+IcZ7Q==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146436&account_id=971183&title=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20%7C%20Foundation%20Software&url=https%3A%2F%2Fwww.foundationsoft.com%2F&referrer= HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373; visitor_id970183=313668642; visitor_id970183-hash=b069f543db16259c3cfd994c855a51d87936a452ddeaf0ba3be58cb6697f32b5c2449dfeb6e49280b577d65e115faae086148a09; lpv970183=aHR0cHM6Ly93d3cuZm91bmRhdGlvbnNvZnQuY29tLw%3D%3D
Source: global traffic	HTTP traffic detected: GET /core/assets/js/main~493df0b3.91dc5a14.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://rc-widget-frame.js.driftt.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=146571&account_id=971183&title=&url=https%3A%2F%2Fhello.foundationsoft.com%2Fl%2F970183%2F2022-10-11%2F2cxrl&referrer=https%3A%2F%2Fwww.foundationsoft.com%2F HTTP/1.1Host: hello.foundationsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1327568034.1726835378; _ga_S26LX9DYQD=GS1.1.1726835379.1.0.1726835379.60.0.0; _ga_H9W8D4RX40=GS1.1.1726835380.1.0.1726835380.0.0.0; _uetsid=024628b0774c11efb170275a5f1ff82f; _uetvid=02463e70774c11ef8a0619cbd0a972f9; _ga=GA1.2.1755879698.1726835380; _gid=GA1.2.1612450582.1726835382; _gat_UA-30919619-1=1; _hjSessionUser_2150031=eyJpZCI6ImNhZDc1YWZmLWE1M2YtNTZiNi1iN2I3LTgyM2FkMzc1OTEyMCIsImNyZWF0ZWQiOjE3MjY4MzUzODIwOTYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2150031=eyJpZCI6IjExMjczNjUyLWZmNjAtNGMyMy1hNTAxLWVkYjY1ZTNlZDdjNiIsImMiOjE3MjY4MzUzODIwOTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _fbp=fb.1.1726835382602.901974263764085373; visitor_id970183=313668642; visitor_id970183-hash=b069f543db16259c3cfd994c855a51d87936a452ddeaf0ba3be58cb6697f32b5c2449dfeb6e49280b577d65e115faae086148a09; lpv970183=aHR0cHM6Ly93d3cuZm91bmRhdGlvbnNvZnQuY29tLw%3D%3D
Source: global traffic	HTTP traffic detected: GET /analytics?conly=true&visitor_id=313668642&visitor_id_sign=b069f543db16259c3cfd994c855a51d87936a452ddeaf0ba3be58cb6697f32b5c2449dfeb6e49280b577d65e115faae086148a09&pi_opt_in=&campaign_id=146436&account_id=971183&title=Construction%20Accounting%20Software%20by%20FOUNDATION%C2%AE%20\|%20Foundation%20Software&url=https://www.foundationsoft.com/&referrer= HTTP/1.1Host: pi.pardot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visitor_id970183=313668642; visitor_id970183-hash=b069f543db16259c3cfd994c855a51d87936a452ddeaf0ba3be58cb6697f32b5c2449dfeb6e49280b577d65e115faae086148a09
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/runtime~main.23dacaf3.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/9.4a3e9801.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/main~493df0b3.91dc5a14.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/51.558be3c5.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/33.ae4de0a0.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog-categories/response-to-incidents HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835380..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836275907
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hello.foundationsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/css/8.98b34517.chunk.css HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/css/16.22abfce0.chunk.css HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/51.558be3c5.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/33.ae4de0a0.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmsload@1/cmsload.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/22.6b9a301a.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmsnest@1/cmsnest.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-animation@1/animation.esm.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65dcd9aad5690d38a312f5c4_Blog-SlashAndGrab-the-ConnectWise-ScreenConnect-vulnerabilities-explained-p-500.jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/66e88ae0334c01ef01d7b9c6_100m-arr-blog-thumbnail-2%20(1)-p-500.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2 HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7a_Blog%20glitch%20right.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/19.6f85b843.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a93_Blog%20filter%20gradient.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog-categories/response-to-incidents?301e1821_page=2 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835380..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836275907
Source: global traffic	HTTP traffic detected: GET /include/1726835400000/5d3cypit2iz8.js HTTP/1.1Host: js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "576cdc1c0941a520c47b54aef3b463f7"If-Modified-Since: Mon, 21 Aug 2023 14:57:31 GMT
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=EGbODne6buzpTnWrrBprcfAY&theme=dark&size=compact&cb=fi5vsevzfu7t HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/41.b4fc4de2.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a85_Filter%20Glitch%20Top%20Mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7e_Blog%20glitch%20listing%20right.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a55_Gated%20glitch%20banner%20mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65d91c17bbf42843c2ab615d_Blog-Think-your-ScreenConnect-server-is-hacked_v1%20(1).jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65d8f499ba3251bdb3e67c42_Blog-SlashAndGrab-ScreenConnect-Post-Exploitation-in-the-wild-p-500.jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65d56cefb34458516918d259_Rapid%20Response%202-p-500.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=7&site_id=2150031 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://www.foundationsoft.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: QKruN7guoQ/jtGg3BQwsbA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /leadflows.js HTTP/1.1Host: js.hsleadflows.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"7d65c542c3a53442feef1a0f44071183"If-Modified-Since: Thu, 12 Sep 2024 08:49:54 UTC
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmscore@1/cmscore.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.huntress.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents HTTP/1.1Host: cta-service-cms2.hubspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained-2 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/how-to-know-if-your-screenconnect-server-is-hacked HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835397496&i=gtm&dwt=11&ive=blur HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /core/assets/js/20.8c21ea18.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835398038&i=gtm&dwt=9&ive=webkitHidden HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/27.3951aad8.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/14.e24a6190.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/11.639238ba.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296ac3_Close%20Icon.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d2969e1_Secondary%20Text%20CTA%20Black.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655ddcc107aef728354e9c2a/655ddcc107aef728354e9cba_Secondary%20Text%20CTA%20Black.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f42186bd038ff65c2901_managed-edr%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/18.9c1bd1fb.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f58dee0405731067e1bb_hsat.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/49.f7274268.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29698f_Secondary%20Text%20CTA%20Black.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/detection-guidance-for-connectwise-cwe-288-2 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/rapid-response-trickboot HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/critical-vulnerability-exploitation-of-apache-activemq-cve-2023-46604 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66b0e0ae56c636b679619a00_MDRforM365%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66b0e0941952090c965c0771_Managed%20SIEM%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bc11cbdfd171e4de042009_Platform%20Nav%20Image.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd4618974812a59c9e95d9_Managed%20EDR%201%20(2).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296ab1_Icon-HSAT-White.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f6a6428feb6a848b9886_msp.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/40.31ef8dbf.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/29.31d09948.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/21.b8c41db9.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/8.5fdda827.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/16.890a0911.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/24.24e43c3b.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f6ed63c32a0963f64190_reseller.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f74703df956c64c182bd_business-it-teams%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmsload@1/cmsload.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f85803df956c64c29612_success-stories%20(2).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f7e1e53239ee83da1446_soc%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd01d4c0f3634790afea77_Managed%20EDR%201.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296ab2_Icon-EDR-White.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/critical-vulnerability-printnightmare-exposes-windows-servers-to-remote-code-execution HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog-categories/response-to-incidents?301e1821_page=3 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/investigating-unauthorized-access-huntress-qa-environment-incident HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /core/assets/js/22.6b9a301a.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/critical-rce-vulnerability-log4j-cve-2021-44228 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835397496&i=gtm&dwt=11&ive=blur HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd01d451643bcc8140096e_IT%20Business%20Owner%201.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835398038&i=gtm&dwt=9&ive=webkitHidden HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives-embed.js HTTP/1.1Host: js.hubspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=yDTqM.QV_yon5q0wCQwxmm_SMsU9tC.R.bzgeueScyM-1726835357-1.0.1.1-Jm09yUDqJRDaZUBlOBhE7GuqHlpUbXtHk3D1jryOgT2WG97SIcQQKTRs7P0Kps8yh7MI_4q3Sbntjy6ysFL5aQ; _cfuvid=7Kr9.OpOE3xOMKgFNycrVxwF3RIEUG.pXAjb7_zSC.w-1726835357756-0.0.1.1-604800000If-None-Match: W/"edf91c1320ba2916398ed791b63187bc"If-Modified-Since: Wed, 28 Aug 2024 20:01:26 UTC
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd01d41aac1d9f234e41ca_Managed%20EDR%203.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmsnest@1/cmsnest.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7a_Blog%20glitch%20right.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents HTTP/1.1Host: cta-service-cms2.hubspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=yDTqM.QV_yon5q0wCQwxmm_SMsU9tC.R.bzgeueScyM-1726835357-1.0.1.1-Jm09yUDqJRDaZUBlOBhE7GuqHlpUbXtHk3D1jryOgT2WG97SIcQQKTRs7P0Kps8yh7MI_4q3Sbntjy6ysFL5aQ; _cfuvid=7Kr9.OpOE3xOMKgFNycrVxwF3RIEUG.pXAjb7_zSC.w-1726835357756-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65dcd9aad5690d38a312f5c4_Blog-SlashAndGrab-the-ConnectWise-ScreenConnect-vulnerabilities-explained-p-500.jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd01d4a30f479eabb0011a_M365%203.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644e7fbb21af831cdb00ec6_chat-bubble%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/66e88ae0334c01ef01d7b9c6_100m-arr-blog-thumbnail-2%20(1)-p-500.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-animation@1/animation.esm.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3911692.js HTTP/1.1Host: js.hs-scripts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Fri, 20 Sep 2024 12:27:35 GMT
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a93_Blog%20filter%20gradient.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f34cd010502d85a6afc0_calendar%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmscore@1/cmscore.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/17.413337a8.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a55_Gated%20glitch%20banner%20mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f36bcdd664ac55be1293_checklist%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a85_Filter%20Glitch%20Top%20Mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /leadflows.js HTTP/1.1Host: js.hsleadflows.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"7d65c542c3a53442feef1a0f44071183"If-Modified-Since: Thu, 12 Sep 2024 08:49:54 UTC
Source: global traffic	HTTP traffic detected: GET /core/assets/js/41.b4fc4de2.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/19.6f85b843.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/14.e24a6190.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/20.8c21ea18.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /include/1726835400000/5d3cypit2iz8.js HTTP/1.1Host: js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "576cdc1c0941a520c47b54aef3b463f7"If-Modified-Since: Mon, 21 Aug 2023 14:57:31 GMT
Source: global traffic	HTTP traffic detected: GET /core/assets/js/27.3951aad8.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog-categories/response-to-incidents?301e1821_page=2 HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained-2 HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/how-to-know-if-your-screenconnect-server-is-hacked HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835401583&i=gtm&dwt=143&ive=webkitHidden HTTP/1.1Host: q.quora.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7e_Blog%20glitch%20listing%20right.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65d8f499ba3251bdb3e67c42_Blog-SlashAndGrab-ScreenConnect-Post-Exploitation-in-the-wild-p-500.jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66cf90834916604f4370fac3_integrations-07.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65d56cefb34458516918d259_Rapid%20Response%202-p-500.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66db4dad5c35dc85c909a6a0_Partner%20Enablement.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296939/65d91c17bbf42843c2ab615d_Blog-Think-your-ScreenConnect-server-is-hacked_v1%20(1).jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd3937b555ca8e0b628b51_TT%20Logo.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd3bf02edc81af0185ab74_Fireside%20Logo%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /655ddcc107aef728354e9c2a/655ddcc107aef728354e9cba_Secondary%20Text%20CTA%20Black.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd395ec38c5cf450eaaca9_Group%2041159.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d2969e1_Secondary%20Text%20CTA%20Black.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/658e2de87a397cda82fad047_Huntress_Logo_Wide_Teal%5B1%5D.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/11.639238ba.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/targeted-apt-activity-babyshark-is-out-for-blood HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/microsoft-office-remote-code-execution-follina-msdt-bug HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/threat-advisory-hackers-are-selling-access-to-msps HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/new-0-day-vulnerabilities-found-in-microsoft-exchange HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /core/assets/js/18.9c1bd1fb.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/threat-advisory-qakbot-activity-is-rising HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /core/assets/js/49.f7274268.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/css/4.07aa08a5.chunk.css HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/0.0b2ebd4a.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835401583&i=gtm&dwt=143&ive=webkitHidden HTTP/1.1Host: q.quora.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd36c1df784bfdc36451b0_Managed%20EDR%203%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296ac3_Close%20Icon.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd36cef95e73f013d7f944_M365%203%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f42186bd038ff65c2901_managed-edr%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd36d42685c82309c6be63_HSAT%203%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66e8480cc91b5fc3539be36f_Managed%20EDR%202%20(1).png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f8c5a5060320c7f49b85_leadership%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29698f_Secondary%20Text%20CTA%20Black.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/40.31ef8dbf.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/29.31d09948.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f58dee0405731067e1bb_hsat.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/24.24e43c3b.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f8e69bff560c4991106c_bullhorn%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/incident-response-choose-your-own-adventure-exercise HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66b0e0941952090c965c0771_Managed%20SIEM%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/detection-guidance-for-connectwise-cwe-288-2 HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/critical-vulnerability-exploitation-of-apache-activemq-cve-2023-46604 HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/rapid-response-trickboot HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers HTTP/1.1Host: www.huntress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836298000
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66b0e0ae56c636b679619a00_MDRforM365%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/8.5fdda827.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f6a6428feb6a848b9886_msp.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296ab1_Icon-HSAT-White.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd4618974812a59c9e95d9_Managed%20EDR%201%20(2).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/66be4ae62c6f0b71cf910808_awards_icon.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f952c393b09d64bbb728_caereers%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/657b2a3b1f11ca0d1f210bad_Icon-SAT-Content.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/660da63009a196dfeb26efb4_Testimonial_CascadeTechnologies_Small.jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd4300f95e73f013e09901_M365%201%20(1).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bc11cbdfd171e4de042009_Platform%20Nav%20Image.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd430a9ffbd1551fa49ccf_HSAT%201.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f6ed63c32a0963f64190_reseller.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/16.890a0911.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f85803df956c64c29612_success-stories%20(2).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/21.b8c41db9.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/js/17.413337a8.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/css/1.12ba17b6.chunk.css HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /core/assets/css/26.5208cc6b.chunk.css HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=0044150e-5d5d-4959-818c-e94ff049406a&sessionStarted=1726835383.868&campaignRefreshToken=183ed74a-ac27-41fc-a1c9-3618e0225fed&pageLoadStartTime=1726835344654&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_emailAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/veeam-backup-replication-cve-2023-27532-response HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/everything-we-know-about-cve-2023-23397 HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/critical-vulnerabilities-in-papercut-print-management-software HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /blog/threat-advisory-xmrig-crypto-mining-by-way-of-teamviewer HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /core/assets/js/0.0b2ebd4a.chunk.js HTTP/1.1Host: rc-widget-frame.js.driftt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/moveit-transfer-critical-vulnerability-rapid-response HTTP/1.1Host: www.huntress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/blog-categories/response-to-incidentsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.token=4febcc48-11bd-4be6-a133-ce27cbd26c0c; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session=5321f4ee-4431-456c-9fc4-ca9e87feae6b; mutiny.user.session_number=1; mutiny.user.session_number=1; _sp_ses.1564=*; _rdt_uuid=1726835352266.817e47f3-3def-4930-9b06-a0005d41eba1; _gcl_au=1.1.173469610.1726835350.364559002.1726835352.1726835352; _ga_GCTMBVFESS=GS1.1.1726835353.1.0.1726835353.60.0.0; _ga=GA1.1.802109752.1726835353; __spdt=1917ea7c0c654d13971c7b5f61eb18d5; sa-u-source=hs_email; sa-u-date=2024-09-20T12:29:14.958Z; sa-user-id=s%253A0-44ef61b2-fe37-563b-497a-08aac775d996.HUZAD87nGmfB6ts9monpnGc74iU%252BnIDtZVp3vzenSYI; sa-user-id-v2=s%253ARO9hsv43VjtJegiqx3XZlggueyE.f1DEnV0kSRDqXApJa8DQm75QGQfLI69IqPby0eTbqqo; sa-user-id-v3=s%253AAQAKIPMD_qM83gEw_KpANQ1k_u5OM7M1EA1HSai3RTqI7aomEHwYBCCb1bW3BjABOgT87-jmQgRE1Zzk.eNrSOL7PeCR%252BOtibvooVqq7ObUEv5%252BSNuwF%252BSNTLTHw; _uetsid=f3f1cd40774b11ef8c236b760e7c7256; _uetvid=f3f2c300774b11efada401c2fdee9d80; _fbp=fb.1.1726835358379.798225651589239556; _gd_visitor=5a7b4e78-7250-46bb-810a-5b66e9984afa; _gd_session=1fda1c52-0ec5-4295-84aa-dc9bc5875e94; _hjSessionUser_2159185=eyJpZCI6IjU1ZWU1YTkxLWMyMTEtNWJjNS1iZDVlLTZlMTllYzViZjA5ZSIsImNyZWF0ZWQiOjE3MjY4MzUzNTg2MDMsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_2159185=eyJpZCI6IjY0MzhkOWQzLWZlMWUtNDE5My1hZjdhLTZkOWMzMGViZGNiOSIsImMiOjE3MjY4MzUzNTg2MDcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; _an_uid=0; sp=98c3a97b-daae-4277-8045-7e9e8d86d91c; _zitok=c59f3dabf15c2190f28e1726835373; drift_campaign_refresh=183ed74a-ac27-41fc-a1c9-3618e0225fed; _sp_id.1564=197e4f69-5e53-424b-920b-ed6bec43868e.1726835351.1.1726835396..20298ebe-c783-4268-9b74-e21b2005ebc5..c9b9f32c-669c-4802-bfaf-204ab8da95b9.1726835369856.4; _dd_s=rum=2&id=66aed457-8be4-4d29-91ac-c4ebdb0aa932&created=1726835350843&expire=1726836294849
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd42dcb44336a1f210c24c_Managed%20EDR%203%20(2).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f7e1e53239ee83da1446_soc%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6644f74703df956c64c182bd_business-it-teams%20(1).webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd01d4c0f3634790afea77_Managed%20EDR%201.svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65bd42f4c995899f6082c903_M365%203%20(2).svg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/65edee5e9d94c555ff4fb329_Huntress-Default-Thumbnail-365x274.jpg HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a01_Blog%20Filter%20Glitch%20banner%20mobile.webp HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr	String found in binary or memory: $('[data-share-facebook').attr('href', 'https://www.facebook.com/sharer/sharer.php?u=' + url); equals www.facebook.com (Facebook)
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr	String found in binary or memory: $('[data-share-linkedin').attr('href', 'https://www.linkedin.com/shareArticle?mini=true&url=' + url); equals www.linkedin.com (Linkedin)
Source: chromecache_614.2.dr	String found in binary or memory: "https://www.facebook.com/foundationsoft", equals www.facebook.com (Facebook)
Source: chromecache_614.2.dr	String found in binary or memory: "https://www.linkedin.com/company/foundation-software/", equals www.linkedin.com (Linkedin)
Source: chromecache_605.2.dr	String found in binary or memory: Have You Scanned Your BIOS Recently?</a></li><li><a href="https://www.youtube.com/watch?v=P3yMXspLzoY" target="_blank">2017 equals www.youtube.com (Youtube)
Source: chromecache_605.2.dr	String found in binary or memory: The UEFI Firmware Rootkits: Myths and Reality</a></li><li><a href="https://www.youtube.com/watch?v=dpG97TBR3Ys" target="_blank">2018 equals www.youtube.com (Youtube)
Source: chromecache_605.2.dr	String found in binary or memory: UEFI technology: say hello to the Windows 8 bootkit!</a></li><li><a href="https://www.youtube.com/watch?v=QDSlWa9xQuA" target="_blank">2015 equals www.youtube.com (Youtube)
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: Webinar</a></li><li><a href="https://www.huntress.com/neighborhood-watch-program/internal-license-request">Neighborhood Watch Program (free coverage for MSPs)</a></li><li><a href="https://www.youtube.com/watch?v=tUhu1c8ulLE" target="_blank">Atomics on Friday \|\| ConnectWise Connections</a> equals www.youtube.com (Youtube)
Source: chromecache_428.2.dr	String found in binary or memory: is trivial and embarrassingly easy.</strong></p><p>Below is a video demonstration of our recreated proof-of-concept exploit, which performs the simple authentication bypass but takes it a step further to showcase remote code execution.</p><div class="w-embed w-iframe"><iframe width="700" height="395" src="https://www.youtube.com/embed/AWGoGO5jnvY?si=QVZ66js3CVQEZlVY" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe></div><div class="w-embed"><a name="our-analysis"></a></div><h2><strong>Our Analysis</strong></h2><p>When the Huntress team was made aware of the ConnectWise advisory, our team began to dig into what changes were made in the patch that could help explain what these vulnerabilities were.</p><p>We could simply look for the differences between code present in the new, patched version, and the previous, unpatched version. Creating a local testing environment for both of these states of the ScreenConnect software, we could easily see the delta that might clue us into the potential exploit.</p><p>We observed that these files differed: equals www.youtube.com (Youtube)
Source: chromecache_386.2.dr	String found in binary or memory: </p><p>Check out the below video to watch our interview with <a href="https://www.linkedin.com/company/mspmediatv/" target="_blank">MSP Media Network</a> equals www.linkedin.com (Linkedin)
Source: chromecache_967.2.dr	String found in binary or memory: </style></div></div></div></div></div><div class="social-share-icon-mobile"><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a73_Path%2073610.svg" loading="lazy" alt="Share icon"/></div></section><section class="blog-detail-content-section"><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp" loading="eager" alt="Glitch effect" class="landing-banner-shape-8 blog-detail-landing-banner-shape-8"/><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp" loading="lazy" alt="Glitch effect" class="landing-banner-shape-8 blog-detail-landing-banner-glitch-2"/><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp" loading="lazy" alt="Glitch effect" class="landing-banner-shape-8 blog-right-glitch"/><div class="w-layout-blockcontainer container-width-1143 w-container"><div class="blog-detail-content-wrapper"><div class="blog-main-section"><div class="post-wrapper"><div class="blog-post-summary-main"><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp" loading="eager" alt="Glitch banner" class="blog-post-summary-main-glitch-top"/><div fs-richtext-sanitize="true" fs-richtext-element="rich-text" class="blog-post-summary first w-richtext"><p>On Thursday, September 28, 2023, software vendor <a href="https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023" target="_blank">Progress released a security advisory</a> for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.</p><p>These vulnerabilities were disclosed as:</p><ul role="list"><li><a href="https://www.cve.org/CVERecord?id=CVE-2023-40044" target="_blank">CVE-2023-40044</a> (CVSS: 10)</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2023-42657" target="_blank">CVE-2023-42657</a> (CVSS 9.9)</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2023-40045" target="_blank">CVE-2023-40045</a> (CVSS 8.3)</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2023-40046" target="_blank">CVE-2023-40046</a> (CVSS 8.2)</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2023-40048" target="_blank">CVE-2023-40048</a> (CVSS 6.8)</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2022-27665" target="_blank">CVE-2022-27665</a> (CVSS 6.1)</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2023-40049" target="_blank">CVE-2023-40049</a> (CVSS 5.3)</li></ul><p>Most notable amongst these were CVE-2023-40044 and CVE-2023-42657, both critical severity issues. Throughout this past weekend, the cybersecurity industry has been chasing CVE-2023-40044 specifically.</p><h2>What We Know So Far</h2><p><a href="https://community.progress.com/s/article/
Source: chromecache_834.2.dr, chromecache_886.2.dr	String found in binary or memory: </style></div></div></div></div></div><div class="social-share-icon-mobile"><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a73_Path%2073610.svg" loading="lazy" alt="Share icon"/></div></section><section class="blog-detail-content-section"><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp" loading="eager" alt="Glitch effect" class="landing-banner-shape-8 blog-detail-landing-banner-shape-8"/><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp" loading="lazy" alt="Glitch effect" class="landing-banner-shape-8 blog-detail-landing-banner-glitch-2"/><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp" loading="lazy" alt="Glitch effect" class="landing-banner-shape-8 blog-right-glitch"/><div class="w-layout-blockcontainer container-width-1143 w-container"><div class="blog-detail-content-wrapper"><div class="blog-main-section"><div class="post-wrapper"><div class="blog-post-summary-main"><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp" loading="eager" alt="Glitch banner" class="blog-post-summary-main-glitch-top"/><div fs-richtext-sanitize="true" fs-richtext-element="rich-text" class="blog-post-summary first w-richtext"><p>Our team is currently investigating new 0-day vulnerabilities in Microsoft Exchange servers that could lead to Remote Code Execution (RCE) for an authenticated user.</p><figure style="max-width:1382pxpx" class="w-richtext-align-fullwidth w-richtext-figure-type-image"><div><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ed3_image1-4.png" alt="ThreatOps team Slack screenshot" loading="lazy"/></div></figure><p>Our ThreatOps team discovered <a href="https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html" target="_blank">this blog</a>, and the team began to research and see if anyone else in the community had flagged it. We found <a href="https://twitter.com/GossiTheDog/status/1575580072961982464" target="_blank">this tweet</a> from Security Researcher Kevin Beaumont, where he notes that equals www.twitter.com (Twitter)
Source: chromecache_834.2.dr, chromecache_886.2.dr	String found in binary or memory: <strong><em>authenticated</em></strong> adversary. Currently, no official patch has been released by Microsoft yet.</p><p><a href="https://twitter.com/GossiTheDog/status/1575813395835547651" target="_blank">Kevin Beaumount has pointed out that there is still a risk to Exchange Online users</a>, as a significant number may be running a hybrid server that migrated to Exchange Online and are still vulnerable to this post-authentication threat. Shodan reports over 1,200 potentially vulnerable endpoints with this attack surface.</p><figure style="max-width:1874pxpx" class="w-richtext-align-fullwidth w-richtext-figure-type-image"><div><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ed2_image-png-Sep-30-2022-02-24-23-31-PM.png" alt="Shodan reports over 1,200 potentially vulnerable endpoints" loading="lazy"/></div></figure><p>The freely available Microsoft Defender antivirus will detect the current publicly known post-exploitation attempts as <a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:ASP/Webshell.Y" target="_blank"><strong>Backdoor:ASP/Webshell.Y</strong></a> and <a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/RewriteHttp.A" target="_blank"><strong>Backdoor:Win32/RewriteHttp.A</strong></a>.</p><h2><strong>What Huntress Partners Need to Know</strong></h2><p>We equals www.twitter.com (Twitter)
Source: chromecache_749.2.dr, chromecache_810.2.dr, chromecache_443.2.dr, chromecache_570.2.dr, chromecache_398.2.dr	String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Uj:function(){e=zb()},ld:function(){d()}}};var gc=ja(["data-gtm-yt-inspected-"]),vC=["www.youtube.com","www.youtube-nocookie.com"],wC,xC=!1; equals www.youtube.com (Youtube)
Source: chromecache_570.2.dr	String found in binary or memory: N.getElementsByTagName("iframe"),la=R.length,na=0;na<la;na++)if(!u&&c(R[na],H.Ce)){WI("https://www.youtube.com/iframe_api");u=!0;break}})}}else E(v.vtp_gtmOnSuccess)}var q=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,u=!1;Y.__ytl=n;Y.__ytl.o="ytl";Y.__ytl.isVendorTemplate=!0;Y.__ytl.priorityOverride=0;Y.__ytl.isInfrastructure=!1; equals www.youtube.com (Youtube)
Source: chromecache_443.2.dr, chromecache_398.2.dr, chromecache_763.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=dA(a,c,e);M(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return M(122),!0;if(d&&f){for(var m=Kb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},gA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_406.2.dr	String found in binary or memory: check out </strong><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190" target="_blank"><strong>Microsoft's update</strong></a><strong> for the full list.</strong></p><p>Below, the code fails to execute on Windows 10:</p><figure class="w-richtext-align-center w-richtext-figure-type-image"><div><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f36_image%2520(7)-1.png" alt="image (7)-1" loading="lazy"/></div></figure><p>In the below image, the raw command fails on Windows 10:<br/></p><figure class="w-richtext-align-center w-richtext-figure-type-image"><div><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f20_image%2520(9).png" alt="image (9)" loading="lazy"/></div></figure><p><strong>UPDATE 11:16pm ET May 30, 2022:</strong></p><p>Microsoft has now revealed the CVE identifier for this vulnerability is <strong>CVE-2022-30190</strong>, including a Security Update and article with guidance... but no patch looks to be available as of yet.</p><ul role="list"><li><a href="https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/">https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/</a></li><li><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190">https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190</a></li></ul><h3>Jump Links</h3><p><a href="#">Understanding the Exploit</a></p><p><a href="#">Detection Efforts</a></p><p><a href="#">Mitigation Efforts</a></p><p><a href="#">The Non-Technical Version of What's Happening</a></p><p><a href="#">Further Reading</a></p><p>Huntress is keeping a close eye on the developing threat of a zero-click remote code execution technique used through MSDT (Microsoft Diagnostics Tool) and Microsoft Office utilities, namely Microsoft Word. Throughout the next coming days, we expect exploitation attempts in the wild through email-based delivery.</p><p>In this article, we will discuss recreating the attack vector, detection efforts and potential mitigation steps.</p><p><strong>If you are seeking guidance on how to keep your users safe rather than an in-depth explanation of the vulnerability, the short answer is to let them know that there is a newly discovered vulnerability in MS Word (and likely other MS Office apps) that could install malware so they should be especially vigilant about opening any attachments. They should also be made aware that this exploit can be triggered with a hover-preview of a downloaded file that does not require any clicks (post download). There are additional suggestions for mitigation actions at the bottom of this post.</strong></p><h2>Understanding the Exploit</h2><p>The Huntress team obtained the sample <a href="https://twitter.com/nao_sec/status/1530196847679401984" target="_blank">first shared by
Source: chromecache_443.2.dr, chromecache_398.2.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={Vg:e,Tg:f,Ug:g,Dh:k,Eh:m,Ce:n,Ab:b},q=z.YT;if(q)return q.ready&&q.ready(d),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();d()};E(function(){for(var t=D.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(GC(w,"iframe_api")\|\|GC(w,"player_api"))return b}for(var x=D.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!xC&&EC(x[A],p.Ce))return wc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_386.2.dr	String found in binary or memory: or keep reading to learn more.</p><figure style="padding-bottom:56.25%" class="w-richtext-align-fullwidth w-richtext-figure-type-video"><div><iframe src="https://www.youtube.com/embed/1E78M_EUF0Y?feature=oembed" frameborder="0" allowfullscreen="allowfullscreen"></iframe></div></figure><h3><strong>1. The threat primarily comes in via email.</strong> equals www.youtube.com (Youtube)
Source: chromecache_950.2.dr, chromecache_487.2.dr, chromecache_393.2.dr, chromecache_385.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: return b}tC.H="internal.enableAutoEventOnTimer";var gc=ja(["data-gtm-yt-inspected-"]),vC=["www.youtube.com","www.youtube-nocookie.com"],wC,xC=!1; equals www.youtube.com (Youtube)
Source: chromecache_956.2.dr	String found in binary or memory: return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var b=f.getFbeventsModules("signalsFBEventsGetTier"),c=d();function d(){try{if(a.trustedTypes&&a.trustedTypes.createPolicy){var b=a.trustedTypes;return b.createPolicy("facebook.com/signals/iwl",{createScriptURL:function(a){var b=new URL(a);b=b.hostname.endsWith(".facebook.com")&&b.pathname=="/signals/iwl.js";if(!b)throw new Error("Disallowed script URL");return a}})}}catch(a){}return null}e.exports=function(a,d){d=b(d);d=d==null?"www.facebook.com":"www."+d+".facebook.com";d="https://"+d+"/signals/iwl.js?pixel_id="+a;if(c!=null)return c.createScriptURL(d);else return d}})();return e.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_956.2.dr	String found in binary or memory: return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_956.2.dr	String found in binary or memory: return function(f,g,h,i){var j={exports:{}};j.exports;(function(){"use strict";var a={ENDPOINT:"https://www.facebook.com/tr/",INSTAGRAM_TRIGGER_ATTRIBUTION:"https://www.instagram.com/tr/",AEM_ENDPOINT:"https://www.facebook.com/.well-known/aggregated-event-measurement/",GPS_ENDPOINT:"https://www.facebook.com/privacy_sandbox/pixel/register/trigger/",TOPICS_API_ENDPOINT:"https://www.facebook.com/privacy_sandbox/topics/registration/"};j.exports=a})();return j.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_749.2.dr, chromecache_810.2.dr, chromecache_443.2.dr, chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr	String found in binary or memory: var IB=function(a,b,c,d,e){var f=Bz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Bz("fsl","nv.ids",[]):Bz("fsl","ids",[]);if(!g.length)return!0;var k=Gz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if(m==="https://www.facebook.com/tr/")return M(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!oy(k,qy(b, equals www.facebook.com (Facebook)
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: ve <a href="https://www.youtube.com/watch?v=WRnXzHfpMWs&t=3037s" target="_blank">given in a dozen or so presentations</a> on this topic, the first phone calls we made were to our legal and insurance teams. equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.cyderes.com
Source: global traffic	DNS traffic detected: DNS query: www.huntress.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.prod.website-files.com
Source: global traffic	DNS traffic detected: DNS query: client-registry.mutinycdn.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: gist.github.com
Source: global traffic	DNS traffic detected: DNS query: d3e54v103j8qbb.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: tools.refokus.com
Source: global traffic	DNS traffic detected: DNS query: js.hs-scripts.com
Source: global traffic	DNS traffic detected: DNS query: www.datadoghq-browser-agent.com
Source: global traffic	DNS traffic detected: DNS query: js.driftt.com
Source: global traffic	DNS traffic detected: DNS query: github.githubassets.com
Source: global traffic	DNS traffic detected: DNS query: static.huntresscdn.com
Source: global traffic	DNS traffic detected: DNS query: js.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: js.hsleadflows.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-banner.com
Source: global traffic	DNS traffic detected: DNS query: js.hs-analytics.net
Source: global traffic	DNS traffic detected: DNS query: api-v2.mutinyhq.io
Source: global traffic	DNS traffic detected: DNS query: js.hsadspixel.net
Source: global traffic	DNS traffic detected: DNS query: js.hscollectedforms.net
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: browser-intake-datadoghq.com
Source: global traffic	DNS traffic detected: DNS query: www.redditstatic.com
Source: global traffic	DNS traffic detected: DNS query: a.quora.com
Source: global traffic	DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic	DNS traffic detected: DNS query: j.6sc.co
Source: global traffic	DNS traffic detected: DNS query: static.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: cdn.neverbounce.com
Source: global traffic	DNS traffic detected: DNS query: cta-service-cms2.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: forms.hscollectedforms.net
Source: global traffic	DNS traffic detected: DNS query: trk.techtarget.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: tags.srv.stackadapt.com
Source: global traffic	DNS traffic detected: DNS query: pixel.byspotify.com
Source: global traffic	DNS traffic detected: DNS query: tracking.g2crowd.com
Source: global traffic	DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: pixel-config.reddit.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: q.quora.com
Source: global traffic	DNS traffic detected: DNS query: alb.reddit.com
Source: global traffic	DNS traffic detected: DNS query: forms.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: perf-na1.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: pixels.spotify.com
Source: global traffic	DNS traffic detected: DNS query: ibc-flow.techtarget.com
Source: global traffic	DNS traffic detected: DNS query: script.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: api.neverbounce.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: analytics.twitter.com
Source: global traffic	DNS traffic detected: DNS query: secure.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: c.6sc.co
Source: global traffic	DNS traffic detected: DNS query: ipv6.6sc.co
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: b.6sc.co
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: forms.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: webhooks.fivetran.com
Source: global traffic	DNS traffic detected: DNS query: t.huntress.com
Source: global traffic	DNS traffic detected: DNS query: js.zi-scripts.com
Source: global traffic	DNS traffic detected: DNS query: track.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: ws.zoominfo.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.foundationsoft.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: hello.foundationsoft.com
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: cdn.schemaapp.com
Source: global traffic	DNS traffic detected: DNS query: data.schemaapp.com
Source: global traffic	DNS traffic detected: DNS query: info.foundationsoft.com
Source: global traffic	DNS traffic detected: DNS query: secure.main5poem.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: ws.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: content.hotjar.io
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net
Source: global traffic	DNS traffic detected: DNS query: rc-widget-frame.js.driftt.com
Source: global traffic	DNS traffic detected: DNS query: customer.api.drift.com
Source: global traffic	DNS traffic detected: DNS query: conversation.api.drift.com
Source: global traffic	DNS traffic detected: DNS query: metrics.api.drift.com
Source: global traffic	DNS traffic detected: DNS query: targeting.api.drift.com
Source: global traffic	DNS traffic detected: DNS query: pi.pardot.com
Source: global traffic	DNS traffic detected: DNS query: bootstrap.api.drift.com
Source: global traffic	DNS traffic detected: DNS query: 5092804-4.chat.api.drift.com
Source: global traffic	DNS traffic detected: DNS query: api.hubapi.com

Source: unknown

HTTP traffic detected: POST /v2/b HTTP/1.1Host: api-v2.mutinyhq.ioConnection: keep-aliveContent-Length: 261sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://www.huntress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.huntress.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Fri, 20 Sep 2024 12:29:22 GMTserver: envoyContent-Length: 0strict-transport-security: max-age=31536000x-content-type-options: nosniffVia: HTTP/2 edgeproxy, 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Fri, 20 Sep 2024 12:30:15 GMTserver: envoyContent-Length: 0strict-transport-security: max-age=31536000x-content-type-options: nosniffVia: HTTP/2 edgeproxy, 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: http://103.163.187.12:8080/cz3eKnhcaD0Fik7Eexo66A
Source: chromecache_608.2.dr	String found in binary or memory: http://172.245.16
Source: chromecache_608.2.dr	String found in binary or memory: http://4.216.93
Source: chromecache_608.2.dr	String found in binary or memory: http://45.32.120
Source: chromecache_606.2.dr, chromecache_526.2.dr	String found in binary or memory: http://bit.ly/sp-js)
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: http://cyberdrain.com/
Source: chromecache_600.2.dr, chromecache_940.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_912.2.dr, chromecache_960.2.dr	String found in binary or memory: http://opensource.org/licenses/BSD-2-Clause
Source: chromecache_912.2.dr, chromecache_960.2.dr	String found in binary or memory: http://opensource.org/licenses/GPL-2.0
Source: chromecache_605.2.dr	String found in binary or memory: http://phrack.org/issues/66/7.html
Source: chromecache_605.2.dr	String found in binary or memory: http://rweverything.com/
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000077359549
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735954e
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000077359558
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735955e
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000077359562
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000077359564
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000077359577
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735957a
Source: chromecache_442.2.dr, chromecache_683.2.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_629.2.dr, chromecache_429.2.dr, chromecache_780.2.dr	String found in binary or memory: http://www.hubspot.com
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: http://www.reddit.com/submit?url=
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://1.1.1.1/
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://1.1.1.1/pt-BR/dns/
Source: chromecache_570.2.dr	String found in binary or memory: https://a.quora.com/qevents.js
Source: chromecache_608.2.dr	String found in binary or memory: https://activemq.apache.org/activemq-command-line-tools-reference.html
Source: chromecache_608.2.dr	String found in binary or memory: https://activemq.apache.org/components/classic/download/
Source: chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_614.2.dr	String found in binary or memory: https://api.w.org/
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://assets-global.website-files.com/655d92689c415e9fefcf2368/655efb41f4bb20e00c9cfe91_Group%2039
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://assets-global.website-files.com/655d92689c415e9fefcf2368/656441d92b1162f7be36d189_FAQ%20arro
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://assets-global.website-files.com/655d92689c415e9fefcf2368/656586dc3bab343494e5e662_Group%2011
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://assets-global.website-files.com/655d92689c415e9fefcf2368/656586dcbfdb733f67438298_Group%2049
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://aws.amazon.com/blogs/security/forensic-investigation-environment-strategies-in-the-aws-cloud
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://benjamin-altpeter.de/shell-openexternal-dangers/
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Source: chromecache_605.2.dr	String found in binary or memory: https://blog.huntresslabs.com/assisted-remediation-in-action-a1e564e759a6
Source: chromecache_605.2.dr	String found in binary or memory: https://blog.huntresslabs.com/huntress-service-ransomware-canaries-2f7f586b8f1e
Source: chromecache_605.2.dr	String found in binary or memory: https://blog.huntresslabs.com/tried-and-true-hacker-technique-dos-obfuscation-400b57cd7dd
Source: chromecache_749.2.dr, chromecache_950.2.dr, chromecache_487.2.dr, chromecache_393.2.dr, chromecache_810.2.dr, chromecache_443.2.dr, chromecache_385.2.dr, chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_397.2.dr, chromecache_386.2.dr, chromecache_624.2.dr, chromecache_407.2.dr, chromecache_617.2.dr, chromecache_834.2.dr, chromecache_819.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr, chromecache_406.2.dr, chromecache_886.2.dr, chromecache_894.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/medium-zoom
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-rig
Source: chromecache_1004.2.dr, chromecache_397.2.dr, chromecache_386.2.dr, chromecache_624.2.dr, chromecache_617.2.dr, chromecache_834.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr, chromecache_406.2.dr, chromecache_886.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Tex
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296993_Image%20180.svg
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a1c_CTA-Home.webp
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%2
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a73_Path%2073610.sv
Source: chromecache_1004.2.dr, chromecache_397.2.dr, chromecache_386.2.dr, chromecache_624.2.dr, chromecache_617.2.dr, chromecache_834.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr, chromecache_406.2.dr, chromecache_886.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%2
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%2
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a91_Gated%20glitch%
Source: chromecache_1004.2.dr, chromecache_397.2.dr, chromecache_386.2.dr, chromecache_624.2.dr, chromecache_407.2.dr, chromecache_617.2.dr, chromecache_834.2.dr, chromecache_819.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr, chromecache_406.2.dr, chromecache_886.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296ad7_Secondary%20Tex
Source: chromecache_1004.2.dr, chromecache_397.2.dr, chromecache_386.2.dr, chromecache_624.2.dr, chromecache_617.2.dr, chromecache_834.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr, chromecache_406.2.dr, chromecache_886.2.dr, chromecache_894.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-hal
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.p
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6603101ade570b07f0fb6625_android-chrome-
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-hal
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.css
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.28c3b280d.js
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c39_rzZJNq3S5iKvDjR
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c4b_HiOGTRQ7ADbC3jH
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c6a_3HUtyDCAietS-TR
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c82_GYP8fynEdzoA7Db
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c83_y2RriP0M-ZywnR3
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c84_kYl9Coq_171Ftie
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296c86_ejrLkwloT4wUwGN
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296cac_Rapid%2520Respo
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296cb0_MBJgjmYbZpacDYc
Source: chromecache_415.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296d01_rctGf5wf78mKYDO
Source: chromecache_507.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296d14_MOVEit%2520reca
Source: chromecache_480.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296eed_BlogHeader-Resp
Source: chromecache_828.2.dr, chromecache_480.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296eff_image2-2.png
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f1d_BlogHeader-Rapi
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f28_AGk0z-N6EKRpqyo
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f2c_AGk0z-MJoFmNdQJ
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f2d_AGk0z-MOs9U3ALZ
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f2f_AGk0z-NzyeIhzJV
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f3b_AGk0z-Mc4d4pkjO
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f3c_AGk0z-MZ0yjTaz7
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f3e_AGk0z-P6kTLiPey
Source: chromecache_1000.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296fef_BlogHeader-Resp
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ff0_QA2.png
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ff1_QA1.png
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ff2_QA%2520Blog%252
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ff3_Copy%2520of%252
Source: chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ed_BlogHeader-Resp
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970f5_image%2520(1)-3
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970f6_image%2520(5)-1
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970f8_image%2520(4)-1
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970f9_image-Mar-06-20
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970fa_vgzKkKUHsFBZT0r
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970fb_image%2520(2)-2
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970fc_image%2520(3).p
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970fe_kBCcmTrHJmqRbDl
Source: chromecache_397.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d297120_Qakbot-Malware-
Source: chromecache_415.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d29712a_Response-to-Inc
Source: chromecache_605.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d29715c_Annie%20Ballew.
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2971ea_Screenshot%2520
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2971eb_MFtcWTzYWPh19QK
Source: chromecache_387.2.dr, chromecache_541.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/657cbded6bf7002bcf82db6d_Huntress%20Free
Source: chromecache_608.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/658104e3dfbc6796e2532cc0_Critical%20Vuln
Source: chromecache_605.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65810894c628f8f736f54859_Rapid%20Respons
Source: chromecache_387.2.dr, chromecache_541.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/658cbd1d4205f28754cb22bf_secure-endpoint
Source: chromecache_880.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d4f7eaefe0eedab65efac0_rI0fxWGKQYEOCPv
Source: chromecache_428.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d5587816961aa1bccf46e7_bCQT10Rn49nJ0hf
Source: chromecache_428.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d558784370931755195cac_VOF-6GVi8aXEkUn
Source: chromecache_428.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d55878e0bce79d5469d328_3UiSOzyngYMkZ2T
Source: chromecache_428.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d55879cb2af12170f04f97_Es0JkQJKuG-5Dji
Source: chromecache_428.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d56cefb34458516918d259_Rapid%20Respons
Source: chromecache_880.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d64d16df7c4f9ca83fc13a_ConnectWise%20C
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d91c17bbf42843c2ab615d_Blog-Think-your
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d91f61d8c9fc9c27d1c706_code%20image.pn
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65db9ab37d65c02ae75c55cb_ep73oXQNB2PXELJ
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65db9ab37eb940ee3761eab3_b-Do8ggd_gx_2aN
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65db9ab38742134620e8713f_XLXWdQujVraidkH
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65db9ab3a8fcf334ff2fb03a_KsupFXO_dTKN-Vm
Source: chromecache_440.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65dcd9aad5690d38a312f5c4_Blog-SlashAndGr
Source: chromecache_387.2.dr, chromecache_541.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65dd200bc8571c720dc43767_Huntress-SlashA
Source: chromecache_736.2.dr, chromecache_632.2.dr, chromecache_892.2.dr, chromecache_397.2.dr, chromecache_834.2.dr, chromecache_406.2.dr, chromecache_886.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66144ca5e4117fba97085be3_john-hammond-he
Source: chromecache_507.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66144fe5e4117fba970b7790_Joe%20Slowik.we
Source: chromecache_828.2.dr, chromecache_480.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6616df84b71288f323ee418a_Harlan%20Carvey
Source: chromecache_440.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66ae91e65a631306c4b10215_65dd200bc8571c7
Source: chromecache_452.2.dr, chromecache_894.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66e88ae0334c01ef01d7b9c6_100m-arr-blog-t
Source: chromecache_837.2.dr, chromecache_452.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66e88ca4db87912b833221bc_AD_4nXfOwDpF0yB
Source: chromecache_837.2.dr, chromecache_452.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66e88d0290d2adece032129c_AD_4nXdt94nQfK9
Source: chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_387.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_624.2.dr, chromecache_617.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr	String found in binary or memory: https://cdn.prod.website-files.com/plugins/Basic/assets/placeholder.60f9b1840c.svg
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://censys.com/cve-2023-40044/
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://circleci.com/docs/2.0/aws-prereq/#private-subnet-requirements
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://client-registry.mutinycdn.com/personalize/client/c9c27905c1e445d6.js
Source: chromecache_614.2.dr	String found in binary or memory: https://clients.foundationsoft.com/pdfs/requirements/mobile_requirements.pdf
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_507.2.dr	String found in binary or memory: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
Source: chromecache_964.2.dr, chromecache_630.2.dr, chromecache_956.2.dr	String found in binary or memory: https://connect.facebook.net/
Source: chromecache_749.2.dr, chromecache_810.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_964.2.dr, chromecache_630.2.dr, chromecache_956.2.dr	String found in binary or memory: https://connect.facebook.net/log/fbevents_telemetry/
Source: chromecache_633.2.dr	String found in binary or memory: https://conversation.api.drift.com
Source: chromecache_570.2.dr	String found in binary or memory: https://ct.capterra.com/capterra_tracker.gif
Source: chromecache_633.2.dr	String found in binary or memory: https://customer.api.drift.com
Source: chromecache_614.2.dr	String found in binary or memory: https://cvent.me/8P7qoV
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://cyberdrain.com/automating-with-powershell-enable-m365-activity-based-time-out-office-code-ex
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d29691
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instances-and-amis.html
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://docs.datadoghq.com/getting_started/site/
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://explore.zoom.us
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4iaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4jaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4vaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5OaVI
Source: chromecache_513.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5caVI
Source: chromecache_614.2.dr	String found in binary or memory: https://foundationlive.wpenginepowered.com/wp-content/uploads/2021/06/fsl-logo.png
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea.js
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/349de807b96db1d0292d3d20e4ff6453
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1.js
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239.js
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/6930c8e5d7c233ddb86f5631ff5ba7a6
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8.js
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3.js
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/d4dba6b272bcae62d8946a0eb9af9220
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258.js
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/e3053768a06f1ba115c1efbd3a71103d
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/f95bfab2b28d92b8491609541a84bc40.js
Source: chromecache_428.2.dr	String found in binary or memory: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964.js
Source: chromecache_837.2.dr, chromecache_452.2.dr	String found in binary or memory: https://gist.github.com/gleeda/7d3165787015692aec4d2aad740ab8fe.js
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://gist.github.com/matthewB-huntress/14ab9d309f25a05fc9305a8e7f351089
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://github.com/SigmaHQ/sigma/pull/4732
Source: chromecache_442.2.dr, chromecache_683.2.dr	String found in binary or memory: https://github.com/bkwld/tram
Source: chromecache_600.2.dr, chromecache_940.2.dr	String found in binary or memory: https://github.com/cssinjs/jss
Source: chromecache_607.2.dr, chromecache_742.2.dr	String found in binary or memory: https://github.com/francoischalifour/medium-zoom
Source: chromecache_392.2.dr	String found in binary or memory: https://github.com/googlefonts/dm-fonts)
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://github.com/huntresslabs/everyone-oops
Source: chromecache_608.2.dr	String found in binary or memory: https://github.com/huntresslabs/threat-intel/blob/main/2023/2023-11/suspicious_child_process_from_ac
Source: chromecache_892.2.dr	String found in binary or memory: https://github.com/microsoft/CSS-Exchange/blob/main/Security/Test-ProxyLogon.ps1
Source: chromecache_892.2.dr	String found in binary or memory: https://github.com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse
Source: chromecache_608.2.dr	String found in binary or memory: https://github.com/rapid7/metasploit-framework/pull/18501
Source: chromecache_556.2.dr	String found in binary or memory: https://github.githubassets.com/assets/gist-embed-38aeddf8d15a.css
Source: chromecache_614.2.dr	String found in binary or memory: https://go.foundationsoft.com/estimating?&utm_source=software&utm_medium=ad&utm_campaign
Source: chromecache_570.2.dr, chromecache_763.2.dr	String found in binary or memory: https://google.com
Source: chromecache_570.2.dr, chromecache_763.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_614.2.dr	String found in binary or memory: https://hello.foundationsoft.com/l/970183/2022-10-06/2c3zl
Source: chromecache_614.2.dr	String found in binary or memory: https://hello.foundationsoft.com/l/970183/2022-10-11/2cxrl
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://hubspotonwebflow.com/api/forms/c32ae9e7-4a4b-4436-a6e4-0de41bd8df62
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://huntress.io/
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://ibc-flow.techtarget.com/a/gif.gif
Source: chromecache_588.2.dr, chromecache_871.2.dr	String found in binary or memory: https://j.6sc.co/6si.min.js
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js
Source: chromecache_629.2.dr	String found in binary or memory: https://js-na1.hs-scripts.com/3911692.js
Source: chromecache_633.2.dr	String found in binary or memory: https://js.driftt.com
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://js.driftt.com/include/
Source: chromecache_917.2.dr, chromecache_825.2.dr	String found in binary or memory: https://js.hs-analytics.net/analytics/1726835100000/3911692.js
Source: chromecache_917.2.dr, chromecache_825.2.dr	String found in binary or memory: https://js.hs-banner.com/3911692.js
Source: chromecache_429.2.dr, chromecache_780.2.dr	String found in binary or memory: https://js.hs-banner.com/cookie-banner-public/v1
Source: chromecache_917.2.dr, chromecache_825.2.dr	String found in binary or memory: https://js.hsadspixel.net/fb.js
Source: chromecache_917.2.dr, chromecache_825.2.dr	String found in binary or memory: https://js.hscollectedforms.net/collectedforms.js
Source: chromecache_917.2.dr, chromecache_825.2.dr	String found in binary or memory: https://js.hsleadflows.net/leadflows.js
Source: chromecache_917.2.dr, chromecache_825.2.dr	String found in binary or memory: https://js.hubspot.com/web-interactives-embed.js
Source: chromecache_614.2.dr	String found in binary or memory: https://mccormicksys.com/
Source: chromecache_633.2.dr	String found in binary or memory: https://metrics.api.drift.com
Source: chromecache_605.2.dr	String found in binary or memory: https://news.saferbytes.it/analisi/2012/09/uefi-technology-say-hello-to-the-windows-8-bootkit/
Source: chromecache_507.2.dr	String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2023-34362
Source: chromecache_415.2.dr	String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2023-39143
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_749.2.dr, chromecache_950.2.dr, chromecache_487.2.dr, chromecache_393.2.dr, chromecache_810.2.dr, chromecache_443.2.dr, chromecache_385.2.dr, chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_828.2.dr, chromecache_480.2.dr, chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://platform.twitter.com/widgets.js
Source: chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_614.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect/?pid=4456305&fmt=gif
Source: chromecache_810.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: chromecache_570.2.dr	String found in binary or memory: https://q.quora.com/_/ad/
Source: chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_614.2.dr, chromecache_407.2.dr, chromecache_819.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://screenconnect.connectwise.com/download
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://screenconnect.connectwise.com/download"
Source: chromecache_392.2.dr	String found in binary or memory: https://scripts.sil.org/OFLThis
Source: chromecache_392.2.dr	String found in binary or memory: https://scripts.sil.org/OFLhttps://www.indiantypefoundry.comhttps://www.colophon-foundry.orgColophon
Source: chromecache_990.2.dr, chromecache_753.2.dr	String found in binary or memory: https://secure.main5poem.com/Track/Capture.aspx?retType=js&trk_jshv=1&trk_uid=&trk_user=217250&trk_s
Source: chromecache_749.2.dr, chromecache_810.2.dr, chromecache_570.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_614.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js;
Source: chromecache_749.2.dr, chromecache_810.2.dr	String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_749.2.dr, chromecache_810.2.dr	String found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://static.huntresscdn.com/3_24_2_kzhk9kjvjzpzdnk61lg3.js
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://static.huntresscdn.com/schemas/com.huntress/mutiny/jsonschema/1-0-5.json
Source: chromecache_950.2.dr, chromecache_487.2.dr, chromecache_443.2.dr, chromecache_385.2.dr, chromecache_398.2.dr, chromecache_555.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://support.cloudflare.com/hc/en-us
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://support.cloudflare.com/hc/en-us/articles/217720788-Why-doesn-t-my-site-display-correctly-whe
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://support.cloudflare.com/hc/en-us/requests/new
Source: chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://support.huntress.io/hc/en-us
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://support.huntress.io/hc/en-us/articles/26563195577363-2024-Feb-ConnectWise-ScreenConnect-Vuln
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://t.co/CoGFp4Uf8A
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://t.co/W7MdGNXvLH
Source: chromecache_828.2.dr, chromecache_480.2.dr	String found in binary or memory: https://t.co/ahu3SQqbvG
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_633.2.dr	String found in binary or memory: https://targeting.api.drift.com
Source: chromecache_749.2.dr, chromecache_950.2.dr, chromecache_487.2.dr, chromecache_393.2.dr, chromecache_810.2.dr, chromecache_443.2.dr, chromecache_385.2.dr, chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_440.2.dr	String found in binary or memory: https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarr
Source: chromecache_785.2.dr	String found in binary or memory: https://theme.co
Source: chromecache_785.2.dr	String found in binary or memory: https://theme.co/pro
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js
Source: chromecache_575.2.dr, chromecache_734.2.dr, chromecache_611.2.dr, chromecache_598.2.dr	String found in binary or memory: https://tracking.g2crowd.com
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://twitter.com/DidierStevens/status/1531033449561264128
Source: chromecache_828.2.dr, chromecache_480.2.dr	String found in binary or memory: https://twitter.com/Intel_by_KELA/status/1551892789499142145?ref_src=twsrc%5Etfw
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://twitter.com/KyleHanslovan/status/1531114931973767168
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://twitter.com/KyleHanslovan/status/1531138449536958465
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://twitter.com/MCKSysAr/status/1707855204647899194
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://twitter.com/_JohnHammond/status/1531125503725289472
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://twitter.com/_JohnHammond/status/1531170265039781888
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://twitter.com/assetnote?ref_src=twsrc%5Etfw
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://twitter.com/buffaloverflow/status/1531168929925713923
Source: chromecache_614.2.dr	String found in binary or memory: https://twitter.com/foundationsoft
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://twitter.com/infosec_au/status/1708271663182381240?ref_src=twsrc%5Etfw
Source: chromecache_828.2.dr, chromecache_480.2.dr	String found in binary or memory: https://twitter.com/intel_by_kela?lang=en
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://twitter.com/share?url=
Source: chromecache_605.2.dr	String found in binary or memory: https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/#a
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://us02web.zoom.us
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://us05web.zoom.us
Source: chromecache_614.2.dr	String found in binary or memory: https://use.typekit.net/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/00841f/000000000000000077359564/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/199a3f/00000000000000007735955e/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/624cab/000000000000000077359558/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/671919/00000000000000007735954e/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/6cc429/00000000000000007735957a/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/98e3f6/000000000000000077359562/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/ad9c1c/000000000000000077359549/30/
Source: chromecache_818.2.dr, chromecache_872.2.dr	String found in binary or memory: https://use.typekit.net/af/d45b9a/000000000000000077359577/30/
Source: chromecache_892.2.dr	String found in binary or memory: https://vulners.com/carbonblack/CARBONBLACK:6730D6EB8DF875C002A93DBC78C80B9D
Source: chromecache_614.2.dr	String found in binary or memory: https://workmax.com/
Source: chromecache_605.2.dr	String found in binary or memory: https://www.advanced-intel.com/post/persist-brick-profit-trickbot-offers-new-trickboot-uefi-focused-
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2
Source: chromecache_605.2.dr	String found in binary or memory: https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Heasman.pdf
Source: chromecache_828.2.dr, chromecache_480.2.dr	String found in binary or memory: https://www.cisa.gov/uscert/ncas/alerts/aa22-131a
Source: chromecache_605.2.dr	String found in binary or memory: https://www.cisecurity.org/white-papers/security-primer-trickbot/
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/cdn/what-is-a-cdn
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/dns/what-is-dns
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflare.com/media-and-entertainment
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflarestatus.com/
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflarestatus.com/?_ga=2.206399059.190221946.1556053151-1076456093.1556053151
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.cloudflarestatus.com/?_ga=2.35996259.2108316469.1554333761-13370612.1552956708
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://www.comptia.org/blog/security-awareness-training-network-segmentation
Source: chromecache_485.2.dr, chromecache_428.2.dr, chromecache_880.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2022-27665
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2023-40044
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2023-40045
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2023-40046
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2023-40048
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2023-40049
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2023-42657
Source: chromecache_605.2.dr	String found in binary or memory: https://www.cyberscoop.com/trickbot-microsoft-cyber-command-disruption-down/
Source: chromecache_511.2.dr	String found in binary or memory: https://www.cyderes.com/events/public/v1/encoded/track/tc/ON
Source: chromecache_605.2.dr	String found in binary or memory: https://www.darkreading.com/threat-intelligence/like-the-energizer-bunny-trickbot-goes-on-and-on-/d/
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Source: chromecache_614.2.dr	String found in binary or memory: https://www.estimatingedge.com/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/#breadcrumb
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/#primaryimage
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/#website
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/?s=
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/about/philosophy/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/careers/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/clients/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/comments/feed/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/contact/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/events/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/events/#industry-events
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/events/#on-demand-webinars
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/events/#upcoming-webinars
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/faqs/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/feed/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/get-more/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/learn/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/learn/category/case-study/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/meet-our-sales-team/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/partners/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/partners/#integrations
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/press-releases/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/aca/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/accounts-payable/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/accounts-receivable/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/consolidated-general-ledger/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/construction-document-imaging/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/construction-reports/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/cpa-audit-review/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/eaccess/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/equipment/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/executive-dashboard/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/fixed-assets/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/general-ledger/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/inventory-management/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/job-costing/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/microsoft-sql/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/mobile/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/payroll/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/project-management/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/purchase-orders-subcontract/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/quickbooks/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/scheduling/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/service-dispatch/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/time-material-billing/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/software/unit-price-billing/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/support/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/terms/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/plugins/presto-player/dist/components/web-components/web-c
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/plugins/searchwp/assets/css/frontend/search-forms.css?ver=
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro-child/scripts.js?ver=61d6c8f4cfb4a67a5b525ccfe7
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro-child/style.css?ver=6.5.7.1724669600
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro/cornerstone/assets/js/site/cs-accordion.7.5.7.j
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro/cornerstone/assets/js/site/cs-classic.7.5.7.js?
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro/cornerstone/assets/js/site/cs-sliders.7.5.7.js?
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro/framework/dist/css/site/stacks/integrity-light.
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro/framework/dist/js/site/x.js?ver=6.5.7
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/themes/pro/style.css?ver=61d6c8f4cfb4a67a5b525ccfe7264dd4
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/2nd-Section-100x79.jpg
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/2nd-Section-150x119.jpg
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/2nd-Section-379x300.jpg
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/2nd-Section.jpg
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/p4c-logo-100x16.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/p4c-logo-150x23.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/p4c-logo-300x47.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/04/p4c-logo.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/05/cropped-chevron-icon-180x180.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/05/cropped-chevron-icon-192x192.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/05/cropped-chevron-icon-270x270.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/05/cropped-chevron-icon-32x32.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/07/2021-07_FOUNDATION-MK_HomePage-Tab2-Payrol
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/07/2021-07_FOUNDATION-MK_HomePage-Tab3-CPAToo
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2021/07/2021-07_FOUNDATION-MK_POSubcontractorPage-
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2022/08/SafetyHQ-Logo-100x28.webp
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2022/08/SafetyHQ-Logo-150x41.webp
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2022/08/SafetyHQ-Logo.webp
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-100x22.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-1024x228.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-1200x267.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-150x33.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-1536x342.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-660x147.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover-768x171.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-content/uploads/2023/05/workmax-hover.png
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-includes/css/dist/block-library/style.min.css?ver=61d6c8f4cfb4a67a
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-includes/js/comment-reply.min.js?ver=61d6c8f4cfb4a67a5b525ccfe7264
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-json/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.foundationsoft.com%2F
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.foundationsoft.com%2F&
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/wp-json/wp/v2/pages/6
Source: chromecache_614.2.dr	String found in binary or memory: https://www.foundationsoft.com/xmlrpc.php
Source: chromecache_785.2.dr	String found in binary or memory: https://www.gnu.org/licenses/gpl-2.0.html
Source: chromecache_749.2.dr, chromecache_810.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_983.2.dr, chromecache_638.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/1072600148/?random
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_709.2.dr, chromecache_718.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_570.2.dr, chromecache_398.2.dr, chromecache_763.2.dr, chromecache_555.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_749.2.dr, chromecache_393.2.dr, chromecache_810.2.dr, chromecache_570.2.dr, chromecache_763.2.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_654.2.dr, chromecache_639.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_614.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_614.2.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5L35WSM
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-TXRTDGW4
Source: chromecache_749.2.dr, chromecache_393.2.dr, chromecache_810.2.dr, chromecache_570.2.dr, chromecache_763.2.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__.
Source: chromecache_686.2.dr, chromecache_709.2.dr, chromecache_718.2.dr, chromecache_857.2.dr, chromecache_652.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__en.js
Source: chromecache_415.2.dr	String found in binary or memory: https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
Source: chromecache_439.2.dr, chromecache_407.2.dr, chromecache_819.2.dr	String found in binary or memory: https://www.huntress.com
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://www.huntress.com/
Source: chromecache_439.2.dr, chromecache_407.2.dr, chromecache_819.2.dr	String found in binary or memory: https://www.huntress.com/blog-categories
Source: chromecache_439.2.dr, chromecache_407.2.dr, chromecache_611.2.dr, chromecache_819.2.dr, chromecache_598.2.dr	String found in binary or memory: https://www.huntress.com/blog-categories/response-to-incidents
Source: chromecache_1004.2.dr, chromecache_397.2.dr, chromecache_386.2.dr, chromecache_624.2.dr, chromecache_407.2.dr, chromecache_617.2.dr, chromecache_834.2.dr, chromecache_819.2.dr, chromecache_754.2.dr, chromecache_935.2.dr, chromecache_967.2.dr, chromecache_406.2.dr, chromecache_886.2.dr, chromecache_894.2.dr	String found in binary or memory: https://www.huntress.com/blog/
Source: chromecache_440.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authenticati
Source: chromecache_415.2.dr	String found in binary or memory: https://www.huntress.com/blog/another-papercut-cve-2023-39143-remote-code-execution
Source: chromecache_452.2.dr, chromecache_894.2.dr	String found in binary or memory: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software
Source: chromecache_575.2.dr, chromecache_734.2.dr	String found in binary or memory: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?
Source: chromecache_1004.2.dr, chromecache_967.2.dr	String found in binary or memory: https://www.huntress.com/blog/critical-vulnerabilities-ws-ftp-exploitation
Source: chromecache_608.2.dr	String found in binary or memory: https://www.huntress.com/blog/critical-vulnerability-exploitation-of-apache-activemq-cve-2023-46604
Source: chromecache_880.2.dr, chromecache_440.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.huntress.com/blog/how-to-know-if-your-screenconnect-server-is-hacked
Source: chromecache_1000.2.dr	String found in binary or memory: https://www.huntress.com/blog/investigating-unauthorized-access-huntress-qa-environment-incident
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Source: chromecache_507.2.dr	String found in binary or memory: https://www.huntress.com/blog/move-it-on-over-reflecting-on-the-moveit-exploitation
Source: chromecache_397.2.dr	String found in binary or memory: https://www.huntress.com/blog/qakbot-malware-takedown-and-defending-forward
Source: chromecache_892.2.dr	String found in binary or memory: https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers
Source: chromecache_605.2.dr	String found in binary or memory: https://www.huntress.com/blog/rapid-response-trickboot
Source: chromecache_440.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-170
Source: chromecache_440.2.dr	String found in binary or memory: https://www.huntress.com/blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained
Source: chromecache_541.2.dr	String found in binary or memory: https://www.huntress.com/blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained-2
Source: chromecache_480.2.dr	String found in binary or memory: https://www.huntress.com/blog/threat-advisory-hackers-are-selling-access-to-msps
Source: chromecache_485.2.dr, chromecache_387.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_440.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
Source: chromecache_429.2.dr, chromecache_780.2.dr	String found in binary or memory: https://www.huntress.com/cookie-policy
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://www.huntress.com/huntress-saved-my-ass?metadata_cid=1507288&utm_campaign=ToFu%20-%20Save
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr, chromecache_889.2.dr	String found in binary or memory: https://www.huntress.com/neighborhood-watch-program/internal-license-request
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://www.huntress.com/privacy-policy
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://www.huntress.com/resources/ama-breaking-down-the-connectwise-screenconnect-vulnerability-cve
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.huntress.com/resources/incident-response-tabletop-in-a-box
Source: chromecache_541.2.dr, chromecache_440.2.dr, chromecache_624.2.dr, chromecache_617.2.dr, chromecache_754.2.dr, chromecache_889.2.dr	String found in binary or memory: https://www.huntress.com/start-trial
Source: chromecache_614.2.dr	String found in binary or memory: https://www.instagram.com/foundationsoft/
Source: chromecache_507.2.dr	String found in binary or memory: https://www.investopedia.com/terms/l/long-tail.asp
Source: chromecache_614.2.dr	String found in binary or memory: https://www.linkedin.com/company/foundation-software/
Source: chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=
Source: chromecache_507.2.dr	String found in binary or memory: https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
Source: chromecache_950.2.dr, chromecache_487.2.dr, chromecache_443.2.dr, chromecache_385.2.dr, chromecache_398.2.dr, chromecache_555.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_614.2.dr	String found in binary or memory: https://www.myhqsuite.com/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.myhqsuite.com/software/crewhq/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.myhqsuite.com/software/executivehq/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.myhqsuite.com/software/hrhq/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.myhqsuite.com/software/projecthq/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.myhqsuite.com/software/safetyhq/
Source: chromecache_415.2.dr	String found in binary or memory: https://www.papercut.com/kb/Main/securitybulletinjuly2023/
Source: chromecache_614.2.dr	String found in binary or memory: https://www.payroll4construction.com
Source: chromecache_614.2.dr	String found in binary or memory: https://www.payroll4construction.com/
Source: chromecache_507.2.dr	String found in binary or memory: https://www.proofpoint.com/us/blog/threat-insight/how-threat-actors-are-adapting-post-macro-world
Source: chromecache_608.2.dr	String found in binary or memory: https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-4
Source: chromecache_415.2.dr	String found in binary or memory: https://www.reddit.com/r/msp/comments/15iwjez/papercut_patch_party_cve202339143/
Source: chromecache_632.2.dr, chromecache_892.2.dr	String found in binary or memory: https://www.reddit.com/r/msp/comments/lwmo5c/mass_exploitation_of_onprem_exchange_servers/
Source: chromecache_736.2.dr, chromecache_406.2.dr	String found in binary or memory: https://www.reddit.com/r/msp/comments/v0tuvs/ms_office_vuln_polite_warning_about_nearterm/
Source: chromecache_574.2.dr, chromecache_490.2.dr	String found in binary or memory: https://www.redditstatic.com/ads/8d515a58/pixel.js
Source: chromecache_570.2.dr	String found in binary or memory: https://www.redditstatic.com/ads/pixel.js
Source: chromecache_507.2.dr	String found in binary or memory: https://www.reuters.com/technology/who-is-behind-sweeping-moveit-hack-2023-06-27/
Source: chromecache_507.2.dr	String found in binary or memory: https://www.secureworks.com/blog/clop-ransomware-leak-site-shows-increased-activity
Source: chromecache_485.2.dr, chromecache_754.2.dr	String found in binary or memory: https://www.securityweek.com/slashandgrab-screenconnect-vulnerability-widely-exploited-for-malware-d
Source: chromecache_507.2.dr	String found in binary or memory: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/20-years-of-macro-m
Source: chromecache_507.2.dr	String found in binary or memory: https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysi
Source: chromecache_605.2.dr	String found in binary or memory: https://www.virusbulletin.com/uploads/pdf/conference_slides/2017/Kapoor-VB2017-have-you-scanned-your
Source: chromecache_428.2.dr	String found in binary or memory: https://www.youtube.com/embed/AWGoGO5jnvY?si=QVZ66js3CVQEZlVY
Source: chromecache_749.2.dr, chromecache_810.2.dr, chromecache_443.2.dr, chromecache_570.2.dr, chromecache_398.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: chromecache_605.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=P3yMXspLzoY
Source: chromecache_605.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=QDSlWa9xQuA
Source: chromecache_665.2.dr, chromecache_1000.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=WRnXzHfpMWs&t=3037s
Source: chromecache_605.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=dpG97TBR3Ys
Source: chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=tUhu1c8ulLE
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://www.zoom.us
Source: chromecache_837.2.dr, chromecache_452.2.dr	String found in binary or memory: https://x.com/MaxRogers5/status/1834999656201289782
Source: chromecache_614.2.dr	String found in binary or memory: https://yoast.com/wordpress/plugins/seo/
Source: chromecache_436.2.dr, chromecache_839.2.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown	Network traffic detected: HTTP traffic on port 50726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50730
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 51135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown	Network traffic detected: HTTP traffic on port 50600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 51008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown	Network traffic detected: HTTP traffic on port 50980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown	Network traffic detected: HTTP traffic on port 51045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 50783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 50931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 51065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50707
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 51033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50716
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50719
Source: unknown	Network traffic detected: HTTP traffic on port 50534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 51225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 51021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 50644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 51201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51205
Source: unknown	Network traffic detected: HTTP traffic on port 50804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 50685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51214
Source: unknown	Network traffic detected: HTTP traffic on port 50897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown	Network traffic detected: HTTP traffic on port 50923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50779
Source: unknown	Network traffic detected: HTTP traffic on port 50911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50778
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown	Network traffic detected: HTTP traffic on port 51025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown	Network traffic detected: HTTP traffic on port 50943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50787
Source: unknown	Network traffic detected: HTTP traffic on port 51057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50789
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50785
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50798
Source: unknown	Network traffic detected: HTTP traffic on port 50791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown	Network traffic detected: HTTP traffic on port 51245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50796
Source: unknown	Network traffic detected: HTTP traffic on port 51069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51144
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51147
Source: unknown	Network traffic detected: HTTP traffic on port 51176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51152
Source: unknown	Network traffic detected: HTTP traffic on port 51210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown	Network traffic detected: HTTP traffic on port 51061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51158
Source: unknown	Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51161
Source: unknown	Network traffic detected: HTTP traffic on port 50550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51165
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51171
Source: unknown	Network traffic detected: HTTP traffic on port 50903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50549 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51181
Source: unknown	Network traffic detected: HTTP traffic on port 51073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51184
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51185
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51107
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51104
Source: unknown	Network traffic detected: HTTP traffic on port 51119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51103
Source: unknown	Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51118
Source: unknown	Network traffic detected: HTTP traffic on port 50952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51112
Source: unknown	Network traffic detected: HTTP traffic on port 50639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51110
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51115
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51126
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51127
Source: unknown	Network traffic detected: HTTP traffic on port 51004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51125
Source: unknown	Network traffic detected: HTTP traffic on port 50836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51130
Source: unknown	Network traffic detected: HTTP traffic on port 50964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51133
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51136
Source: unknown	Network traffic detected: HTTP traffic on port 50893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51141
Source: unknown	Network traffic detected: HTTP traffic on port 50799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51187
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51190
Source: unknown	Network traffic detected: HTTP traffic on port 51097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51195
Source: unknown	Network traffic detected: HTTP traffic on port 50542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51194
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51197
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50859
Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown	Network traffic detected: HTTP traffic on port 51044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 51032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50868
Source: unknown	Network traffic detected: HTTP traffic on port 50956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50862
Source: unknown	Network traffic detected: HTTP traffic on port 50864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 50852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50878
Source: unknown	Network traffic detected: HTTP traffic on port 51056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50877
Source: unknown	Network traffic detected: HTTP traffic on port 50657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown	Network traffic detected: HTTP traffic on port 51020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 50601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 50888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50888
Source: unknown	Network traffic detected: HTTP traffic on port 50555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50884
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 50807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: sslproxydump.pcap, type: PCAP	Matched rule: Detects code from APT wateringhole Author: @dragonthreatlab
Source: sslproxydump.pcap, type: PCAP	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: dropped/chromecache_892, type: DROPPED	Matched rule: Detects code from APT wateringhole Author: @dragonthreatlab
Source: dropped/chromecache_632, type: DROPPED	Matched rule: Detects code from APT wateringhole Author: @dragonthreatlab

Source: sslproxydump.pcap, type: PCAP	Matched rule: apt_c16_win_wateringhole date = 2015/01/11, author = @dragonthreatlab, description = Detects code from APT wateringhole, reference = http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html
Source: sslproxydump.pcap, type: PCAP	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: dropped/chromecache_892, type: DROPPED	Matched rule: apt_c16_win_wateringhole date = 2015/01/11, author = @dragonthreatlab, description = Detects code from APT wateringhole, reference = http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html
Source: dropped/chromecache_632, type: DROPPED	Matched rule: apt_c16_win_wateringhole date = 2015/01/11, author = @dragonthreatlab, description = Detects code from APT wateringhole, reference = http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html

Source: classification engine

Classification label: mal80.expl.evad.win@23/986@320/100

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,5053550496788528240,1529284334004214173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,5053550496788528240,1529284334004214173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_935.2.dr	Binary or memory string: </script></div><div class="menu-button-mobile w-nav-button" data-ix="mobile-menu-open"><div class="top-line"></div><div class="middle-line"></div><div class="bottom-line"></div></div></div></div></header><section class="content-with-form gated-content-with-form w-condition-invisible"><div class="temp w-condition-invisible">This is some text inside of a div block.</div><img src="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a91_Gated%20glitch%20dektop.webp" loading="lazy" alt="Glitch effect" class="cwf-glitch-01 gated-glitch-desktop"/><div class="w-layout-blockcontainer container-1303 w-condition-invisible w-container"><div class="two-column-layout-wrapper blog-detail-two-column-layout-wrapper"><div><div fs-richtext-sanitize="true" fs-richtext-element="rich-text" class="gated-content w-dyn-bind-empty w-richtext"></div></div></div></div></section><div class="gated-blog-content"><section class="blog-banner-section"><img src="https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png" loading="eager" alt="" class="landing-banner-shape-1 blog-listing-landing-banner-shape-1"/><div class="w-layout-blockcontainer container-width-1143 w-container"><div class="blog-listing-banner-wrapper"><div class="breadcrumb contained"><a href="/" class="breadcrumb-link level-1">Home</a><img src="https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg" loading="lazy" alt="" class="breadcrumb-icon"/><a href="/blog" class="breadcrumb-link level-2">Blog</a><img src="https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg" loading="lazy" alt="" class="breadcrumb-icon"/><div class="breadcrumb-text">Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike</div></div><div class="breadcrumb blog-asset-breadcrumb"><a href="/" class="breadcrumb-link breadcrumb-link-back">January 15, 2022</a></div><div class="landing-banner-heading blog-landing-banner-heading"><h1 class="landing-banner-heading-h1">Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike</h1><div class="attribution-container"><div class="author-container"><div class="author-wrap-text">By: </div><div class="authors-wrapper w-dyn-list"><div fs-cmsnest-collection="authors" fs-cmsnest-element="template-reference" role="list" class="authors-list w-dyn-items"><div role="listitem" class="author-item w-dyn-item"><a href="/authors/team-huntress" class="author-link w-inline-block"><img src="https://cdn.prod.website-files.com/plugins/Basic/assets/placeholder.60f9b1840c.svg" loading="lazy" width="40" height="40" alt="" class="author-profile w-dyn-bind-empty"/><div class="author-name">Team Huntress</div></a></div></div></div></div><div class="author-divider w-condition-invisible">\|</div><div class="contributor-container"><div class="contributor-wrap-text w-conditio
Source: chromecache_935.2.dr	Binary or memory string: "name": "Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike"
Source: chromecache_935.2.dr	Binary or memory string: "@id": "https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike",
Source: chromecache_935.2.dr	Binary or memory string: s important to note that ~34% of the 180 Horizon servers (62) we analyzed were unpatched and internet-facing at the time of this publication. the web shells on these 18 compromised systems established a timeline that started on December 25, 2021 and continued until December 29, 2021.</p><h4>New Behavior</h4><p>On January 14 at 1458 ET, an unrelated Managed Antivirus detection (Microsoft Defender) tipped our ThreatOps team to new exploitation of the Log4Shell vulnerability in VMware Horizon. This time it was used to deliver the Cobalt Strike implant. </p><p>Additional security researchers including <a href="https://twitter.com/TheDFIRReport/status/1482078434327244805?s=20">TheDFIRReport</a> and <a href="https://twitter.com/redcanary/status/1482100290698375169?s=20">Red Canary</a> reported similar behavior around the same time
Source: chromecache_935.2.dr	Binary or memory string: link.href='https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike';
Source: chromecache_935.2.dr	Binary or memory string: <!DOCTYPE html><!-- Last Published: Thu Sep 19 2024 22:43:52 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="www.huntress.com" data-wf-page="65f3299e49a461b4b9c729ba" data-wf-site="6579dd0b5f9a54376d296915" lang="en" data-wf-collection="65f3299e49a461b4b9c728ba" data-wf-item-slug="cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike"><head><meta charset="utf-8"/><title>VMware Horizon Servers Actively Being Hit With Cobalt Strike \| Huntress</title><meta content="Huntress is monitoring an incident in which VMware Horizon Servers are being hit with Cobalt Strike. Read our up-to-date blog to learn more." name="description"/><meta content="VMware Horizon Servers Actively Being Hit With Cobalt Strike \| Huntress" property="og:title"/><meta content="Huntress is monitoring an incident in which VMware Horizon Servers are being hit with Cobalt Strike. Read our up-to-date blog to learn more." property="og:description"/><meta content="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65810506f631f9d85cb799a9_Threat%20Advisory-%20VMware%20Horizon%20Servers%20Actively%20Being%20Hit%20With%20Cobalt%20Strike.jpeg" property="og:image"/><meta content="VMware Horizon Servers Actively Being Hit With Cobalt Strike \| Huntress" property="twitter:title"/><meta content="Huntress is monitoring an incident in which VMware Horizon Servers are being hit with Cobalt Strike. Read our up-to-date blog to learn more." property="twitter:description"/><meta content="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65810506f631f9d85cb799a9_Threat%20Advisory-%20VMware%20Horizon%20Servers%20Actively%20Being%20Hit%20With%20Cobalt%20Strike.jpeg" property="twitter:image"/><meta property="og:type" content="website"/><meta content="summary_large_image" name="twitter:card"/><meta content="width=device-width, initial-scale=1" name="viewport"/><meta content="QZk47k59WXGOBjZRZodH6wC5rKaX9MnmeBFsV5jchE4" name="google-site-verification"/><link href="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.css" rel="stylesheet" type="text/css"/><script type="text/javascript">!function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o\|\|o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);</script><link href="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png" rel="shortcut icon" type="image/x-icon"/><link href="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6603101ade570b07f0fb6625_android-chrome-256x256.png" rel="apple-touch-icon"/><link href="rss.xml" rel="alternate" title="RSS Feed" type="application/rss+xml"/><script src="https://www.google.com/recaptcha/api.js" type="text/javascript"></script><!-- Google Tag Manager -->
Source: chromecache_935.2.dr	Binary or memory string: s <a href="https://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000e9d3cQAA">Horizon Mitigation tool</a> to report whether there is a vulnerable Log4J library or child_process based web shell present under the installation location with the following command: Horizon_Windows_Log4j_Mitigation.bat /verbose</li><li>Manually inspect/assess the files within %ProgramFiles%\VMware\VMware View\Server\appblastgateway\ for the presence of the child_process string <a href="https://i.imgur.com/t5ojfac.png">as pictured here</a>.</li><li>Review historical records for evidence of node.exe or ws_TomcatService.exe spawning abnormal processes to include PowerShell.</li></ul><h4>Mitigation Steps</h4><p>This new wave of coordinated hacking emphasizes the criticality of patching these servers immediately. VMware has <a href="https://kb.vmware.com/s/article/87073">produced detailed guidance</a> to help you address these security vulnerabilities.</p><p>Should you discover a web shell, VMware recommends you
Source: chromecache_935.2.dr	Binary or memory string: soon-to-be-released Process Insights agent to all of the VMware Horizon servers we protect. This new EDR capability is based on an <a href="https://searchitchannel.techtarget.com/news/252495064/Huntress-security-platform-gets-boost-from-Level-Effect-EDR">acquisition we made in early 2021</a> and allows us to proactively detect and respond to non-persistent malicious behavior by giving us the ability to collect detailed information about processes.</p><h4>Initial Access Source</h4><p>Despite mass exploitation of VMware Horizon to deliver web shells, our data suggests today's Cobalt Strike deployments were exploitation of Horizon itself and not the abuse of web shells. This conclusion is largely based on analysis of the PowerShell payload's parent process where web shell abuse spawns from node.exe while exploitation of Log4Shell in Horizon spawns from ws_tomcatservice.exe as pictured.</p><h4>Detection Tips</h4><p>For those of you just learning about the mass exploitation of VMware Horizon servers and the installation of backdoor web shells, you should seriously consider the possibility that your server is compromised if it was unpatched and internet-facing. To help you determine your status, </p><p>we strongly suggest you perform the following actions:</p><ul role="list"><li>Run VMware
Source: chromecache_935.2.dr	Binary or memory string: s National Health Service (NHS) <a href="https://digital.nhs.uk/cyber-alerts/2022/cc-4002">alerted that hackers</a> were actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish persistent access via web shells. These web shells allow unauthenticated attackers to remotely execute commands on your server as NT AUTHORITY\SYSTEM (root privileges). According to Shodan, ~25,000 Horizon servers are currently internet accessible worldwide.</p><p>Our team is continuing to track this activity and this post will be updated with new information as it becomes available.</p><p>Image Source: NHS - <a href="https://digital.nhs.uk/cyber-alerts/2022/cc-4002" target="_blank">https://digital.nhs.uk/cyber-alerts/2022/cc-4002</a></p><p>Based on Huntress
Source: chromecache_935.2.dr	Binary or memory string: const curl = "https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike"
Source: chromecache_935.2.dr	Binary or memory string: link.href= 'https://www.huntress.com/blog/' + 'cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike';

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell decode and execute

Source: Yara match	File source: dropped/chromecache_892, type: DROPPED
Source: Yara match	File source: dropped/chromecache_632, type: DROPPED

Yara detected Powershell download and execute

Source: Yara match	File source: dropped/chromecache_892, type: DROPPED
Source: Yara match	File source: dropped/chromecache_632, type: DROPPED
Source: Yara match	File source: dropped/chromecache_624, type: DROPPED
Source: Yara match	File source: dropped/chromecache_617, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://ampcid.google.com/v1/publisher:getClientId	0%	URL Reputation	safe
https://support.google.com/recaptcha/#6175971	0%	URL Reputation	safe
https://cloud.google.com/contact	0%	URL Reputation	safe
https://static.hotjar.com/c/hotjar-	0%	URL Reputation	safe
https://twitter.com/buffaloverflow/status/1531168929925713923	0%	Avira URL Cloud	safe
http://typekit.com/eulas/000000000000000077359549	0%	Avira URL Cloud	safe
https://static.hotjar.com/c/hotjar-2159185.js?sv=6	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/software/time-material-billing/	0%	Avira URL Cloud	safe
https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets/css/cookie-notice.css?ver=3.4.19	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66abcfee331da80089b29d7e_Huntress%20Logo%20Wide%20Teal.webp	0%	Avira URL Cloud	safe
https://www.cisa.gov/uscert/ncas/alerts/aa22-131a	0%	Avira URL Cloud	safe
https://www.cisa.gov/uscert/ncas/alerts/aa22-131a	0%	Virustotal		Browse
https://twitter.com/buffaloverflow/status/1531168929925713923	0%	Virustotal		Browse
https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522	0%	Virustotal		Browse
http://typekit.com/eulas/000000000000000077359549	0%	Virustotal		Browse
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f2f_AGk0z-NzyeIhzJV	0%	Avira URL Cloud	safe
https://1.1.1.1/	0%	Avira URL Cloud	safe
https://js.zi-scripts.com/unified/v1/master/getSubscriptions	0%	Avira URL Cloud	safe
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC	0%	Avira URL Cloud	safe
https://1.1.1.1/	1%	Virustotal		Browse
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=d984c4dc-26e0-40d5-8240-feb6b3ec02bd&batch_time=1726835405263	0%	Avira URL Cloud	safe
https://www.cyderes.com/events/public/v1/encoded/track/tc/ON	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ffa_BlogHeader-ResponsetoIncidents-BillingSoftware-p-500.jpeg	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/faqs/	0%	Avira URL Cloud	safe
https://metrics.api.drift.com	0%	Avira URL Cloud	safe
https://js.zi-scripts.com/unified/v1/master/getSubscriptions	0%	Virustotal		Browse
https://x.com/MaxRogers5/status/1834999656201289782	0%	Avira URL Cloud	safe
https://metrics.api.drift.com	0%	Virustotal		Browse
https://www.foundationsoft.com/about/philosophy/	0%	Avira URL Cloud	safe
https://www.investopedia.com/terms/l/long-tail.asp	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/meet-our-sales-team/	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.foundationsoft.com%2F	0%	Avira URL Cloud	safe
https://www.investopedia.com/terms/l/long-tail.asp	0%	Virustotal		Browse
http://typekit.com/eulas/000000000000000077359558	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/get-more/	0%	Avira URL Cloud	safe
https://rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css	0%	Avira URL Cloud	safe
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835397496&i=gtm&dwt=11&ive=blur	0%	Avira URL Cloud	safe
https://www.darkreading.com/threat-intelligence/like-the-energizer-bunny-trickbot-goes-on-and-on-/d/	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/software/job-costing/	0%	Avira URL Cloud	safe
https://www.youtube.com/watch?v=tUhu1c8ulLE	0%	Avira URL Cloud	safe
http://typekit.com/eulas/00000000000000007735954e	0%	Avira URL Cloud	safe
http://typekit.com/eulas/000000000000000077359558	0%	Virustotal		Browse
https://www.foundationsoft.com/meet-our-sales-team/	0%	Virustotal		Browse
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66e88ca4db87912b833221bc_AD_4nXfOwDpF0yBEfx9g2KQU_7gC1nQg6KooRMNo04vFs1ifPF6jT0n6r4w0SZAd9fd5olhmUACBtCzTKgcB4_cTsAwdFPOcqi1EKiAeOCNkiYXMbTYFUgVNlXkA_YNsqmR84gUmAr0CZKGM0HE7qSitXg4ZgvI.png	0%	Avira URL Cloud	safe
http://typekit.com/eulas/000000000000000077359562	0%	Avira URL Cloud	safe
http://typekit.com/eulas/000000000000000077359564	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg	0%	Avira URL Cloud	safe
https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f1d_BlogHeader-Rapi	0%	Avira URL Cloud	safe
https://tags.srv.stackadapt.com/js_tracking?url=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents&uid=yZKscIIzalsoNin7qAYxQw&v=1&host=https%3A%2F%2Fwww.huntress.com&l_src=&l_src_d=&u_src=hs_email&u_src_d=2024-09-20T12%3A29%3A14.958Z&shop=false	0%	Avira URL Cloud	safe
https://github.com/cssinjs/jss	0%	Avira URL Cloud	safe
https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8.js	0%	Avira URL Cloud	safe
https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js	0%	Virustotal		Browse
https://www.cve.org/CVERecord?id=CVE-2023-42657	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/65bd3bf02edc81af0185ab74_Fireside%20Logo%20(1).svg	0%	Avira URL Cloud	safe
https://www.huntress.com/blog/threat-advisory-xmrig-crypto-mining-by-way-of-teamviewer	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/wp-content/uploads/2021/07/2021-07_FOUNDATION-MK_HomePage-Tab2-Payrol	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg	0%	Virustotal		Browse
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%2	0%	Avira URL Cloud	safe
http://typekit.com/eulas/000000000000000077359562	0%	Virustotal		Browse
https://www.foundationsoft.com/#breadcrumb	0%	Avira URL Cloud	safe
https://px.ads.linkedin.com/collect/?pid=4456305&fmt=gif	0%	Avira URL Cloud	safe
http://typekit.com/eulas/00000000000000007735955e	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/software/general-ledger/	0%	Avira URL Cloud	safe
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=bd05430c-2709-403b-aa3b-e517f155528a&batch_time=1726835350863	0%	Avira URL Cloud	safe
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=c7fcd094-2d10-451f-be05-81f3fb345fa6&batch_time=1726835371887	0%	Avira URL Cloud	safe
https://customer.api.drift.com	0%	Avira URL Cloud	safe
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/20-years-of-macro-m	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/wp-content/themes/pro/cornerstone/assets/js/site/cs-sliders.7.5.7.js?ver=7.5.7	0%	Avira URL Cloud	safe
https://hello.foundationsoft.com/js/piUtils.js?ver=2021-09-20	0%	Avira URL Cloud	safe
https://twitter.com/Intel_by_KELA/status/1551892789499142145?ref_src=twsrc%5Etfw	0%	Avira URL Cloud	safe
http://typekit.com/eulas/000000000000000077359577	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/software/fixed-assets/	0%	Avira URL Cloud	safe
https://huntress.io/	0%	Avira URL Cloud	safe
https://use.typekit.net/af/98e3f6/000000000000000077359562/30/	0%	Avira URL Cloud	safe
https://workmax.com/	0%	Avira URL Cloud	safe
https://gist.github.com/matthewB-huntress/14ab9d309f25a05fc9305a8e7f351089	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6644f7e1e53239ee83da1446_soc%20(1).webp	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.css	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/wp-content/uploads/2021/05/cropped-chevron-icon-32x32.png	0%	Avira URL Cloud	safe
https://censys.com/cve-2023-40044/	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/65bd01d41aac1d9f234e41ca_Managed%20EDR%203.svg	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/support/	0%	Avira URL Cloud	safe
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=d9e469ba-500c-4bdf-b100-1748b29425e1&batch_time=1726835396506	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/660da63009a196dfeb26efb4_Testimonial_CascadeTechnologies_Small.jpg	0%	Avira URL Cloud	safe
http://45.32.120	0%	Avira URL Cloud	safe
https://platform.twitter.com/widgets.js	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api.js	0%	Avira URL Cloud	safe
https://www.foundationsoft.com/partners/	0%	Avira URL Cloud	safe
https://www.virusbulletin.com/uploads/pdf/conference_slides/2017/Kapoor-VB2017-have-you-scanned-your	0%	Avira URL Cloud	safe
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970fc_image%2520(3).p	0%	Avira URL Cloud	safe
https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents&rl=&if=false&ts=1726835414100&sw=1280&sh=1024&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835410840&coo=false&rqm=GET	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js	0%	Avira URL Cloud	safe
https://github.com/francoischalifour/medium-zoom	0%	Avira URL Cloud	safe
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835375916&i=gtm&dwt=8&ive=blur	0%	Avira URL Cloud	safe
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65dd200bc8571c720dc43767_Huntress-SlashA	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.1.229	true	false	unknown
forms.hubspot.com	104.16.118.116	true	false	unknown
pacman-content-live.live.eks.hotjar.com	52.17.245.154	true	false	unknown
ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com	44.199.117.35	true	false	unknown
cta-service-cms2.hubspot.com	104.16.118.116	true	false	unknown
platform.twitter.map.fastly.net	199.232.188.157	true	false	unknown
stats.g.doubleclick.net	173.194.76.154	true	false	unknown
t.co	172.66.0.227	true	false	unknown
track.hubspot.com	104.16.118.116	true	false	unknown
forms.hscollectedforms.net	104.16.109.254	true	false	unknown
js.hs-scripts.com	104.16.139.209	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
tracking.g2crowd.com	104.18.31.176	true	false	unknown
q.quora.com	52.4.97.148	true	false	unknown
static-cdn.hotjar.com	18.245.175.46	true	false	unknown
js.hs-banner.com	172.64.147.16	true	false	unknown
star-mini.c10r.facebook.com	157.240.0.35	true	false	unknown
webhooks.fivetran.com	34.159.227.151	true	false	unknown
google.com	142.250.186.78	true	false	unknown
s.twitter.com	104.244.42.3	true	false	unknown
github.com	140.82.121.3	true	false	unknown
api-w-ssh-1606603881.us-east-1.elb.amazonaws.com	34.232.185.209	true	false	unknown
js.hsadspixel.net	104.17.128.172	true	false	unknown
dualstack.reddit.map.fastly.net	151.101.193.140	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
reddit.map.fastly.net	151.101.193.140	true	false	unknown
googleads.g.doubleclick.net	142.250.185.130	true	false	unknown
rc-widget-frame.js.driftt.com	18.66.147.49	true	false	unknown
api.hubapi.com	104.18.242.108	true	false	unknown
ibc-flow.techtarget.com	34.111.208.231	true	false	unknown
td.doubleclick.net	142.250.186.34	true	false	unknown
t.huntress.com	75.2.75.154	true	false	unknown
forpci94.actonsoftware.com	207.189.124.24	true	false	unknown
wsky-live.live.eks.hotjar.com	52.51.32.149	true	false	unknown
d2unjxrejkh6j9.cloudfront.net	13.35.58.39	true	false	unknown
forms.hsforms.com	104.19.175.188	true	false	unknown
js.zi-scripts.com	104.18.37.212	true	false	unknown
afe79c04fd8464db69f453355c110684-6aa967fe209738b1.elb.us-east-1.amazonaws.com	34.193.113.164	true	false	unknown
pixel.byspotify.com	34.117.162.98	true	false	unknown
js.hs-analytics.net	104.17.175.201	true	false	unknown
github.githubassets.com	185.199.108.154	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
proxy-ssl-geo.webflow.com	63.35.51.142	true	false	unknown
dl7g9llrghqi1.cloudfront.net	18.172.112.67	true	false	unknown
scontent.xx.fbcdn.net	157.240.0.6	true	false	unknown
script.hotjar.com	13.32.27.21	true	false	unknown
browser-intake-datadoghq.com	3.233.158.25	true	false	unknown
edge-web.dual-gslb.spotify.com	35.186.224.24	true	false	unknown
pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com	3.215.172.219	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
cname.vercel-dns.com	76.76.21.123	true	false	unknown
static.huntresscdn.com	172.67.68.218	true	false	unknown
ws.zoominfo.com	104.16.117.43	true	false	unknown
js.hubspot.com	104.16.117.116	true	false	unknown
ax-0001.ax-msedge.net	150.171.27.10	true	false	unknown
d3nidttaq34fka.cloudfront.net	3.165.136.96	true	false	unknown
d3e54v103j8qbb.cloudfront.net	52.222.232.47	true	false	unknown
js.hsleadflows.net	104.18.141.17	true	false	unknown
k8s-mutiny-privatea-b7eaf9f835-63806838.us-east-1.elb.amazonaws.com	34.197.49.91	true	false	unknown
www.datadoghq-browser-agent.com	13.33.219.205	true	false	unknown
cdn.prod.website-files.com	104.18.160.117	true	false	unknown
analytics.google.com	142.250.186.78	true	false	unknown
d3g1ftmock1oxn.cloudfront.net	18.245.46.122	true	false	unknown
tags.srv.stackadapt.com	3.74.18.239	true	false	unknown
group27.sites.hscoscdn20.net	199.60.103.2	true	false	unknown
perf-na1.hsforms.com	104.18.80.204	true	false	unknown
ib.anycast.adnxs.com	37.252.171.21	true	false	unknown
js.hscollectedforms.net	104.16.108.254	true	false	unknown
foundationsoft.com	35.238.6.145	true	false	unknown
alb.reddit.com	unknown	unknown	false	unknown
static.ads-twitter.com	unknown	unknown	false	unknown
gist.github.com	unknown	unknown	false	unknown
cdn.neverbounce.com	unknown	unknown	false	unknown
metrics.api.drift.com	unknown	unknown	false	unknown
www.huntress.com	unknown	unknown	false	unknown
secure.adnxs.com	unknown	unknown	false	unknown
www.foundationsoft.com	unknown	unknown	false	unknown
js.driftt.com	unknown	unknown	false	unknown
static.hotjar.com	unknown	unknown	false	unknown
pixels.spotify.com	unknown	unknown	false	unknown
j.6sc.co	unknown	unknown	false	unknown
206.23.85.13.in-addr.arpa	unknown	unknown	false	unknown
ws.hotjar.com	unknown	unknown	false	unknown
secure.main5poem.com	unknown	unknown	false	unknown
conversation.api.drift.com	unknown	unknown	false	unknown
use.typekit.net	unknown	unknown	false	unknown
www.redditstatic.com	unknown	unknown	false	unknown
c.6sc.co	unknown	unknown	false	unknown
info.foundationsoft.com	unknown	unknown	false	unknown
connect.facebook.net	unknown	unknown	false	unknown
px.ads.linkedin.com	unknown	unknown	false	unknown
p.typekit.net	unknown	unknown	false	unknown
bootstrap.api.drift.com	unknown	unknown	false	unknown
tools.refokus.com	unknown	unknown	false	unknown
ipv6.6sc.co	unknown	unknown	false	unknown
cdn.schemaapp.com	unknown	unknown	false	unknown
a.quora.com	unknown	unknown	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	unknown
api.neverbounce.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://static.hotjar.com/c/hotjar-2159185.js?sv=6	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets/css/cookie-notice.css?ver=3.4.19	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66abcfee331da80089b29d7e_Huntress%20Logo%20Wide%20Teal.webp	false	Avira URL Cloud: safe	unknown
https://js.zi-scripts.com/unified/v1/master/getSubscriptions	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC	false	Avira URL Cloud: safe	unknown
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email	false	Avira URL Cloud: safe	unknown
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=d984c4dc-26e0-40d5-8240-feb6b3ec02bd&batch_time=1726835405263	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296ffa_BlogHeader-ResponsetoIncidents-BillingSoftware-p-500.jpeg	false	Avira URL Cloud: safe	unknown
https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04	false		unknown
https://rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css	false	Avira URL Cloud: safe	unknown
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835397496&i=gtm&dwt=11&ive=blur	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/66e88ca4db87912b833221bc_AD_4nXfOwDpF0yBEfx9g2KQU_7gC1nQg6KooRMNo04vFs1ifPF6jT0n6r4w0SZAd9fd5olhmUACBtCzTKgcB4_cTsAwdFPOcqi1EKiAeOCNkiYXMbTYFUgVNlXkA_YNsqmR84gUmAr0CZKGM0HE7qSitXg4ZgvI.png	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://tags.srv.stackadapt.com/js_tracking?url=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents&uid=yZKscIIzalsoNin7qAYxQw&v=1&host=https%3A%2F%2Fwww.huntress.com&l_src=&l_src_d=&u_src=hs_email&u_src_d=2024-09-20T12%3A29%3A14.958Z&shop=false	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/65bd3bf02edc81af0185ab74_Fireside%20Logo%20(1).svg	false	Avira URL Cloud: safe	unknown
https://www.huntress.com/blog/threat-advisory-xmrig-crypto-mining-by-way-of-teamviewer	true	Avira URL Cloud: safe	unknown
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=bd05430c-2709-403b-aa3b-e517f155528a&batch_time=1726835350863	false	Avira URL Cloud: safe	unknown
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=c7fcd094-2d10-451f-be05-81f3fb345fa6&batch_time=1726835371887	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/wp-content/themes/pro/cornerstone/assets/js/site/cs-sliders.7.5.7.js?ver=7.5.7	false	Avira URL Cloud: safe	unknown
https://hello.foundationsoft.com/js/piUtils.js?ver=2021-09-20	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6644f7e1e53239ee83da1446_soc%20(1).webp	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.css	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/wp-content/uploads/2021/05/cropped-chevron-icon-32x32.png	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/65bd01d41aac1d9f234e41ca_Managed%20EDR%203.svg	false	Avira URL Cloud: safe	unknown
https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A5.27.0%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Ahuntress.com&dd-api-key=pub66bcc27a4e8914137e6493224fb92edb&dd-evp-origin-version=5.27.0&dd-evp-origin=browser&dd-request-id=d9e469ba-500c-4bdf-b100-1748b29425e1&batch_time=1726835396506	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/660da63009a196dfeb26efb4_Testimonial_CascadeTechnologies_Small.jpg	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api.js	false	Avira URL Cloud: safe	unknown
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents	false	Avira URL Cloud: safe	unknown
https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog-categories%2Fresponse-to-incidents&rl=&if=false&ts=1726835414100&sw=1280&sh=1024&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726835358379.798225651589239556&cs_est=true&ler=empty&cdl=API_unavailable&it=1726835410840&coo=false&rqm=GET	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js	false	Avira URL Cloud: safe	unknown
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?j=1&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcracks-in-the-foundation-intrusions-of-foundation-accounting-software%3Futm_campaign%3DCYDERES%2520EMDR%2520Intelligence%2520Digest%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I%26_hsmi%3D325473246%26utm_content%3D325473246%26utm_source%3Dhs_email&tag=DwellTime&ts=1726835375916&i=gtm&dwt=8&ive=blur	false	Avira URL Cloud: safe	unknown
https://t.co/i/adsct?bci=3&eci=2&event_id=b1bcdb4a-20c4-4018-8f69-9ae3e4c1e79e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=66ca7fd3-6b8c-4e97-9b70-221f6b4586bd&tw_document_href=https%3A%2F%2Fwww.foundationsoft.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzica&type=javascript&version=2.3.30	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296fe7_BlogHeader-ResponsetoIncidents-log4j-p-500.jpeg	false	Avira URL Cloud: safe	unknown
https://pixel.byspotify.com/ping.min.js	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6644f8e69bff560c4991106c_bullhorn%20(1).webp	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296e6e_Blog-CYOA-p-500.jpeg	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522	chromecache_436.2.dr, chromecache_839.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://twitter.com/buffaloverflow/status/1531168929925713923	chromecache_736.2.dr, chromecache_406.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://typekit.com/eulas/000000000000000077359549	chromecache_818.2.dr, chromecache_872.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/software/time-material-billing/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_654.2.dr, chromecache_639.2.dr	false	URL Reputation: safe	unknown
https://www.cisa.gov/uscert/ncas/alerts/aa22-131a	chromecache_828.2.dr, chromecache_480.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f2f_AGk0z-NzyeIhzJV	chromecache_736.2.dr, chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown
https://1.1.1.1/	chromecache_436.2.dr, chromecache_839.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.cyderes.com/events/public/v1/encoded/track/tc/ON	chromecache_511.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/faqs/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://metrics.api.drift.com	chromecache_633.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://x.com/MaxRogers5/status/1834999656201289782	chromecache_837.2.dr, chromecache_452.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/about/philosophy/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://www.investopedia.com/terms/l/long-tail.asp	chromecache_507.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/wp-content/plugins/branda-white-labeling/inc/modules/front-end/assets	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/meet-our-sales-team/	chromecache_614.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/#6175971	chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	false	URL Reputation: safe	unknown
https://www.foundationsoft.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.foundationsoft.com%2F	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
http://typekit.com/eulas/000000000000000077359558	chromecache_818.2.dr, chromecache_872.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/get-more/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://www.darkreading.com/threat-intelligence/like-the-energizer-bunny-trickbot-goes-on-and-on-/d/	chromecache_605.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/software/job-costing/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/watch?v=tUhu1c8ulLE	chromecache_387.2.dr, chromecache_541.2.dr, chromecache_440.2.dr	false	Avira URL Cloud: safe	unknown
http://typekit.com/eulas/00000000000000007735954e	chromecache_818.2.dr, chromecache_872.2.dr	false	Avira URL Cloud: safe	unknown
http://typekit.com/eulas/000000000000000077359562	chromecache_818.2.dr, chromecache_872.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://typekit.com/eulas/000000000000000077359564	chromecache_818.2.dr, chromecache_872.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296f1d_BlogHeader-Rapi	chromecache_736.2.dr, chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/cssinjs/jss	chromecache_600.2.dr, chromecache_940.2.dr	false	Avira URL Cloud: safe	unknown
https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8.js	chromecache_428.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cve.org/CVERecord?id=CVE-2023-42657	chromecache_1004.2.dr, chromecache_967.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/wp-content/uploads/2021/07/2021-07_FOUNDATION-MK_HomePage-Tab2-Payrol	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%2	chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/#breadcrumb	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://px.ads.linkedin.com/collect/?pid=4456305&fmt=gif	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
http://typekit.com/eulas/00000000000000007735955e	chromecache_818.2.dr, chromecache_872.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/software/general-ledger/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://customer.api.drift.com	chromecache_633.2.dr	false	Avira URL Cloud: safe	unknown
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/20-years-of-macro-m	chromecache_507.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/Intel_by_KELA/status/1551892789499142145?ref_src=twsrc%5Etfw	chromecache_828.2.dr, chromecache_480.2.dr	false	Avira URL Cloud: safe	unknown
http://typekit.com/eulas/000000000000000077359577	chromecache_818.2.dr, chromecache_872.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/software/fixed-assets/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://huntress.io/	chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_439.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/af/98e3f6/000000000000000077359562/30/	chromecache_818.2.dr, chromecache_872.2.dr	false	Avira URL Cloud: safe	unknown
https://workmax.com/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://gist.github.com/matthewB-huntress/14ab9d309f25a05fc9305a8e7f351089	chromecache_736.2.dr, chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown
https://censys.com/cve-2023-40044/	chromecache_1004.2.dr, chromecache_967.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/support/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://cloud.google.com/contact	chromecache_878.2.dr, chromecache_713.2.dr, chromecache_435.2.dr, chromecache_451.2.dr, chromecache_938.2.dr	false	URL Reputation: safe	unknown
http://45.32.120	chromecache_608.2.dr	false	Avira URL Cloud: safe	unknown
https://platform.twitter.com/widgets.js	chromecache_828.2.dr, chromecache_480.2.dr, chromecache_1004.2.dr, chromecache_967.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/partners/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://www.virusbulletin.com/uploads/pdf/conference_slides/2017/Kapoor-VB2017-have-you-scanned-your	chromecache_605.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970fc_image%2520(3).p	chromecache_632.2.dr, chromecache_892.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/francoischalifour/medium-zoom	chromecache_607.2.dr, chromecache_742.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65dd200bc8571c720dc43767_Huntress-SlashA	chromecache_387.2.dr, chromecache_541.2.dr	false	Avira URL Cloud: safe	unknown
https://www.myhqsuite.com/software/crewhq/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/learning/dns/what-is-dns	chromecache_436.2.dr, chromecache_839.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/software/consolidated-general-ledger/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://static.hotjar.com/c/hotjar-	chromecache_749.2.dr, chromecache_810.2.dr	false	URL Reputation: safe	unknown
https://www.linkedin.com/shareArticle?mini=true&url=	chromecache_605.2.dr, chromecache_828.2.dr, chromecache_837.2.dr, chromecache_665.2.dr, chromecache_485.2.dr, chromecache_415.2.dr, chromecache_608.2.dr, chromecache_736.2.dr, chromecache_428.2.dr, chromecache_1000.2.dr, chromecache_507.2.dr, chromecache_480.2.dr, chromecache_387.2.dr, chromecache_632.2.dr, chromecache_541.2.dr, chromecache_880.2.dr, chromecache_892.2.dr, chromecache_440.2.dr, chromecache_452.2.dr, chromecache_1004.2.dr, chromecache_397.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/65d55879cb2af12170f04f97_Es0JkQJKuG-5Dji	chromecache_428.2.dr	false	Avira URL Cloud: safe	unknown
https://www.foundationsoft.com/software/mobile/	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.172.112.125	unknown	United States	3	MIT-GATEWAYSUS	false
34.197.49.91	k8s-mutiny-privatea-b7eaf9f835-63806838.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
104.18.161.117	unknown	United States	13335	CLOUDFLARENETUS	false
18.245.46.122	d3g1ftmock1oxn.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.185.100	unknown	United States	15169	GOOGLEUS	false
104.16.139.209	js.hs-scripts.com	United States	13335	CLOUDFLARENETUS	false
104.16.118.116	forms.hubspot.com	United States	13335	CLOUDFLARENETUS	false
151.101.193.140	dualstack.reddit.map.fastly.net	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
75.2.75.154	t.huntress.com	United States	16509	AMAZON-02US	false
157.240.252.13	unknown	United States	32934	FACEBOOKUS	false
18.164.52.95	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.186.78	google.com	United States	15169	GOOGLEUS	false
157.240.0.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
104.16.137.209	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.30.176	unknown	United States	13335	CLOUDFLARENETUS	false
63.35.51.142	proxy-ssl-geo.webflow.com	United States	16509	AMAZON-02US	false
18.172.112.67	dl7g9llrghqi1.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
104.16.118.43	unknown	United States	13335	CLOUDFLARENETUS	false
13.50.141.112	unknown	United States	16509	AMAZON-02US	true
18.165.122.9	unknown	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.242.108	api.hubapi.com	United States	13335	CLOUDFLARENETUS	false
18.66.147.49	rc-widget-frame.js.driftt.com	United States	3	MIT-GATEWAYSUS	false
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
104.18.139.17	unknown	United States	13335	CLOUDFLARENETUS	false
18.245.175.46	static-cdn.hotjar.com	United States	16509	AMAZON-02US	false
172.67.68.218	static.huntresscdn.com	United States	13335	CLOUDFLARENETUS	false
199.60.103.2	group27.sites.hscoscdn20.net	Canada	23181	QUICKSILVER1CA	false
44.199.117.35	ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
3.215.172.219	pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
157.240.0.6	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
37.252.172.123	unknown	European Union	29990	ASN-APPNEXUS	false
172.64.147.16	js.hs-banner.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
3.74.18.239	tags.srv.stackadapt.com	United States	16509	AMAZON-02US	false
104.18.140.17	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.26.0.173	unknown	United States	13335	CLOUDFLARENETUS	false
13.32.27.21	script.hotjar.com	United States	7018	ATT-INTERNET4US	false
140.82.121.3	github.com	United States	36459	GITHUBUS	false
140.82.121.4	unknown	United States	36459	GITHUBUS	false
52.222.153.146	unknown	United States	16509	AMAZON-02US	false
35.186.224.24	edge-web.dual-gslb.spotify.com	United States	15169	GOOGLEUS	false
150.171.27.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.16.109.254	forms.hscollectedforms.net	United States	13335	CLOUDFLARENETUS	false
142.250.181.228	unknown	United States	15169	GOOGLEUS	false
13.33.219.205	www.datadoghq-browser-agent.com	United States	16509	AMAZON-02US	false
151.101.129.140	unknown	United States	54113	FASTLYUS	false
3.94.218.138	unknown	United States	14618	AMAZON-AESUS	false
34.159.227.151	webhooks.fivetran.com	United States	2686	ATGS-MMD-ASUS	false
104.16.117.116	js.hubspot.com	United States	13335	CLOUDFLARENETUS	false
104.17.223.152	unknown	United States	13335	CLOUDFLARENETUS	false
172.66.0.227	t.co	United States	13335	CLOUDFLARENETUS	false
37.252.171.21	ib.anycast.adnxs.com	European Union	29990	ASN-APPNEXUS	false
3.233.158.24	unknown	United States	14618	AMAZON-AESUS	false
173.194.76.154	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
35.238.6.145	foundationsoft.com	United States	15169	GOOGLEUS	false
104.18.160.117	cdn.prod.website-files.com	United States	13335	CLOUDFLARENETUS	false
3.233.158.25	browser-intake-datadoghq.com	United States	14618	AMAZON-AESUS	false
207.189.124.24	forpci94.actonsoftware.com	United States	393648	ACTON-SOFTWAREUS	false
104.16.117.43	ws.zoominfo.com	United States	13335	CLOUDFLARENETUS	false
54.147.21.139	unknown	United States	14618	AMAZON-AESUS	false
108.138.181.106	unknown	United States	16509	AMAZON-02US	false
13.227.219.86	unknown	United States	16509	AMAZON-02US	false
104.18.40.240	unknown	United States	13335	CLOUDFLARENETUS	false
66.102.1.157	unknown	United States	15169	GOOGLEUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
18.245.46.48	unknown	United States	16509	AMAZON-02US	false
18.165.242.121	unknown	United States	3	MIT-GATEWAYSUS	false
104.17.128.172	js.hsadspixel.net	United States	13335	CLOUDFLARENETUS	false
142.250.186.34	td.doubleclick.net	United States	15169	GOOGLEUS	false
162.159.140.229	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.80.204	perf-na1.hsforms.com	United States	13335	CLOUDFLARENETUS	false
76.76.21.142	unknown	United States	16509	AMAZON-02US	false
34.232.185.209	api-w-ssh-1606603881.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
52.4.97.148	q.quora.com	United States	14618	AMAZON-AESUS	false
52.17.245.154	pacman-content-live.live.eks.hotjar.com	United States	16509	AMAZON-02US	false
104.244.42.131	unknown	United States	13414	TWITTERUS	false
104.17.175.201	js.hs-analytics.net	United States	13335	CLOUDFLARENETUS	false
185.199.108.154	github.githubassets.com	Netherlands	54113	FASTLYUS	false
34.117.162.98	pixel.byspotify.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
199.232.188.157	platform.twitter.map.fastly.net	United States	54113	FASTLYUS	false
104.18.31.176	tracking.g2crowd.com	United States	13335	CLOUDFLARENETUS	false
104.18.141.17	js.hsleadflows.net	United States	13335	CLOUDFLARENETUS	false
104.19.175.188	forms.hsforms.com	United States	13335	CLOUDFLARENETUS	false
104.16.110.254	unknown	United States	13335	CLOUDFLARENETUS	false
52.51.32.149	wsky-live.live.eks.hotjar.com	United States	16509	AMAZON-02US	false
104.18.37.212	js.zi-scripts.com	United States	13335	CLOUDFLARENETUS	false
3.235.70.168	unknown	United States	14618	AMAZON-AESUS	false
34.111.208.231	ibc-flow.techtarget.com	United States	15169	GOOGLEUS	false
150.171.28.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.237.219.119	unknown	United States	14618	AMAZON-AESUS	false
52.222.232.47	d3e54v103j8qbb.cloudfront.net	United States	16509	AMAZON-02US	false
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
76.76.21.123	cname.vercel-dns.com	United States	16509	AMAZON-02US	false
104.16.108.254	js.hscollectedforms.net	United States	13335	CLOUDFLARENETUS	false
34.193.113.164	afe79c04fd8464db69f453355c110684-6aa967fe209738b1.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
18.159.33.125	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1514467
Start date and time:	2024-09-20 14:28:01 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.expl.evad.win@23/986@320/100
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.foundationsoft.com/ Browse: https://www.huntress.com/blog-categories/response-to-incidents

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 172.217.18.110, 64.233.184.84, 34.104.35.123, 151.101.1.91, 151.101.193.91, 151.101.129.91, 151.101.65.91, 104.18.187.31, 104.18.186.31, 142.250.185.99, 142.250.186.104, 142.250.184.202, 172.217.23.106, 142.250.185.202, 142.250.185.106, 142.250.185.74, 142.250.186.170, 142.250.185.138, 142.250.185.234, 142.250.184.234, 216.58.206.74, 216.58.206.42, 142.250.186.138, 216.58.212.138, 142.250.185.170, 142.250.181.234, 142.250.186.42, 2.19.126.135, 2.19.126.143, 162.159.152.17, 162.159.153.247, 95.101.111.156, 95.101.111.184, 172.217.18.3, 104.18.19.71, 104.18.18.71, 13.107.42.14, 4.175.87.197, 142.250.185.72, 216.58.206.67, 199.232.210.172, 142.250.181.227, 172.64.146.215, 104.18.41.41, 192.229.221.95, 13.95.31.18, 13.85.23.206, 52.165.165.26, 142.250.185.168, 2.19.126.206, 2.19.126.198, 142.250.185.110, 172.217.16.202, 172.217.18.10, 172.217.16.138, 142.250.186.106, 51.11.20.152, 2.19.126.219, 2.19.126.211, 95.101.111.187, 172.217.18.14
Excluded domains from analysis (whitelisted): trk.techtarget.com.cdn.cloudflare.net, slscr.update.microsoft.com, clientservices.googleapis.com, a1874.dscg1.akamai.net, l-0005.l-msedge.net, clients2.google.com, ocsp.digicert.com, use-stls.adobe.com.edgesuite.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, www.google-analytics.com, fonts.googleapis.com, v3-eu-appgwv2.uksouth.cloudapp.azure.com, fs.microsoft.com, content-autofill.googleapis.com, ajax.googleapis.com, ghochv3eng.trafficmanager.net, j2.6sc.co.edgekey.net, od.linkedin.edgesuite.net, p.typekit.net-stls-v3.edgesuite.net, www.linkedin.com.cdn.cloudflare.net, edgedl.me.gvt1.com, clients.l.google.com, a1916.dscg2.akamai.net, n.sni.global.fastly.net, cdn.jsdelivr.net.cdn.cloudflare.net, a.quora.com.cdn.cloudflare.net, ipv6-2.6sc.co.edgekey.net, www.googletagmanager.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bat.bing.com, sls.update.microsoft.com, e212585.b.akamaiedge.net, glb.sls.prod.dcat.dsp.trafficm
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (34640)
Category:	dropped
Size (bytes):	144987
Entropy (8bit):	5.286580833833053
Encrypted:	false
SSDEEP:	1536:g4X0FUM6Q14lRWUsH27N6cEDjNwpqw/Ili9EVZvqayHi0oill3zLegbyb:gdG44l/N6cEDGAliiVzill3zjbyb
MD5:	7D93CF26BF8B635BF9F04370FDB618AB
SHA1:	36376820F171C33C9BBB4F6D7D42FEA3D68A24D6
SHA-256:	228A2F1F5CF1493F958E473B3311FBF8614C908FB349A85C487A3EA6E9C01492
SHA-512:	4BB2764DE371E992F15D01808707B5653EC484371F096CCCD070900C94541DC54C4FA4F02BBCE8181729AB4B78F5C9605E61FEBA68FCF2D95C26B391BFB601F6
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html> Last Published: Thu Sep 19 2024 22:43:52 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="www.huntress.com" data-wf-page="65f3299e49a461b4b9c729ba" data-wf-site="6579dd0b5f9a54376d296915" lang="en" data-wf-collection="65f3299e49a461b4b9c728ba" data-wf-item-slug="investigating-unauthorized-access-huntress-qa-environment-incident"><head><meta charset="utf-8"/><title>Investigating Unauthorized Access: Huntress QA Environment Incident \| Huntress</title><meta content="Learn about our investigation regarding unauthorized access to our QA and product testing environment." name="description"/><meta content="Investigating Unauthorized Access: Huntress QA Environment Incident \| Huntress" property="og:title"/><meta content="Learn about our investigation regarding unauthorized access to our QA and product testing environment." property="og:description"/><meta content="https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d296fef_BlogHeader-R

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:02 UTC	1162	OUT	GET /e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04 HTTP/1.1 Host: www.cyderes.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:02 UTC	1119	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:02 GMT Content-Type: text/html;charset=utf-8 Transfer-Encoding: chunked Connection: close CF-Ray: 8c61d1983fe38c0b-EWR CF-Cache-Status: MISS Last-Modified: Fri, 20 Sep 2024 12:29:02 GMT Strict-Transport-Security: max-age=31536000 Vary: origin, Accept-Encoding access-control-allow-credentials: false referrer-policy: no-referrer x-content-type-options: nosniff x-envoy-upstream-service-time: 7 x-evy-trace-listener: listener_https x-evy-trace-route-configuration: listener_https/all x-evy-trace-route-service-name: envoyset-translator x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-56c5b945dc-6hxld x-evy-trace-virtual-host: all x-hubspot-correlation-id: a334209f-d740-492c-ad58-912acfa3d6e8 x-request-id: a334209f-d740-492c-ad58-912acfa3d6e8 x-robots-tag: none Set-Cookie: __cf_bm=KkZwfeAeRB9T3Ybkgxb1ljk89rKhWegExK7sV_biT_0-1726835342-1.0.1.1-ihP7Soyii0PDzt6vpGoSYPfB0PMbdsMPRtae1IWyYeWBRU_sHMhGQIMDu1.2XR6Lhv0v9.S2ib6GUzgGRjIQow; path=/; expires=Fri, 20-Sep-24 12:59:02 GMT; domain=.www.cyderes.com; HttpOnly; Secure; SameSite=None
2024-09-20 12:29:02 UTC	498	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 54 25 32 42 25 32 46 6a 64 41 74 49 32 35 41 5a 4d 30 4d 56 36 67 44 6b 25 32 42 62 34 4e 78 52 4f 44 6c 6e 63 52 35 74 47 4b 71 36 69 79 62 36 72 35 6f 71 63 77 41 36 37 47 76 33 67 32 6a 65 4e 37 76 4f 25 32 46 77 44 31 25 32 46 42 55 56 4d 49 7a 37 32 4b 56 73 4a 61 42 66 6f 36 63 58 6e 70 35 49 48 74 77 37 46 36 4d 6d 58 69 52 79 4d 7a 33 61 25 32 46 68 4e 77 6d 65 33 69 79 57 34 6c 42 79 70 78 68 44 31 38 71 37 68 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2B%2FjdAtI25AZM0MV6gDk%2Bb4NxRODlncR5tGKq6iyb6r5oqcwA67Gv3g2jeN7vO%2FwD1%2FBUVMIz72KVsJaBfo6cXnp5IHtw7F6MmXiRyMz3a%2FhNwme3iyW4lBypxhD18q7hg%3D%3D"}],"group":"cf-nel","max_age
2024-09-20 12:29:02 UTC	1369	IN	Data Raw: 31 66 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 0a 66 75 6e 63 74 69 6f 6e 20 62 69 74 5f 73 65 74 28 6e 75 6d 2c 20 62 69 74 29 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 6e 75 6d 20 7c 20 31 20 3c 3c 20 62 69 74 3b 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 69 73 57 65 62 44 72 69 76 65 72 28 29 20 7b 0a 20 20 74 72 79 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6e 61 76 69 67 61 74 6f 72 2e 77 65 62 64 72 69 76 65 72 20 21 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 20 26 26 20 6e 61 76 69 67 61 74 6f 72 Data Ascii: 1fe7<!DOCTYPE html><html lang="en"><head> <meta name="referrer" content="never"> <script>function bit_set(num, bit){ return num \| 1 << bit;}function isWebDriver() { try { return typeof navigator.webdriver != "undefined" && navigator
2024-09-20 12:29:02 UTC	1369	IN	Data Raw: 20 69 73 42 69 67 45 6e 64 69 61 6e 28 29 20 7b 0a 20 20 74 72 79 20 7b 0a 20 20 20 20 76 61 72 20 62 75 66 20 3d 20 6e 65 77 20 41 72 72 61 79 42 75 66 66 65 72 28 34 29 3b 0a 20 20 20 20 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 62 75 66 29 5b 30 5d 20 3d 20 30 78 61 61 30 30 30 30 30 30 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 62 75 66 29 5b 30 5d 20 3d 3d 3d 20 30 78 61 61 3b 0a 20 20 7d 20 63 61 74 63 68 28 65 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 67 65 74 42 6f 6f 6c 65 61 6e 41 74 74 72 69 62 75 74 65 73 28 29 20 7b 0a 20 20 76 61 72 20 66 6c 61 67 73 20 3d 20 30 3b 0a 20 20 69 66 20 28 69 73 57 65 62 44 72 69 76 65 72 28 29 Data Ascii: isBigEndian() { try { var buf = new ArrayBuffer(4); new Uint32Array(buf)[0] = 0xaa000000; return new Uint8Array(buf)[0] === 0xaa; } catch(e) { return false; }}function getBooleanAttributes() { var flags = 0; if (isWebDriver()
2024-09-20 12:29:02 UTC	1369	IN	Data Raw: 20 20 72 65 74 75 72 6e 20 5b 5d 3b 0a 20 20 7d 0a 7d 0a 0a 76 61 72 20 50 52 45 5f 4a 53 20 3d 20 22 2d 32 22 3b 0a 76 61 72 20 45 52 52 5f 4a 53 20 3d 20 22 2d 31 22 3b 0a 76 61 72 20 4e 4f 5f 4a 53 20 3d 20 22 30 22 3b 0a 76 61 72 20 53 55 43 43 45 53 53 5f 4a 53 20 3d 20 22 31 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 67 65 74 54 61 72 67 65 74 55 52 4c 57 69 74 68 53 74 61 74 65 28 73 74 61 74 65 29 20 7b 0a 20 20 2f 2f 20 64 65 66 61 75 6c 74 20 50 52 45 5f 4a 53 0a 20 20 76 61 72 20 74 61 72 67 65 74 55 52 4c 20 3d 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 79 64 65 72 65 73 2e 63 6f 6d 2f 65 76 65 6e 74 73 2f 70 75 62 6c 69 63 2f 76 31 2f 65 6e 63 6f 64 65 64 2f 74 72 61 63 6b 2f 74 63 2f 4f 4e 2b 31 31 33 2f 63 70 57 62 74 30 34 2f 56 58 34 47 4c Data Ascii: return []; }}var PRE_JS = "-2";var ERR_JS = "-1";var NO_JS = "0";var SUCCESS_JS = "1";function getTargetURLWithState(state) { // default PRE_JS var targetURL = "https://www.cyderes.com/events/public/v1/encoded/track/tc/ON+113/cpWbt04/VX4GL
2024-09-20 12:29:02 UTC	1369	IN	Data Raw: 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 38 37 35 72 65 6d 3b 0a 63 6f 6c 6f 72 3a 20 23 33 33 34 37 35 62 3b 0a 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 72 65 6d 3b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 30 70 78 3b 20 7d 0a 68 34 20 7b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 Data Ascii: Arial, sans-serif;font-weight: 400;font-size: 14px;font-size: 0.875rem;color: #33475b;line-height: 1.5rem;margin-top: 50px; }h4 {font-family: Helvetica, Arial, sans-serif;font-weight: 700;-webkit-font-smoothing: antialiased;-moz-osx-font-smoot
2024-09-20 12:29:02 UTC	1369	IN	Data Raw: 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 31 70 78 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 74 72 61 6e 73 69 74 69 6f 6e 3a 20 61 6c 6c 20 31 35 30 6d 73 20 65 61 73 65 2d 6f 75 74 3b 0a 63 6f 6c 6f 72 3a 20 23 30 30 39 31 61 65 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 20 7d 0a Data Ascii: ans-serif;font-weight: 500;-webkit-font-smoothing: antialiased;-moz-osx-font-smoothing: grayscale;font-smoothing: antialiased;text-shadow: 0 0 1px transparent;transition: all 150ms ease-out;color: #0091ae;text-decoration: none;cursor: pointer; }
2024-09-20 12:29:02 UTC	1330	IN	Data Raw: 36 73 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 37 35 65 6d 7d 2e 75 69 4c 6f 61 64 69 6e 67 44 6f 74 2e 64 6f 74 2d 33 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 2e 33 33 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 2e 33 33 73 7d 2e 75 69 4c 6f 61 64 69 6e 67 44 6f 74 2e 6c 6f 61 64 69 6e 67 2d 62 6c 75 65 7b 63 6f 6c 6f 72 3a 23 30 30 61 34 62 64 7d 2e 75 69 4c 6f 61 64 69 6e 67 44 6f 74 2e 6c 6f 61 64 69 6e 67 2d 6f 72 61 6e 67 65 7b 63 6f 6c 6f 72 3a 23 65 36 36 65 35 30 7d 0a 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 73 2d 2d 6d 6f 64 75 6c 65 20 68 61 73 2d 2d 76 65 72 74 69 63 61 6c 2d 73 70 61 63 69 6e 67 22 20 73 74 79 6c 65 Data Ascii: 6s;margin-right:.75em}.uiLoadingDot.dot-3{-webkit-animation-delay:-.33s;animation-delay:-.33s}.uiLoadingDot.loading-blue{color:#00a4bd}.uiLoadingDot.loading-orange{color:#e66e50}</style></head><body><div class="is--module has--vertical-spacing" style
2024-09-20 12:29:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:02 UTC	1509	OUT	GET /events/public/v1/encoded/track/tc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04?_ud=28cdcd9f-4952-4113-9730-b18c8709f120&_jss=1&_fl=8&_pl=5&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1280,1024 HTTP/1.1 Host: www.cyderes.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=KkZwfeAeRB9T3Ybkgxb1ljk89rKhWegExK7sV_biT_0-1726835342-1.0.1.1-ihP7Soyii0PDzt6vpGoSYPfB0PMbdsMPRtae1IWyYeWBRU_sHMhGQIMDu1.2XR6Lhv0v9.S2ib6GUzgGRjIQow; __cfruid=1e21363c4ffbf205a55d4495409a89a07e4b73c5-1726835342
2024-09-20 12:29:02 UTC	1359	IN	HTTP/1.1 307 Temporary Redirect Date: Fri, 20 Sep 2024 12:29:02 GMT Transfer-Encoding: chunked Connection: close Location: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email CF-Ray: 8c61d1998ea08c81-EWR CF-Cache-Status: MISS Link: <https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email>; rel="canonical" Strict-Transport-Security: max-age=31536000 Vary: origin, Accept-Encoding access-control-allow-credentials: false referrer-policy: no-referrer x-content-type-options: nosniff x-envoy-upstream-service-time: 29 x-evy-trace-listener: listener_https x-evy-trace-route-configuration: listener_https/all x-evy-trace-route-service-name: envoyset-translator x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-56c5b945dc-btq85
2024-09-20 12:29:02 UTC	517	IN	Data Raw: 78 2d 65 76 79 2d 74 72 61 63 65 2d 76 69 72 74 75 61 6c 2d 68 6f 73 74 3a 20 61 6c 6c 0d 0a 78 2d 68 75 62 73 70 6f 74 2d 63 6f 72 72 65 6c 61 74 69 6f 6e 2d 69 64 3a 20 32 38 61 64 31 62 39 65 2d 31 61 61 63 2d 34 31 33 66 2d 39 37 31 34 2d 33 64 35 64 66 38 65 33 66 64 66 66 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 32 38 61 64 31 62 39 65 2d 31 61 61 63 2d 34 31 33 66 2d 39 37 31 34 2d 33 64 35 64 66 38 65 33 66 64 66 66 0d 0a 78 2d 72 6f 62 6f 74 73 2d 74 61 67 3a 20 6e 6f 6e 65 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 4a 61 32 54 46 46 61 77 34 6f Data Ascii: x-evy-trace-virtual-host: allx-hubspot-correlation-id: 28ad1b9e-1aac-413f-9714-3d5df8e3fdffx-request-id: 28ad1b9e-1aac-413f-9714-3d5df8e3fdffx-robots-tag: noneReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ja2TFFaw4o
2024-09-20 12:29:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:03 UTC	975	OUT	GET /blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software?utm_campaign=CYDERES%20EMDR%20Intelligence%20Digest&utm_medium=email&_hsenc=p2ANqtz--fMDgREU9ml-hUt10atczAQ_smi1REpVwMy30bvENGq5guDPGPq7gfYUqjq9A4eUxZ__7AblzbXkpTvvpaVU7yfpb4iT8dJYCZbLNk_mnnTe6Yw_I&_hsmi=325473246&utm_content=325473246&utm_source=hs_email HTTP/1.1 Host: www.huntress.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:05 UTC	569	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:05 GMT Content-Type: text/html Content-Length: 139224 Connection: close content-security-policy: frame-ancestors 'self' https://hub.huntress.com https://huntress-new.webflow.io https://huntress.seismic.com; x-lambda-id: 09758285-3bcb-435e-b616-2312921645f5 Accept-Ranges: bytes Age: 0 X-Served-By: cache-iad-kjyo7100082-IAD, cache-dub4338-DUB X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1726835344.542178,VS0,VE2133 Vary: Accept-Encoding,x-wf-forwarded-proto X-Cluster-Name: eu-west-1-prod-hosting-red
2024-09-20 12:29:05 UTC	15815	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 4c 61 73 74 20 50 75 62 6c 69 73 68 65 64 3a 20 54 68 75 20 53 65 70 20 31 39 20 32 30 32 34 20 32 32 3a 34 33 3a 35 32 20 47 4d 54 2b 30 30 30 30 20 28 43 6f 6f 72 64 69 6e 61 74 65 64 20 55 6e 69 76 65 72 73 61 6c 20 54 69 6d 65 29 20 2d 2d 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 77 66 2d 64 6f 6d 61 69 6e 3d 22 77 77 77 2e 68 75 6e 74 72 65 73 73 2e 63 6f 6d 22 20 64 61 74 61 2d 77 66 2d 70 61 67 65 3d 22 36 35 66 33 32 39 39 65 34 39 61 34 36 31 62 34 62 39 63 37 32 39 62 61 22 20 64 61 74 61 2d 77 66 2d 73 69 74 65 3d 22 36 35 37 39 64 64 30 62 35 66 39 61 35 34 33 37 36 64 32 39 36 39 31 35 22 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 77 66 2d 63 6f 6c 6c 65 63 74 69 6f 6e 3d 22 36 35 66 Data Ascii: <!DOCTYPE html>... Last Published: Thu Sep 19 2024 22:43:52 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="www.huntress.com" data-wf-page="65f3299e49a461b4b9c729ba" data-wf-site="6579dd0b5f9a54376d296915" lang="en" data-wf-collection="65f
2024-09-20 12:29:05 UTC	16384	IN	Data Raw: 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 43 6f 75 72 69 65 72 20 4e 65 77 27 2c 43 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 32 41 42 32 36 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 72 65 6d 3b 0a 7d 0a 2e 67 72 61 64 69 65 6e 74 2d 62 6c 75 65 2d 67 72 65 65 6e 2d 32 2e 74 65 73 74 69 6d 6f 6e 69 61 6c 2d 67 72 61 64 69 65 6e 74 2d 62 6c 75 65 2d 67 72 65 65 6e 2c 2e 70 6f 70 2d 75 70 2d 73 6c 69 64 65 2e 73 77 69 70 65 72 2d 73 6c 69 64 65 2d 61 63 74 69 76 65 2c 2e 70 6f 70 2d 75 70 2d 73 6c 69 64 65 2e 73 77 69 70 65 72 2d 73 6c 69 64 65 2d 64 75 70 6c 69 63 61 74 65 2d 61 63 74 69 76 65 7b 0a 20 20 20 20 68 65 69 67 68 74 3a 31 Data Ascii: font-family:'Courier New',Courier,monospace; color: #F2AB26; font-weight:700; font-size: 1rem;}.gradient-blue-green-2.testimonial-gradient-blue-green,.pop-up-slide.swiper-slide-active,.pop-up-slide.swiper-slide-duplicate-active{ height:1
2024-09-20 12:29:05 UTC	16384	IN	Data Raw: 76 69 67 61 74 69 6f 6e 2d 77 72 61 70 70 65 72 2d 74 6f 70 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 75 6e 74 72 65 73 73 2e 69 6f 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 63 6c 61 73 73 3d 22 74 6f 70 2d 62 61 72 2d 6c 69 6e 6b 73 22 3e 50 61 72 74 6e 65 72 20 4c 6f 67 69 6e 3c 2f 61 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 2d 63 6f 6e 74 61 69 6e 65 72 20 6e 61 76 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 70 61 6e 20 73 65 61 72 63 68 22 3e 53 65 61 72 63 68 3c 2f 73 70 61 6e 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 22 20 64 61 74 61 2d 77 2d 69 64 3d 22 37 63 37 61 39 62 63 31 2d 62 30 32 33 2d 61 31 39 35 2d 64 39 37 33 2d 36 62 65 35 30 31 36 38 35 66 61 35 22 20 63 6c Data Ascii: vigation-wrapper-top"><a href="https://huntress.io/" target="_blank" class="top-bar-links">Partner Login</a><div class="search-container nav"><span class="span search">Search</span><form action="/search" data-w-id="7c7a9bc1-b023-a195-d973-6be501685fa5" cl
2024-09-20 12:29:05 UTC	16384	IN	Data Raw: 62 6d 65 6e 75 2d 74 65 78 74 2d 62 6c 6f 63 6b 20 66 69 72 73 74 22 3e 57 68 6f 20 57 65 20 53 65 72 76 65 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 6d 65 6e 75 2d 69 74 65 6d 2d 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 68 79 2d 68 75 6e 74 72 65 73 73 2f 6d 61 6e 61 67 65 64 2d 73 65 72 76 69 63 65 2d 70 72 6f 76 69 64 65 72 73 22 20 63 6c 61 73 73 3d 22 73 75 62 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 20 73 69 6e 67 6c 65 2d 72 6f 77 20 77 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 2d 69 63 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 69 6d 67 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 70 72 6f 64 2e 77 65 62 73 69 Data Ascii: bmenu-text-block first">Who We Serve</div><div class="sub-menu-item-main"><a href="/why-huntress/managed-service-providers" class="sub-menu-item-2 single-row w-inline-block"><div class="submenu-icon-wrapper"><img loading="lazy" src="https://cdn.prod.websi
2024-09-20 12:29:05 UTC	16384	IN	Data Raw: 2e 70 72 6f 64 2e 77 65 62 73 69 74 65 2d 66 69 6c 65 73 2e 63 6f 6d 2f 36 35 37 39 64 64 30 62 35 66 39 61 35 34 33 37 36 64 32 39 36 39 31 35 2f 36 35 37 39 64 64 30 62 35 66 39 61 35 34 33 37 36 64 32 39 36 39 38 66 5f 53 65 63 6f 6e 64 61 72 79 25 32 30 54 65 78 74 25 32 30 43 54 41 25 32 30 42 6c 61 63 6b 2e 73 76 67 22 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 61 6c 74 3d 22 72 69 67 68 74 20 61 72 72 6f 77 22 20 63 6c 61 73 73 3d 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 69 63 6f 6e 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 6c 69 73 74 2d 69 74 65 6d 2d 77 72 61 70 70 65 72 22 3e 3c 64 69 76 20 64 61 Data Ascii: .prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29698f_Secondary%20Text%20CTA%20Black.svg" loading="lazy" alt="right arrow" class="secondary-button-icon"/></a></div></div></div></div></div></li><li class="menu-list-item-wrapper"><div da
2024-09-20 12:29:05 UTC	16384	IN	Data Raw: 63 74 69 76 69 74 79 20 61 6e 64 20 61 63 63 65 73 73 20 62 79 20 61 20 6d 6f 62 69 6c 65 20 61 70 70 2e 3c 2f 70 3e 3c 70 3e 46 6f 72 20 74 68 61 74 20 72 65 61 73 6f 6e 2c 20 74 68 65 20 54 43 50 20 70 6f 72 74 20 34 32 34 33 20 6d 61 79 20 62 65 20 65 78 70 6f 73 65 64 20 70 75 62 6c 69 63 6c 79 20 66 6f 72 20 75 73 65 20 62 79 20 74 68 65 20 6d 6f 62 69 6c 65 20 61 70 70 2e 20 54 68 69 73 20 34 32 34 33 20 70 6f 72 74 20 6f 66 66 65 72 73 20 64 69 72 65 63 74 20 61 63 63 65 73 73 20 74 6f 20 4d 53 53 51 4c 2e c2 a0 3c 2f 70 3e 3c 70 3e 4d 69 63 72 6f 73 6f 66 74 20 53 51 4c 20 53 65 72 76 65 72 20 69 6e 63 6c 75 64 65 73 20 61 20 64 65 66 61 75 6c 74 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 63 63 6f 75 6e 74 20 6e 61 6d 65 Data Ascii: ctivity and access by a mobile app.</p><p>For that reason, the TCP port 4243 may be exposed publicly for use by the mobile app. This 4243 port offers direct access to MSSQL.</p><p>Microsoft SQL Server includes a default system administrator account name
2024-09-20 12:29:06 UTC	16384	IN	Data Raw: 22 3e 3c 61 20 68 72 65 66 3d 22 2f 62 6c 6f 67 2f 73 6c 61 73 68 61 6e 64 67 72 61 62 2d 74 68 65 2d 63 6f 6e 6e 65 63 74 77 69 73 65 2d 73 63 72 65 65 6e 63 6f 6e 6e 65 63 74 2d 76 75 6c 6e 65 72 61 62 69 6c 69 74 79 2d 65 78 70 6c 61 69 6e 65 64 22 20 63 6c 61 73 73 3d 22 62 72 31 30 20 62 6c 6f 67 2d 6c 69 73 74 69 6e 67 2d 62 6f 78 20 77 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 6c 61 74 65 64 2d 72 65 73 6f 75 72 63 65 73 2d 74 68 75 6d 62 6e 61 69 6c 2d 77 72 61 70 70 65 72 22 3e 3c 69 6d 67 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 70 72 6f 64 2e 77 65 62 73 69 74 65 2d 66 69 6c 65 73 2e 63 6f 6d 2f 36 35 37 39 64 64 30 62 35 66 39 61 35 34 33 37 Data Ascii: "><a href="/blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained" class="br10 blog-listing-box w-inline-block"><div class="related-resources-thumbnail-wrapper"><img loading="lazy" src="https://cdn.prod.website-files.com/6579dd0b5f9a5437
2024-09-20 12:29:06 UTC	16384	IN	Data Raw: 61 36 2d 65 30 34 62 33 30 35 39 35 33 39 61 2d 33 30 35 39 35 33 34 66 22 20 63 6c 61 73 73 3d 22 66 63 67 2d 63 6f 6c 20 6d 64 2d 6f 72 64 65 72 2d 33 22 3e 3c 61 20 69 64 3d 22 66 72 65 65 5f 74 72 69 61 6c 5f 66 6f 6f 74 65 72 5f 62 75 74 74 6f 6e 22 20 68 72 65 66 3d 22 2f 73 74 61 72 74 2d 74 72 69 61 6c 22 20 63 6c 61 73 73 3d 22 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 66 6f 6f 74 65 72 2d 63 74 61 20 77 2d 62 75 74 74 6f 6e 22 3e 46 72 65 65 20 54 72 69 61 6c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 66 6f 6f 74 65 72 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 33 65 35 34 76 31 30 33 6a 38 71 62 62 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 6a 73 2f 6a 71 75 65 72 Data Ascii: a6-e04b3059539a-3059534f" class="fcg-col md-order-3"><a id="free_trial_footer_button" href="/start-trial" class="primary-button footer-cta w-button">Free Trial</a></div></div></div></footer></div><script src="https://d3e54v103j8qbb.cloudfront.net/js/jquer
2024-09-20 12:29:06 UTC	8721	IN	Data Raw: 20 20 64 6f 74 73 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 72 65 73 70 6f 6e 73 69 76 65 3a 20 5b 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 70 6f 69 6e 74 3a 20 37 36 38 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 65 74 74 69 6e 67 73 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 65 6e 74 65 72 4d 6f 64 65 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 66 69 6e 69 74 65 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 65 6e 74 65 72 50 61 64 64 69 6e 67 3a 20 27 30 70 78 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 6c 69 64 65 73 54 6f 53 68 6f 77 3a 20 31 2c 0a 20 20 20 20 Data Ascii: dots: true, responsive: [{ breakpoint: 768, settings: { centerMode: true, infinite: true, centerPadding: '0px', slidesToShow: 1,

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:05 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-20 12:29:05 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=101840 Date: Fri, 20 Sep 2024 12:29:05 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-20 12:29:06 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=101843 Date: Fri, 20 Sep 2024 12:29:06 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-20 12:29:06 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	574	OUT	GET /npm/slick-carousel@1.8.1/slick/slick.min.css HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:06 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1668 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: text/css; charset=utf-8 X-JSD-Version: 1.8.1 X-JSD-Version-Type: version ETag: W/"684-GF2HLIFihozHz5lQusuuoPZJs88" Accept-Ranges: bytes Age: 2727489 Date: Fri, 20 Sep 2024 12:29:06 GMT X-Served-By: cache-fra-eddf8230064-FRA, cache-nyc-kteb1890061-NYC X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-20 12:29:06 UTC	1378	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 4d 69 6e 69 66 69 65 64 20 62 79 20 6a 73 44 65 6c 69 76 72 20 75 73 69 6e 67 20 63 6c 65 61 6e 2d 63 73 73 20 76 34 2e 32 2e 30 2e 0a 20 2a 20 4f 72 69 67 69 6e 61 6c 20 66 69 6c 65 3a 20 2f 6e 70 6d 2f 73 6c 69 63 6b 2d 63 61 72 6f 75 73 65 6c 40 31 2e 38 2e 31 2f 73 6c 69 63 6b 2f 73 6c 69 63 6b 2e 63 73 73 0a 20 2a 20 0a 20 2a 20 44 6f 20 4e 4f 54 20 75 73 65 20 53 52 49 20 77 69 74 68 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 66 69 6c 65 73 21 20 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 73 64 65 6c 69 76 72 2e 63 6f 6d 2f 75 73 69 6e 67 2d 73 72 69 2d 77 69 74 68 2d 64 79 6e 61 6d 69 63 2d 66 69 6c 65 73 0a 20 2a 2f 0a 2e 73 6c 69 63 6b 2d 73 6c 69 64 Data Ascii: /** * Minified by jsDelivr using clean-css v4.2.0. * Original file: /npm/slick-carousel@1.8.1/slick/slick.css * * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files */.slick-slid
2024-09-20 12:29:06 UTC	290	IN	Data Raw: 69 63 6b 2d 73 6c 69 64 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 73 6c 69 63 6b 2d 6c 6f 61 64 69 6e 67 20 2e 73 6c 69 63 6b 2d 73 6c 69 64 65 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 73 6c 69 63 6b 2d 76 65 72 74 69 63 61 6c 20 2e 73 6c 69 63 6b 2d 73 6c 69 64 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 73 6c 69 63 6b 2d 61 72 72 6f 77 2e 73 6c 69 63 6b 2d 68 69 64 64 65 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 0a 2f 2a 23 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 2f 73 6d 2f 66 62 33 65 64 33 35 31 63 64 35 63 30 66 31 66 33 30 66 38 38 37 37 38 65 65 31 66 39 62 30 35 36 35 39 38 Data Ascii: ick-slide{display:block}.slick-loading .slick-slide{visibility:hidden}.slick-vertical .slick-slide{display:block;height:auto;border:1px solid transparent}.slick-arrow.slick-hidden{display:none}/*# sourceMappingURL=/sm/fb3ed351cd5c0f1f30f88778ee1f9b056598

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	599	OUT	GET /6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.css HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:06 UTC	601	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:06 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close x-amz-id-2: LqrvDwUOtJebbRSV2cuYsKx02Hxo6q01wYaPCLkkn1ypz8EBmhCXA6Rm1IL6xJrMJIeyZClJ4Lc= x-amz-request-id: EV2D0BAN3DVXX2XK Last-Modified: Thu, 19 Sep 2024 21:56:23 GMT ETag: W/"bc8e766e9296e87ebf87a05822bd7c61" x-amz-server-side-encryption: AES256 Cache-Control: public, max-age=31536000, immutable x-amz-version-id: i949XUYUicuX4A9gaRcOGpXb2SkOt3wZ CF-Cache-Status: HIT Age: 49761 Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1b45ab57d1e-EWR
2024-09-20 12:29:06 UTC	768	IN	Data Raw: 37 64 34 35 0d 0a 68 74 6d 6c 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 61 69 6e 2c 6d 65 6e 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 70 72 6f 67 72 65 73 73 2c 76 69 64 65 6f 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 Data Ascii: 7d45html{-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;font-family:sans-serif}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{vertical-align:bas
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 65 7b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 63 6f 64 65 2c 6b 62 64 2c 70 72 65 2c 73 61 6d 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 69 6e 70 75 74 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 72 65 73 65 74 5d 7b 2d 77 65 62 Data Ascii: e{overflow:auto}code,kbd,pre,samp{font-family:monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset]{-web
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 67 41 41 41 41 41 41 41 44 41 41 41 41 41 77 41 41 41 42 77 41 41 51 41 44 41 41 41 41 48 41 41 44 41 41 45 41 41 41 41 63 41 41 51 41 51 41 41 41 41 41 77 41 43 41 41 43 41 41 51 41 41 51 41 67 35 67 50 70 41 2f 2f 39 2f 2f 38 41 41 41 41 41 41 43 44 6d 41 4f 6b 41 2f 2f 33 2f 2f 77 41 42 2f 2b 4d 61 42 42 63 49 41 41 4d 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 41 41 48 2f 2f 77 41 50 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 43 41 41 41 33 4f 51 45 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 49 41 41 44 63 35 41 51 41 41 41 41 41 42 41 41 41 41 41 41 41 41 41 41 41 41 41 67 41 41 4e 7a 6b 42 41 41 41 41 41 41 45 42 49 41 41 41 41 79 41 44 67 41 41 46 41 41 41 4a 41 51 63 4a 41 Data Ascii: AAAAAAAAAAAAAgAAAAAAADAAAAAwAAABwAAQADAAAAHAADAAEAAAAcAAQAQAAAAAwACAACAAQAAQAg5gPpA//9//8AAAAAACDmAOkA//3//wAB/+MaBBcIAAMAAQAAAAAAAAAAAAAAAAABAAH//wAPAAEAAAAAAAAAAAACAAA3OQEAAAAAAQAAAAAAAAAAAAIAADc5AQAAAAABAAAAAAAAAAAAAgAANzkBAAAAAAEBIAAAAyADgAAFAAAJAQcJA
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 41 77 41 51 41 41 4a 30 45 41 50 2f 39 42 41 41 41 41 41 51 41 41 41 41 46 74 77 41 41 41 41 41 41 41 41 41 4b 41 42 51 41 48 67 41 79 41 45 59 41 6a 41 43 69 41 4c 34 42 46 67 45 32 41 59 34 41 41 41 41 42 41 41 41 41 44 41 41 38 41 41 4d 41 41 41 41 41 41 41 49 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 44 67 43 75 41 41 45 41 41 41 41 41 41 41 45 41 44 51 41 41 41 41 45 41 41 41 41 41 41 41 49 41 42 77 43 57 41 41 45 41 41 41 41 41 41 41 4d 41 44 51 42 49 41 41 45 41 41 41 41 41 41 41 51 41 44 51 43 72 41 41 45 41 41 41 41 41 41 41 55 41 43 77 41 6e 41 41 45 41 41 41 41 41 41 41 59 41 44 51 42 76 41 41 45 41 41 41 41 41 41 41 6f 41 47 67 44 53 41 41 4d 41 41 51 51 4a 41 41 45 41 47 67 41 4e 41 41 4d 41 41 51 51 4a 41 41 Data Ascii: AwAQAAJ0EAP/9BAAAAAQAAAAFtwAAAAAAAAAKABQAHgAyAEYAjACiAL4BFgE2AY4AAAABAAAADAA8AAMAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAADgCuAAEAAAAAAAEADQAAAAEAAAAAAAIABwCWAAEAAAAAAAMADQBIAAEAAAAAAAQADQCrAAEAAAAAAAUACwAnAAEAAAAAAAYADQBvAAEAAAAAAAoAGgDSAAMAAQQJAAEAGgANAAMAAQQJAA
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 64 65 72 2d 62 6f 78 7d 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 33 33 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 7d 69 6d 67 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 68 74 6d 6c 2e 77 2d 6d 6f 64 2d 74 6f 75 63 68 20 2a 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 61 74 74 61 63 68 6d 65 6e 74 3a 73 63 72 Data Ascii: der-box}html{height:100%}body{color:#333;background-color:#fff;min-height:100%;margin:0;font-family:Arial,sans-serif;font-size:14px;line-height:20px}img{vertical-align:middle;max-width:100%;display:inline-block}html.w-mod-touch *{background-attachment:scr
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 6f 72 64 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 62 6f 72 64 65 72 3a 30 20 23 30 30 30 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 64 69 73 63 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 73 74 61 74 69 63 3b 69 6e 73 65 74 3a 61 75 Data Ascii: ord-spacing:normal;word-wrap:normal;background:0 0;border:0 #0000;border-radius:0;width:auto;min-width:0;max-width:none;height:auto;min-height:0;max-height:none;margin:0;padding:0;list-style-type:disc;transition:none;display:block;position:static;inset:au
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 7d 62 6c 6f 63 6b 71 75 6f 74 65 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 35 70 78 20 73 6f 6c 69 64 20 23 65 32 65 32 65 32 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 32 70 78 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 30 70 78 7d 66 69 67 63 61 70 74 69 6f 6e 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 30 70 78 7d 2e 77 2d Data Ascii: :0;margin-bottom:10px}blockquote{border-left:5px solid #e2e2e2;margin:0 0 10px;padding:10px 20px;font-size:18px;line-height:22px}figure{margin:0 0 10px}figcaption{text-align:center;margin-top:5px}ul,ol{margin-top:0;margin-bottom:10px;padding-left:40px}.w-
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 2d 73 65 6c 65 63 74 7b 63 75 72 73 6f 72 3a 6e 6f 74 2d 61 6c 6c 6f 77 65 64 7d 2e 77 2d 69 6e 70 75 74 5b 64 69 73 61 62 6c 65 64 5d 3a 6e 6f 74 28 2e 77 2d 69 6e 70 75 74 2d 64 69 73 61 62 6c 65 64 29 2c 2e 77 2d 73 65 6c 65 63 74 5b 64 69 73 61 62 6c 65 64 5d 3a 6e 6f 74 28 2e 77 2d 69 6e 70 75 74 2d 64 69 73 61 62 6c 65 64 29 2c 2e 77 2d 69 6e 70 75 74 5b 72 65 61 64 6f 6e 6c 79 5d 2c 2e 77 2d 73 65 6c 65 63 74 5b 72 65 61 64 6f 6e 6c 79 5d 2c 66 69 65 6c 64 73 65 74 5b 64 69 73 61 62 6c 65 64 5d 3a 6e 6f 74 28 2e 77 2d 69 6e 70 75 74 2d 64 69 73 61 62 6c 65 64 29 20 2e 77 2d 69 6e 70 75 74 2c 66 69 65 6c 64 73 65 74 5b 64 69 73 61 62 6c 65 64 5d 3a 6e 6f 74 28 2e 77 2d 69 6e 70 75 74 2d 64 69 73 61 62 6c 65 64 29 20 2e 77 2d 73 65 6c 65 63 74 7b 62 Data Ascii: -select{cursor:not-allowed}.w-input[disabled]:not(.w-input-disabled),.w-select[disabled]:not(.w-input-disabled),.w-input[readonly],.w-select[readonly],fieldset[disabled]:not(.w-input-disabled) .w-input,fieldset[disabled]:not(.w-input-disabled) .w-select{b
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 38 70 78 20 39 70 78 20 38 70 78 20 31 31 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 2d 66 69 6c 65 2d 6e 61 6d 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 77 2d 66 69 6c 65 2d 72 65 6d 6f 76 65 2d 6c 69 6e 6b 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 69 64 74 68 3a 61 75 74 6f 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 3b 70 61 64 64 69 Data Ascii: ;flex-grow:1;justify-content:space-between;margin:0;padding:8px 9px 8px 11px;display:flex}.w-file-upload-file-name{font-size:14px;font-weight:400;display:block}.w-file-remove-link{cursor:pointer;width:auto;height:auto;margin-top:3px;margin-left:10px;paddi
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 2d 63 6f 6c 2d 34 7b 77 69 64 74 68 3a 33 33 2e 33 33 33 33 25 7d 2e 77 2d 63 6f 6c 2d 35 7b 77 69 64 74 68 3a 34 31 2e 36 36 36 37 25 7d 2e 77 2d 63 6f 6c 2d 36 7b 77 69 64 74 68 3a 35 30 25 7d 2e 77 2d 63 6f 6c 2d 37 7b 77 69 64 74 68 3a 35 38 2e 33 33 33 33 25 7d 2e 77 2d 63 6f 6c 2d 38 7b 77 69 64 74 68 3a 36 36 2e 36 36 36 37 25 7d 2e 77 2d 63 6f 6c 2d 39 7b 77 69 64 74 68 3a 37 35 25 7d 2e 77 2d 63 6f 6c 2d 31 30 7b 77 69 64 74 68 3a 38 33 2e 33 33 33 33 25 7d 2e 77 2d 63 6f 6c 2d 31 31 7b 77 69 64 74 68 3a 39 31 2e 36 36 36 37 25 7d 2e 77 2d 63 6f 6c 2d 31 32 7b 77 69 64 74 68 3a 31 30 30 25 7d 2e 77 2d 68 69 64 64 65 6e 2d 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 Data Ascii: -col-4{width:33.3333%}.w-col-5{width:41.6667%}.w-col-6{width:50%}.w-col-7{width:58.3333%}.w-col-8{width:66.6667%}.w-col-9{width:75%}.w-col-10{width:83.3333%}.w-col-11{width:91.6667%}.w-col-12{width:100%}.w-hidden-main{display:none!important}@media screen

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	657	OUT	GET /6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:06 UTC	618	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:06 GMT Content-Type: image/webp Content-Length: 23574 Connection: close x-amz-id-2: kI2yL3uRQSWZW5KqNaMbP8PThCMXuQay7I29RXR+7AffhNpP1L2pCRjUTEYwvkndpM0eyek1RJ8= x-amz-request-id: FVC0AG6Z8KQDK4ZY Last-Modified: Sun, 17 Mar 2024 20:18:41 GMT ETag: "cd3521a7574865352fcc31cd4d968864" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: VQxidV2D7M0v1MjkNARxPZzB4FkcrZg4 CF-Cache-Status: HIT Age: 9743756 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1b45fce4380-EWR
2024-09-20 12:29:06 UTC	751	IN	Data Raw: 52 49 46 46 0e 5c 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 50 02 00 c6 01 00 41 4c 50 48 ac 1f 00 00 05 17 20 10 48 da df 79 8e 88 08 cd 41 d0 b6 6d 92 f0 67 bd ed a7 10 11 01 d8 8f e9 f8 51 76 3f 90 7c db b6 24 49 92 24 49 88 ba c0 cc fd 11 3e c1 3e 05 ff ff b3 08 01 ee 00 c4 4a cf 11 fd b7 28 db 6e d8 46 12 e2 9e 2b 02 0f 10 08 69 65 3b d9 2f a0 14 49 92 20 49 aa 1c 89 c7 3e 1d c2 41 09 68 83 3d c3 dc 23 e7 10 44 f4 9f a2 6d bb 75 db 48 85 71 81 83 87 45 65 56 a2 f9 05 c6 91 a4 c6 71 f1 22 0c 42 25 76 b1 bb a0 a3 fc 8e e8 bf 04 47 92 04 a9 29 ae b7 a6 72 7a fa d6 1c 3a c0 f6 0b d6 fd 89 3c 6b 73 1d ee 02 76 82 fd a5 97 56 09 af 9e 4e ae 2e 6e a5 fe be 73 bd ee e9 90 dd 3b d8 fe c5 e2 b9 12 dc 81 ad ab 7f c8 54 1d 6f 80 fa 61 08 af 4e 8d 25 Data Ascii: RIFF\WEBPVP8XPALPH HyAmgQv?\|$I$I>>J(nF+ie;/I I>Ah=#DmuHqEeVq"B%vG)rz:<ksvVN.ns;ToaN%
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: c8 68 8a 1f 23 ea 7b 49 77 0c b4 e6 f9 84 25 ff 68 d0 0d 86 2d 06 4d da b3 38 03 11 e1 22 35 97 47 0c e0 41 dd a2 a5 d9 ec b2 ee 7d 16 80 09 57 ce 15 06 5a 0e 9a d6 6e 16 bb db 36 90 04 13 3c bd 86 63 37 3a b7 58 5a 3d 46 ae 15 02 f0 50 f4 48 c4 a9 f4 93 30 3a 44 a1 57 d2 9f 06 2c 64 41 77 98 17 3f 95 72 e4 41 93 17 a9 45 35 4f 4b 86 a5 4b b3 c7 19 1e 47 5a 25 c7 67 c9 09 47 33 eb f0 fb 84 f7 31 50 a6 c9 25 34 95 08 13 46 c3 6f c6 60 14 97 d0 c3 51 d6 0e 49 8b df 42 53 8b 1f f9 df 11 5a 82 55 0b 44 21 5b 8b fb 40 17 04 47 b3 fa 0d c0 8b 13 27 e6 85 a9 9b 3c 48 f8 39 3d 9d de 1b 08 88 16 ba e5 7a 31 c2 69 7e 78 0d c7 6e a4 45 3c 97 b0 7e 74 39 80 ba 72 71 3d 16 1f 50 f4 55 0a e9 75 27 75 4f 52 ba fd 66 dc f6 ee 22 28 1c 98 e6 3b bb bc 32 21 06 ab 16 f4 6e Data Ascii: h#{Iw%h-M8"5GA}WZn6<c7:XZ=FPH0:DW,dAw?rAE5OKKGZ%gG31P%4Fo`QIBSZUD![@G'<H9=z1i~xnE<~t9rq=PUu'uORf"(;2!n
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 43 77 ae 96 2f d9 8b 46 3c b1 a5 6f fa 7f 8e fc d5 ff b1 19 c8 d5 6f 15 29 12 29 9f d2 f8 28 36 d7 c7 57 26 be ca ad 15 bc 71 0b fb ab ff b7 a5 e6 9a 4a 3f 5f a9 9c b5 bf 8c d1 ac ad 9a bf 35 93 3b 97 cf 0c 07 a3 d6 48 db e7 d2 d4 56 6f dc 4b 72 2d 3b 97 e7 4f b1 f8 66 72 31 ff 01 7b ad 52 db b7 ec 3b d7 b9 55 f0 be 45 93 88 5f d8 95 31 bc 6d 67 67 df f2 ef 5c eb 56 a9 26 f5 81 42 8c be 2b 61 ac 9a d8 e4 9d 2b 5e 10 eb 94 02 f1 0b db 5e e2 8a d5 2f f8 27 94 c6 bc 4c e1 62 a9 67 d3 4c a5 66 d7 8a a3 ae 9d ad a1 5c 23 df d4 21 ff a2 27 e3 e5 da 02 b6 d6 90 72 ed b1 7c aa e1 9c 6e 34 9d f0 f1 fa 09 a5 b3 25 5f a9 45 3c 29 6b 20 ea b2 ab a7 3b ac 6a 6c 29 d3 cf 15 b7 5d cc d2 51 22 a3 d6 8a 93 cc 85 7d eb ee 7a e2 94 52 0b 47 d7 f6 20 e5 04 e3 1f 30 98 4b fb Data Ascii: Cw/F<oo))(6W&qJ?_5;HVoKr-;Ofr1{R;UE_1mgg\V&B+a+^^/'LbgLf\#!'r\|n4%_E<)k ;jl)]Q"}zRG 0K
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 19 83 44 4d d3 ab c9 c0 f7 94 30 9c 84 2d 64 30 d4 8d 11 9d a5 f6 50 cb 3d ea ed b5 5d a8 19 26 e9 f5 f2 2a c4 e0 dc a2 68 e5 90 c9 fe 36 65 91 42 3c 36 30 53 e8 23 4c de 8b 4d a5 87 60 13 dd cf 68 a3 8b 82 06 99 be 66 2d 36 fc 63 89 70 e3 0b 8c 40 9a 8a 4c ec 08 a3 bc 07 04 6c c9 dd ba 84 bd 7b aa 30 f8 4c 07 76 41 42 1e 7d b6 41 42 0a af 79 00 75 33 da 57 cb 95 9f c0 49 cd 4a 37 84 b5 b4 81 59 a2 97 9b 5d 02 e6 31 d3 65 1a 77 a3 64 ed ae 0d c0 6e 7c 0e 61 30 ea e2 38 e6 07 c4 52 85 c1 3b c1 d0 66 93 01 6d 21 27 72 cc dd 21 7b 50 99 0c d0 25 91 46 58 85 3d da 57 1b 41 37 d0 00 0e 75 bf c3 e3 ad 08 d8 3c dd 8e cd b4 5c 01 4b c4 dc 4c 4d 09 bd c2 87 5d 8e 69 98 5b 56 39 61 6e 6e 46 98 3f c2 e3 9e a0 53 fe 98 62 82 4d 12 d2 aa 21 ea 3f e5 b2 70 16 5a 43 20 Data Ascii: DM0-d0P=]&*h6eB<60S#LM`hf-6cp@Ll{0LvAB}AByu3WIJ7Y]1ewdn\|a08R;fm!'r!{P%FX=WA7u<\KLM]i[V9annF?SbM!?pZC
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 42 54 37 33 72 1e 83 a4 67 da c0 f9 02 65 c1 28 87 f0 05 9a a3 8b 4d c9 c4 d3 75 bc 9c 23 d7 04 8f 31 bb 94 52 e3 4d 36 3c 31 e1 e3 3f 83 be 31 86 31 f2 cc b6 99 68 90 b6 48 37 73 5b 3a 96 06 51 33 fc 0a 13 8d be 3f 82 62 66 a4 c8 1e a3 04 30 c4 8b c6 b2 93 ae ae 14 93 b4 7d aa 0c e0 19 1c 33 ef 5d 56 ff e8 56 9b e2 55 62 93 3c 2b b7 98 97 b5 1a ea 9c d7 63 25 bf 4d 3c 46 ec c1 3e d2 2c b3 49 1f b2 25 af 97 88 e2 06 be 31 41 28 ac 24 96 7b d4 da a2 42 a6 2d d7 72 05 45 ae 11 06 b1 18 21 3a 88 bb 5c 1a bd 07 59 cd 4f 66 a1 62 2d 40 ec 1b e3 1a b3 d9 a5 c5 63 9b 66 94 de 04 80 99 d9 9f 5e 99 54 cd f0 1a 61 3c c4 07 81 3e 88 98 19 d1 f7 14 88 3f 7d 40 0d f1 1a 25 d0 69 28 87 82 dc 4d c2 33 a8 64 df b1 b3 bd 54 3e 83 1a e3 31 9e a4 a1 34 9e 92 a2 53 56 71 5f Data Ascii: BT73rge(Mu#1RM6<1?11hH7s[:Q3?bf0}3]VVUb<+c%M<F>,I%1A(${B-rE!:\YOfb-@cf^Ta<>?}@%i(M3dT>14SVq_
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: e5 58 fb 1b 90 a1 d7 28 47 67 d6 6b 15 22 dd 2c db d5 41 9f e0 6a e2 fe c6 a1 1e f4 b1 34 a3 f0 56 63 6b 59 54 c8 64 0f 21 eb 68 d5 80 31 3c 15 d1 fb 48 0c 2a 94 a2 97 b5 12 7c 87 99 59 8d b5 72 44 fa 07 16 39 18 f3 f2 25 e0 0d 04 9f ab 01 f5 b7 d8 da fd c0 2c 75 26 22 ca 34 96 38 34 b3 a8 75 8e 84 ac ed f8 09 b5 47 cb a1 56 fc b4 1c 50 54 cf 1e 50 45 1f 24 44 c5 2c d9 a9 9b 00 32 2d 92 f8 79 39 02 28 cb f6 25 1a a0 b0 cf a2 e3 99 c6 ca fe 71 3d a7 88 9d 59 6a cc b4 e6 0b 58 3b 31 ea b9 e3 cd b2 e9 e5 a3 b3 11 53 4b cb 8c d2 07 99 4d d3 a7 cf b2 b6 87 70 b0 f6 28 11 6e c5 9b 38 20 f0 d4 36 52 56 9a 51 f7 73 17 5c 27 eb 2b 66 66 25 86 9c ac 83 ff d4 1d 9c 8c c5 83 e0 a5 65 95 4e d1 b9 d9 66 d1 87 60 96 ca 73 31 06 4b 0b bf 05 5f a0 eb fb 1b 60 51 73 f6 cc Data Ascii: X(Ggk",Aj4VckYTd!h1<H*\|YrD9%,u&"484uGVPTPE$D,2-y9(%q=YjX;1SKMp(n8 6RVQs\'+ff%eNf`s1K_`Qs
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: ec 6e 54 ae 66 24 1e f8 c4 f8 d0 dc 2d 44 c4 51 8c d7 ad 6f f4 57 5c e5 76 91 14 01 ee 11 b1 ba 1f a9 c7 c4 11 33 33 e3 51 b4 8a 5e 91 2b 7a d5 ca ba 10 d9 68 f3 c4 e5 66 b5 32 9f 2a 37 23 81 5b d7 cd a2 07 5c 39 de 0b 24 e1 c1 e0 01 e8 53 76 d1 52 15 51 6a aa a7 3c 57 3b 90 7e f4 4a 4c b9 6f 4a d1 61 b6 d9 59 c5 09 7c 33 a5 6e 9b 81 15 ef 39 c9 3d 9a a7 bb 01 bb 6f 15 fa f4 07 9c 42 bd 8d cc e4 38 8c d7 2d 45 11 9b 19 17 de fc f6 76 61 af 44 39 70 ec 6d 72 0b 4f 20 7b ab b2 45 f3 04 76 d9 08 94 9a 9a a7 57 88 31 5a f2 9c 80 77 43 f2 b6 b5 47 2f 38 db 59 e8 00 a4 f6 c7 f3 e8 47 a6 db 1f ff 0b ee aa 85 3e c3 a5 e8 65 cb d1 09 f8 21 af 25 b9 9c eb d5 cc 7c c2 fe 8e 73 a1 24 3c 18 30 80 d7 46 7d 4f 38 99 c2 23 d8 60 08 43 a5 ee cb a2 d8 a4 79 02 c9 be c0 de Data Ascii: nTf$-DQoW\v33Q^+zhf2*7#[\9$SvRQj<W;~JLoJaY\|3n9=oB8-EvaD9pmrO {EvW1ZwCG/8YG>e!%\|s$<0F}O8#`Cy
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 07 d7 22 9e 82 df 2c 3d d8 7f e3 d1 f6 e8 30 2c bb f2 54 7f 7c bd 77 21 e2 5d a3 4f e4 a0 d6 d6 9c aa 6d f5 4b 31 c2 59 b1 f9 68 2d 22 16 3c 4e a7 2d c7 9e e9 dc 4a 14 fb 18 b2 8c 8b d0 f2 69 fc 83 7e 6b 48 08 b9 81 71 b8 00 18 63 a6 10 42 7f 2d 2b 03 9e d3 a0 94 a1 94 ac b4 a2 22 da 53 b6 00 63 26 5b a2 7f 21 a0 08 b6 50 50 e0 d8 c6 6c 73 cb 74 3d f9 42 13 aa 98 15 27 dc cc f9 d4 77 f1 c2 a5 e5 ba 2a 0f 70 ca e5 66 46 c3 20 cf 2a 54 21 ea 89 89 54 f5 3b 88 86 a4 c6 27 84 98 4d 73 b0 78 eb e1 27 e9 75 7f d9 02 8e 56 32 84 c6 17 5d 09 24 37 fc 71 76 ac cc f6 7f 2d d1 39 cd b7 e1 44 87 73 b0 3c d6 bc 63 68 a9 a6 e4 f3 50 71 cc 55 d6 44 53 b7 e1 ae b5 4b 68 fb c6 49 36 2d 25 f6 66 25 60 43 a5 8f 99 3b 08 c2 b1 55 d4 70 79 b2 4d cf 0c fa b3 2d f1 07 7f 0f cb Data Ascii: ",=0,T\|w!]OmK1Yh-"<N-Ji~kHqcB-+"Sc&[!PPlst=B'wpfF T!T;'Msx'uV2]$7qv-9Ds<chPqUDSKhI6-%f%`C;UpyM-
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: df 00 c9 b6 5c 55 88 ca 4a f9 1d 85 28 e3 5f 03 97 b9 53 50 be cf 82 f7 a2 2b 82 9f aa 70 65 90 20 39 71 c4 0a ab 39 b6 a2 9c 03 70 94 c7 4f f5 8c 60 79 04 73 64 d7 4b db e6 24 33 64 51 f8 06 26 70 1d 8c fe 5f d8 47 ce 71 21 2a 8a 92 b5 ef bf bd 67 67 92 c9 39 22 c5 99 c0 9e c5 f5 c3 9e 4b 0f 58 23 c1 d3 c1 a5 75 77 ac 42 58 7c dd d5 c6 f8 25 47 18 3a e3 54 3c c7 44 3b 4a 73 66 c5 d5 2a 03 5d c9 32 93 cd 6d 8b 5d 8c 29 fc c2 f7 04 6f a0 72 56 3d 34 18 55 42 84 ab 0b 03 27 8e 3a b1 86 6f da aa 9d d8 09 64 fd 97 dc 68 d7 c8 31 e5 bc e2 31 89 06 3c b7 8e 7a e8 f2 0d 07 27 cf 42 5a 01 25 e5 b1 66 59 22 af fb 82 32 38 2c 5b b7 e0 5e dc 2d 8e b2 86 07 e2 af 98 0f 81 ed 45 91 ce 04 b5 b6 c7 0a a2 08 61 29 d7 a2 c0 62 c7 b0 a3 36 e3 98 34 bd 04 37 42 08 a3 85 dd Data Ascii: \UJ(_SP+pe 9q9pO`ysdK$3dQ&p_Gq!gg9"KX#uwBX\|%G:T<D;Jsf]2m])orV=4UB':odh11<z'BZ%fY"28,[^-Ea)b647B
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 05 a8 ac 10 5e 25 38 57 a3 e5 0b 1d 0a b1 c1 2b ef ee 6e f5 e1 59 0f ec 65 af c1 b8 f8 c6 c0 b0 81 aa 88 19 6a 87 ee 2d ad fe 4e 5d fe fe 6b 8e b4 6a 12 52 62 d4 00 aa 3d f2 da fa 67 f4 d5 68 34 68 0e aa 0e 06 58 f1 8e 16 c4 e0 9a aa cc 97 f5 29 dd 2d 81 5a 91 48 e7 b0 27 f4 76 de e8 83 13 e6 16 5a fd 90 8a 38 54 0b e8 5a f5 84 77 54 c6 4e 9a 51 43 ff ee 19 37 28 0d 3d 68 aa 7e 02 e8 5e f0 a9 2b 17 a2 3f f8 fd 5b 26 47 48 41 d6 86 9d 1c 9c 11 db c4 be 61 13 4c da e6 b8 24 5b b9 11 cb 6f 55 97 95 5c b9 36 c8 69 b4 9d 1f 4e d5 6e 74 0b af de 15 25 44 38 bc 37 a8 c1 db b1 84 90 6a 75 70 1f 8f dc f2 ea 0d 13 9a c1 d2 a5 92 12 74 86 12 e8 c1 db b1 88 14 0b 4d 07 19 0b e5 41 01 24 da 1a dc 90 0f b1 a4 3f a0 80 f3 30 b9 4a 9e 4d 63 9e de 2d 8e 7a 31 7e cd db 3f Data Ascii: ^%8W+nYej-N]kjRb=gh4hX)-ZH'vZ8TZwTNQC7(=h~^+?[&GHAaL$[oU\6iNnt%D87juptMA$?0JMc-z1~?

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	595	OUT	GET /npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:06 UTC	758	IN	HTTP/1.1 200 OK Connection: close Content-Length: 4747 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 3.24.3 X-JSD-Version-Type: version ETag: W/"128b-VPBc3TS/x79UxtxtPHjWFkwCxTo" Accept-Ranges: bytes Age: 28879 Date: Fri, 20 Sep 2024 12:29:06 GMT X-Served-By: cache-fra-etou8220149-FRA, cache-ewr-kewr1740031-EWR X-Cache: HIT, MISS Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-20 12:29:06 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 2a 20 42 75 74 74 6f 6e 20 43 6c 69 63 6b 20 74 72 61 63 6b 69 6e 67 20 66 6f 72 20 53 6e 6f 77 70 6c 6f 77 20 76 33 2e 32 34 2e 33 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 6e 6f 77 70 6c 6f 77 2f 73 6e 6f 77 70 6c 6f 77 2d 6a 61 76 61 73 63 72 69 70 74 2d 74 72 61 63 6b 65 72 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 53 6e 6f 77 70 6c 6f 77 20 41 6e 61 6c 79 74 69 63 73 20 4c 74 64 2c 20 32 30 31 30 20 41 6e 74 68 6f 6e 20 50 61 6e 67 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 42 53 44 2d 33 2d 43 6c 61 75 73 65 0a 20 2a 2f 0a 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 21 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 Data Ascii: /! Button Click tracking for Snowplow v3.24.3 (https://github.com/snowplow/snowplow-javascript-tracker) * Copyright 2022 Snowplow Analytics Ltd, 2010 Anthon Pang * Licensed under BSD-3-Clause */"use strict";!function(n,o){"object"==typeof exports
2024-09-20 12:29:06 UTC	1378	IN	Data Raw: 6e 2c 65 29 7b 6e 75 6c 6c 21 3d 65 26 26 22 22 21 3d 3d 65 26 26 28 6f 5b 6e 5d 3d 65 29 7d 3b 72 65 74 75 72 6e 7b 61 64 64 3a 69 2c 61 64 64 44 69 63 74 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 6f 72 28 76 61 72 20 6f 20 69 6e 20 6e 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6e 2c 6f 29 26 26 69 28 6f 2c 6e 5b 6f 5d 29 7d 2c 61 64 64 4a 73 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 2c 72 29 7b 76 61 72 20 69 3b 69 66 28 69 3d 72 29 6e 3a 7b 69 66 28 6e 75 6c 6c 21 3d 72 26 26 28 72 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 7b 7d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 7c 7c 72 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 5b 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 29 66 6f 72 28 Data Ascii: n,e){null!=e&&""!==e&&(o[n]=e)};return{add:i,addDict:function(n){for(var o in n)Object.prototype.hasOwnProperty.call(n,o)&&i(o,n[o])},addJson:function(n,o,r){var i;if(i=r)n:{if(null!=r&&(r.constructor==={}.constructor\|\|r.constructor===[].constructor))for(
2024-09-20 12:29:06 UTC	1378	IN	Data Raw: 70 70 6c 79 28 63 6f 6e 73 6f 6c 65 2c 6f 28 5b 63 5d 2c 72 2c 21 31 29 29 29 7d 2c 65 72 72 6f 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 5b 5d 2c 63 3d 32 3b 63 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 72 5b 63 2d 32 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 6e 3e 3d 69 2e 65 72 72 6f 72 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 26 26 28 63 3d 22 53 6e 6f 77 70 6c 6f 77 3a 20 22 2b 65 2b 22 5c 6e 22 2c 74 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 2e 61 70 70 6c 79 28 63 6f 6e 73 6f 6c 65 2c 6f 28 5b 63 2b 22 5c 6e 22 2c 74 5d 2c 72 2c 21 31 29 29 3a 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 2e 61 70 70 6c 79 28 63 6f 6e 73 6f 6c 65 2c 6f 28 5b 63 5d Data Ascii: pply(console,o([c],r,!1)))},error:function(e,t){for(var r=[],c=2;c<arguments.length;c++)r[c-2]=arguments[c];n>=i.error&&"undefined"!=typeof console&&(c="Snowplow: "+e+"\n",t?console.error.apply(console,o([c+"\n",t],r,!1)):console.error.apply(console,o([c]
2024-09-20 12:29:06 UTC	613	IN	Data Raw: 75 74 45 6c 65 6d 65 6e 74 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 72 2e 74 79 70 65 29 7b 69 28 72 29 26 26 28 69 3d 72 2c 28 72 3d 7b 7d 29 2e 6c 61 62 65 6c 3d 22 49 4e 50 55 54 22 3d 3d 3d 69 2e 74 61 67 4e 61 6d 65 3f 69 2e 64 61 74 61 73 65 74 2e 73 70 42 75 74 74 6f 6e 4c 61 62 65 6c 7c 7c 69 2e 76 61 6c 75 65 3a 69 2e 64 61 74 61 73 65 74 2e 73 70 42 75 74 74 6f 6e 4c 61 62 65 6c 7c 7c 69 2e 69 6e 6e 65 72 54 65 78 74 2c 69 2e 69 64 26 26 28 72 2e 69 64 3d 69 2e 69 64 29 2c 69 2e 6e 61 6d 65 26 26 28 72 2e 6e 61 6d 65 3d 69 2e 6e 61 6d 65 29 2c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 6c 65 6e 67 74 68 26 26 28 72 2e 63 6c 61 73 73 65 73 3d 41 72 72 61 79 2e 66 72 6f 6d 28 69 2e 63 6c 61 73 73 4c 69 73 74 29 29 2c 28 69 3d 72 29 2e 63 6f 6e 74 65 78 74 Data Ascii: utElement&&"button"===r.type){i(r)&&(i=r,(r={}).label="INPUT"===i.tagName?i.dataset.spButtonLabel\|\|i.value:i.dataset.spButtonLabel\|\|i.innerText,i.id&&(r.id=i.id),i.name&&(r.name=i.name),i.classList.length&&(r.classes=Array.from(i.classList)),(i=r).context

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	664	OUT	GET /6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:06 UTC	616	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:06 GMT Content-Type: image/webp Content-Length: 11112 Connection: close x-amz-id-2: p4x6HN1xxlACclsPyCooqJeyly1+SQpSDYgdp6+A2BfoGP6VZRY35v2eorepfYTMsM0y6nqiV3s= x-amz-request-id: 674THVYTRCAQ75KT Last-Modified: Mon, 22 Apr 2024 15:05:55 GMT ETag: "308d32f3c0dd65a14316ec46469ba463" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: 5.DnT5LYsjXZnxPaoCXpF7pRsl7yIEO1 CF-Cache-Status: HIT Age: 21228 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1b45e1b0c84-EWR
2024-09-20 12:29:06 UTC	753	IN	Data Raw: 52 49 46 46 60 2b 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 18 00 00 00 28 01 00 e3 00 00 41 4c 50 48 72 1d 00 00 01 19 85 6d db 36 c8 82 47 db ff 0f 4e 8f 88 e8 ff 04 a4 24 55 45 bc dc 27 03 f9 25 67 4e 27 49 62 6d 20 7e 1e f8 03 c0 11 b7 bb 1b 88 88 cb 51 d0 b6 0d e3 f2 a7 bd cb 20 22 26 00 f2 a8 50 a9 e6 50 f5 92 dc 36 12 24 a9 bc ff ff 73 02 53 69 5b 11 d5 7b 8f 98 00 09 92 24 c9 6d 23 85 00 61 01 42 d9 3d f0 7d 3c c0 b7 23 49 96 24 d9 b6 95 d2 f3 ff bf 78 02 25 40 b8 0a 8b 9a c5 65 bc 46 84 45 c9 b6 85 b6 95 70 1e e6 5e 5d 50 9f 7d 90 2c 27 33 3f a0 c7 e3 7e 97 bf a3 6b 1b ae 33 4b 52 bc 3a 73 48 d0 b9 f9 02 fc 63 88 ac 7e 39 b7 e9 96 19 c5 4c 50 4b e1 29 cd 05 c1 f3 82 4a 82 53 70 d6 e0 a4 aa 7d 3d ac 0e 29 4f e0 0d e5 ef ff 1f f3 f7 10 72 18 59 90 Data Ascii: RIFF`+WEBPVP8X(ALPHrm6GN$UE'%gN'Ibm ~Q "&PP6$sSi[{$m#aB=}<#I$x%@eFEp^]P},'3?~k3KR:sHc~9LPK)JSp}=)OrY
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 85 55 fe 15 29 33 3a 52 46 0f 12 44 00 62 0b e3 52 92 00 30 08 72 ef 8b 99 bf 32 8c ab e5 37 a6 b1 5d 5c c6 ea 20 ab 8d f2 a9 86 68 e0 5f 40 98 43 8a b7 13 c4 ba 38 e8 93 5e 04 02 88 62 74 e9 53 17 d4 dd f8 ca ef be b0 8b 68 ea d2 7f a1 88 4a d4 ed 84 21 f9 75 8c 84 bf 9f 80 10 61 88 45 49 49 08 05 37 f8 a4 9a c5 51 38 b4 4b c2 a5 66 d7 4f 6e 79 b0 10 27 c9 55 8a 89 6e 01 ef a4 d1 05 a9 04 c8 08 32 f1 0a 5a 40 3f de a8 dc 7e 34 18 41 fe 6f 73 23 98 10 46 89 13 31 0f 4a 15 0d fe a0 17 d4 22 02 b4 a1 11 52 8a 2b e7 74 d2 4a 28 86 78 bf 61 60 fb 97 44 f9 8d 40 45 e7 c5 ce 6d 39 1c 68 55 5c 6c 07 76 31 65 98 84 b9 c5 34 53 9f 68 1d 8e 78 f3 30 a0 45 5b 75 33 a9 e8 d0 ad c5 d1 33 9f 12 d6 a9 c4 23 78 2e 21 35 ac a0 63 8b 0f c4 73 cd 6c f0 cc a3 dc ce 7e 9c ec Data Ascii: U)3:RFDbR0r27]\ h_@C8^btShJ!uaEII7Q8KfOny'Un2Z@?~4Aos#F1J"R+tJ(xa`D@Em9hU\lv1e4Shx0E[u33#x.!5csl~
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 5b 4b 4b 7e d1 d0 23 8f 5d 83 29 d5 07 a1 de d8 11 fe 24 95 22 9c 5d c9 6d 32 41 d7 fa 1f 3e e3 43 7a 73 96 7e b7 6c fd dd f3 27 a3 6f bd 36 c4 55 d2 c3 8f 00 5f c6 83 f4 6c 9a db 9c 5f dd 17 c6 9a e2 a1 71 a5 61 42 e7 c7 7c a8 f8 00 b6 a6 fe f2 04 45 a9 01 7f 75 a4 15 12 1b cf 08 63 72 f4 c0 44 f8 87 bd fa 90 86 bc fd 68 f3 c2 dd e1 33 dc 88 99 46 2f e4 7f 23 3f 5e 51 8f a3 24 05 76 96 78 98 9c f2 c3 4e cc e8 5b 3e b8 7e bc d4 b3 0d d8 b3 8c 38 08 8e 0d a2 d6 49 09 50 fa a3 73 ce f8 e7 9c e3 37 c3 31 dd 5a 8a e1 86 84 ef f1 d0 ee 41 78 19 50 d7 7e d1 57 06 a4 8f 78 c7 d5 04 0b 15 02 40 2d 4b be 53 da c7 77 4a ef 79 9b b8 6d cf 37 3e bf 46 d8 89 c7 42 67 2e 1e 13 54 88 e7 c3 3b c4 00 68 02 86 ec d9 7f c0 c4 a4 9b cb 30 18 26 63 08 70 1d 5c 69 64 33 47 13 Data Ascii: [KK~#])$"]m2A>Czs~l'o6U_l_qaB\|EucrDh3F/#?^Q$vxN[>~8IPs71ZAxP~Wx@-KSwJym7>FBg.T;h0&cp\id3G
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 02 9a ef 3c 75 c7 ac 79 25 2f d3 d9 3e c1 24 ba 87 75 c5 11 a3 6b 3f 9b 24 e0 a5 e4 10 30 d3 f2 09 8e 24 2c 2b 06 61 27 3f e2 9b c9 92 4f 40 d5 4d f9 18 75 44 a7 ac fa a5 dd 36 ca c3 0e a7 14 05 1f 93 51 2b dc 2b 50 a1 b8 36 c3 cb 23 fb be 8b 16 92 57 6a 35 b6 14 5e e8 78 82 e0 c7 13 30 15 5f 49 2a 85 15 9d c1 72 eb 87 4e 88 99 d3 88 df a9 3d 34 0d 50 d2 a2 19 bb a0 fe b6 9b 58 d2 1b b1 f3 5b 2b 6a db a2 7f c2 cc 56 a5 dc 1f f4 de 49 8e 24 ec d9 59 d4 ab 45 19 0b 94 c7 bc b1 71 0b df 09 39 b4 c3 10 0e 50 f4 c0 ef a7 af 46 39 2c 63 91 d5 2c 3b ad f7 50 89 93 2b 3c 1c f6 b0 d8 ad 14 66 78 c0 30 7b fd c2 6e 91 4c d0 0b 5e 81 81 4d 40 75 8c 16 90 a1 3c 9f b4 14 4e 14 fe d4 1a 1c 76 94 07 2b 3d 2e 9f dd 98 c4 0e 79 fb 37 bc 1b 6a 24 5e 44 03 f4 17 1a 14 3d c8 Data Ascii: <uy%/>$uk?$0$,+a'?O@MuD6Q++P6#Wj5^x0_I*rN=4PX[+jVI$YEq9PF9,c,;P+<fx0{nL^M@u<Nv+=.y7j$^D=
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 4a 36 9e 77 fd 96 52 f2 a3 ba 2b d3 63 de 0b 07 f3 bc 88 24 00 82 12 b4 6a 68 8e 54 46 2e b7 a8 47 66 72 1c 9b ca cb 7c 5d b7 0b 40 f8 60 d8 b3 ac 31 3f 3f 97 a3 5b a7 04 82 2e 0d b8 38 1e f0 4d 57 8e 27 e0 51 3f 50 e4 cb 9c a2 99 6f 4a a5 f3 37 db 09 88 a2 99 14 e1 04 67 61 b7 29 fc 8e 96 9c c3 6b c3 24 4e 0b 10 cd 2b 3c cc 89 77 e2 f9 57 9e e3 6a 85 47 be 37 0d d5 08 72 da 5f 0f 09 3c 4a 96 63 25 22 8d 82 cc e5 aa a5 38 3e b5 b6 cc ad ec 70 19 23 fc 64 71 75 2a 8b 24 ee b0 4c 53 1b 9d 9c da 07 f2 ae c3 28 31 8b 64 45 82 40 a8 a0 aa c4 04 fd 6d e5 58 44 8f 9a 76 e4 09 5f 99 d4 71 25 07 ae a3 dc f8 e0 e4 ea 01 67 e9 82 02 51 1a 02 10 b1 a4 e9 37 b8 7d e5 65 da 61 f1 f2 f2 43 d0 15 27 65 b5 71 e7 a8 47 19 46 66 53 68 c2 79 2a 42 37 1e 93 ad 81 6c 42 98 8c Data Ascii: J6wR+c$jhTF.Gfr\|]@`1??[.8MW'Q?PoJ7ga)k$N+<wWjG7r_<Jc%"8>p#dqu$LS(1dE@mXDv_q%gQ7}eaC'eqGFfShyB7lB
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: e4 55 32 b0 09 fd b6 2f 2f 0f 16 59 43 e8 3c 8f 6d 29 cf 94 96 b3 53 9b d7 f9 04 a3 1a fa 81 3a 05 18 c3 73 53 fb eb 1a e2 da 98 22 e0 dc 21 fc d9 86 1e 7a b6 6a 26 3c 58 e7 2b 26 f1 f5 c3 ba 24 c0 d7 53 f6 da 50 99 28 1c 51 44 fe f0 03 e7 95 a8 be 7e a0 b3 83 05 4b 78 a5 7d 63 54 cb f7 4e a8 30 e5 ce 08 1e 03 32 4c d4 bf cf bd 7d 4f 7d 64 3b 3d c0 94 34 a9 7a 04 9e b6 fa 11 64 47 35 07 3d 25 a3 63 af 75 d0 94 05 3f 89 0f 6f 34 e6 43 36 c3 88 1c 50 69 a7 4d 0b 9e 57 92 86 2b 69 21 d8 5c 09 63 3d 20 c4 9b 68 46 d0 aa f6 aa 25 2e 14 a3 e1 df 17 3c ec 0d a8 79 b4 eb 83 9a c0 41 f0 54 a0 73 b7 0b a9 c0 a1 59 07 d7 b5 cd 64 dc e4 58 e8 63 a3 ed b3 26 41 b0 a5 6d 0e 74 7a 50 54 e5 0a d1 84 f5 43 4e aa 3d 6d 78 c9 c5 5a 65 04 00 9c 15 f5 04 3f 7a 72 55 a3 af 1e Data Ascii: U2//YC<m)S:sS"!zj&<X+&$SP(QD~Kx}cTN02L}O}d;=4zdG5=%cu?o4C6PiMW+i!\c= hF%.<yATsYdXc&AmtzPTCN=mxZe?zrU
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 4b a5 a4 23 25 23 38 09 18 b0 12 09 67 6e 96 d2 51 38 d4 8d ff a8 c0 b6 bb 38 23 cc f1 be 85 c6 af e9 b7 cf a2 52 69 d1 99 b9 f3 7f ed 37 c0 7a 7c ff 55 bc 87 9f 0b 4e 53 a3 0f d6 77 fd 9e 4a f2 8d f2 ef a0 15 a2 0e d2 e5 8b 64 df 44 29 ab 77 df cc a7 d2 1e f5 aa 00 7f 1f fe d7 ff 13 da a3 fb 0f fb 5f e6 ff 2e fd a9 fd 3f fb 3d f0 03 fc a3 fa 3f fd 0f 5d ef 5d 7f b3 de c2 9f ac 81 26 b3 ca bd 22 85 e0 d7 ee fe 68 31 91 c0 db 2f 4c 75 28 a3 f8 58 23 e9 e5 8d 91 ce a7 f8 72 93 b6 64 5b 4c 72 53 c4 b8 58 a9 13 b4 c3 ff fe 75 13 73 13 cc 1d a8 45 69 20 42 1a bc f8 3d 1f 56 4d 1a 80 0f 46 df 04 a3 46 de c7 61 ce 4e 42 3c d5 e9 7f fc 85 bd 93 c2 9b d2 2b eb 80 65 43 4f 08 33 ac 36 39 cb 3d 52 77 ab 08 57 0e 51 a9 41 e2 f7 14 a0 0b cc 19 65 5b 94 c5 3e 14 45 16 Data Ascii: K#%#8gnQ88#Ri7z\|UNSwJdD)w_.?=?]]&"h1/Lu(X#rd[LrSXusEi B=VMFFaNB<+eCO369=RwWQAe[>E
2024-09-20 12:29:06 UTC	1369	IN	Data Raw: 83 88 c3 8c 8d 30 d1 dc 57 10 dc f8 d0 d2 72 bf ae 9b 35 2d 01 fe 00 d1 c4 6d 4b 6a 5e 13 34 6e 27 2d a9 3a 7b 7d 1c 9f 81 f1 cd 8e 58 31 51 35 6e 05 aa 19 22 c5 d8 06 c7 fe 7d 2c 68 69 83 6a 27 e8 da d2 cb 9e 67 0b db f4 86 56 cf 53 b5 99 a5 41 ee 1c bc bb 53 ea 70 15 ab 90 d7 bf 45 d8 16 d3 47 86 00 03 58 d7 7e a6 68 cb d6 a8 6d e5 9c 49 d6 d5 e1 26 85 22 bf 90 4e 89 b3 23 28 f0 69 ba e6 69 07 78 82 f3 57 a4 75 69 06 37 99 ba ba aa 6a e6 40 2c 87 c1 93 67 68 e7 3e 32 bc 27 b2 3d e6 6c 0f 80 72 27 ef 33 88 cc 8b 8e 97 b3 fa c0 87 a2 ef 7f 0b 81 1b fa ce d8 bc 95 b0 1e b7 51 74 04 8e 49 9f 3a 31 a7 9c 11 8b ae a8 0a 69 df 88 a7 13 df 98 bd fc 29 21 e5 05 f0 55 65 be 6d 4d 67 f8 9e 26 15 59 7b a5 e1 73 2f 5a 65 3b 38 13 a1 42 2b 25 5e 81 4e 04 8a f9 20 cf Data Ascii: 0Wr5-mKj^4n'-:{}X1Q5n"},hij'gVSASpEGX~hmI&"N#(iixWui7j@,gh>2'=lr'3QtI:1i)!UemMg&Y{s/Ze;8B+%^N
2024-09-20 12:29:06 UTC	776	IN	Data Raw: 35 e5 0e 3f ae 1a a9 03 4a 20 80 e3 58 54 07 56 fa 02 61 91 a8 f7 e8 7e 1b 0f d4 0d 9b 33 d8 ae 58 e1 44 28 27 55 29 96 fb 1b 74 1f ad f2 cb 0b 58 4a e5 30 7e e7 ff 34 a9 a4 f6 0a d4 07 cd 81 20 a1 96 50 03 b8 55 d4 35 1c 85 cd bf 5c 82 53 24 f3 9d 34 33 e4 65 ea d1 1e f8 bc 03 56 0f bd 76 5b fa 39 29 6f 1a 33 11 a1 40 2e 5f a9 0b b3 36 14 33 c0 0e a8 90 44 a5 df a4 df 6b eb 6d 92 3f 1e f0 b5 5a b3 ad 27 c1 51 6b ac a5 62 4b b2 00 00 00 09 f8 59 00 5b 12 00 6c e4 5a 6d 11 ce 70 cc 3e ce 32 5d b2 bb 4b 14 61 db 7f e4 cb c5 7d a2 12 89 e4 7c 8a 3a cd e9 ed aa 74 70 b5 85 27 6a ab 2f 99 45 55 9f c6 7d b6 44 3b 24 47 f0 d6 2d 9c 22 41 95 1a 9d 1b 75 e1 52 43 91 00 dc e0 6f 58 1d aa bf a7 90 7f ea fb dc 36 87 ad e9 c7 f6 ae 45 a0 93 8c 84 b4 0a d1 f8 3b 46 00 Data Ascii: 5?J XTVa~3XD('U)tXJ0~4 PU5\S$43eVv[9)o3@._63Dkm?Z'QkbKY[lZmp>2]Ka}\|:tp'j/EU}D;$G-"AuRCoX6E;F

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:06 UTC	627	OUT	GET /recaptcha/api.js HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:06 UTC	749	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Expires: Fri, 20 Sep 2024 12:29:06 GMT Date: Fri, 20 Sep 2024 12:29:06 GMT Cache-Control: private, max-age=300 Cross-Origin-Resource-Policy: cross-origin Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-20 12:29:06 UTC	641	IN	Data Raw: 35 39 61 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 67 72 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f 5f 72 65 63 61 70 74 63 68 61 5f 61 70 69 27 5d 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 Data Ascii: 59a/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.g
2024-09-20 12:29:06 UTC	800	IN	Data Raw: 41 41 43 51 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 64 76 62 32 64 73 5a 53 35 6a 62 32 30 36 4e 44 51 7a 49 69 77 69 5a 6d 56 68 64 48 56 79 5a 53 49 36 49 6b 52 70 63 32 46 69 62 47 56 55 61 47 6c 79 5a 46 42 68 63 6e 52 35 55 33 52 76 63 6d 46 6e 5a 56 42 68 63 6e 52 70 64 47 6c 76 62 6d 6c 75 5a 7a 49 69 4c 43 4a 6c 65 48 42 70 63 6e 6b 69 4f 6a 45 33 4e 44 49 7a 4e 44 49 7a 4f 54 6b 73 49 6d 6c 7a 55 33 56 69 5a 47 39 74 59 57 6c 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 70 63 31 52 6f 61 58 4a 6b 55 47 46 79 64 48 6b 69 4f 6e 52 79 64 57 56 39 27 3b 69 66 28 76 26 26 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 29 7b 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 2e Data Ascii: AACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.
2024-09-20 12:29:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:07 UTC	660	OUT	GET /655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:07 UTC	616	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:07 GMT Content-Type: image/png Content-Length: 5002 Connection: close x-amz-id-2: bFgTwodJJG5mDtD+rxPE2KwNVF/rFzNjz9XwG3gupt0i1usAevzx8TN1qnd6NazOqqld5niV+EA= x-amz-request-id: 4YCWPAEVDDMJMV8N Last-Modified: Wed, 22 Nov 2023 05:32:26 GMT ETag: "d360d7cfb07b3fdc3fbc56204caa4c06" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: ds4He9jpqLhVudpNkauPNw12aaYIjxRr CF-Cache-Status: HIT Age: 9743375 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1b82e824204-EWR
2024-09-20 12:29:07 UTC	753	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 4d 00 00 00 c0 08 06 00 00 00 80 a9 31 76 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 13 41 49 44 41 54 78 5e ed 9d 5b ac 1d 55 19 80 67 66 9f d3 f6 40 8a 28 09 97 16 6c 69 29 2d 21 be 00 0f 20 04 2d 41 43 1b 2a 17 49 23 f0 82 3e c8 03 2a 3e 68 8d f1 92 12 83 89 8a a6 51 43 94 f8 e2 13 5a 88 09 c1 96 a2 24 dc 09 6a d1 88 31 88 2d 4d 9b 9e 04 2a 37 e9 dd 9e 73 f6 38 b3 f7 9e bd 67 66 cf 65 ad 35 6b 66 d6 9e f9 9a 40 da ee 75 f9 d7 f7 ff f3 75 cd 65 9f b1 2d 7e 41 a0 65 04 36 be 74 e0 6e c7 72 7e 51 e6 b2 dd c8 e0 76 99 53 0d c6 76 2d d7 b2 f7 ef fc f8 f9 17 56 30 59 ab a7 a8 22 9b ad 06 cc e2 cd 23 50 b6 34 ab 17 a6 cf d8 9f d5 de bf 03 69 96 5e 70 48 b3 74 c4 4c 60 1a 81 b2 a4 59 9f 2c 03 Data Ascii: PNGIHDRM1vsBIT\|dAIDATx^[Ugf@(li)-! -ACI#>>hQCZ$j1-M*7s8gfe5kf@uue-~Ae6tnr~QvSv-V0Y"#P4i^pHtL`Y,
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: 8a 48 d3 b1 ad 23 ab 16 bb 4b b5 31 ce d8 43 9e 70 6d f7 6f 27 ac 6e b7 5b cd 46 f3 94 6b af fb eb fa 0b f6 6a 5b 5b 81 81 90 66 01 78 74 85 40 1e 81 3c 69 ea 90 65 10 83 36 69 0a 78 f0 84 f7 42 22 4f 9a 56 55 ef 4d 3a d5 b5 d7 20 cd bc 6a e3 73 08 34 80 40 96 34 8b 9e 8e c7 f1 20 cd 6a 0a 86 9d 66 35 9c 99 a5 a5 04 92 a4 39 be 91 1b 1c 86 a1 53 71 91 d3 71 ed d2 14 d8 61 06 73 b2 d3 6c 69 41 b3 6c 08 94 4d 20 2e cd c4 d3 f1 82 b2 2c 7c 7a 2e 21 4b a4 99 7f 43 ae ec 9a 62 7c 08 34 9a 40 58 9a 3a af 5f 26 41 53 3a 3d 57 10 a6 3f 37 3b cd 46 97 2d 8b 83 40 7d 04 02 69 7a cf 0b 85 ee 9e 8f 9f 8e eb b8 4e 26 25 4d 45 59 d6 b1 d3 f4 43 9d e3 46 50 7d 45 cc cc 10 a8 92 c0 b8 34 cb 11 a6 bf 26 61 69 16 14 66 95 3b 4d 3f 54 ff bf 79 a4 59 65 d9 32 17 04 ea 23 f0 Data Ascii: H#K1Cpmo'n[Fkj[[fxt@<ie6ixB"OVUM: js4@4 jf59SqqasliAlM .,\|z.!KCb\|4@X:_&AS:=W?7;F-@}izN&%MEYCFP}E4&aif;M?TyYe2#
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: c2 c2 8c 98 2a 6d 97 99 24 cc c8 9e b6 47 3d 22 cd 54 03 c6 8e 9e 40 98 69 5b cd a4 f8 9a 2a 4d 43 85 19 97 66 59 3b cc 20 ad 48 53 5c 62 55 b7 6c 8f 34 43 2b 1d fb 07 5f 59 9a e3 f2 5b e2 9d 65 0f 77 9a b2 bb cc 5c 69 0a 6c 55 bc 39 bd 56 93 b7 d3 8c a3 ac fa 48 10 40 1b ec 34 a5 84 29 30 6e d2 52 91 66 d5 05 20 3e 5f e3 a4 69 0f ae 69 0a ef 32 23 e7 db 32 bb cc e4 dd 62 b6 34 33 4e cb 35 09 73 b0 f7 9d 1c 69 4e 80 2c 83 c3 69 f9 74 d7 f2 f3 2b fc 4b 51 98 fe bf 7a dd 79 ae 69 0a 73 ae b8 61 63 a5 39 bc a6 18 93 91 ea 2e 73 7c d3 98 23 cd c4 1b 40 19 a7 e5 2d 97 66 2d 85 28 29 b5 65 9e 34 67 44 a5 29 39 f6 f0 b8 1f f4 43 9a 15 9b 50 62 ba 5a 6a 55 22 3e a9 a6 fe 8d 20 7f a7 29 bc cb 14 3a 2d ef db 2c 53 9a a1 0f 17 7b 07 d5 ca d3 a6 46 37 82 22 2b 28 f7 Data Ascii: m$G="T@i[MCfY; HS\bUl4C+_Y[ew\ilU9VH@4)0nRf >_ii2#2b43N5siN,it+KQzyisac9.s\|#@-f-()e4gD)9CPbZjU"> ):-,S{F7"+(
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: e8 27 3c 25 02 a9 d2 94 96 e5 c0 36 a5 5c bf 4c 7d c4 45 60 cd b9 3b cc e8 e3 44 fd f3 d0 bc 4b 05 93 72 4d d3 19 3c 72 94 c1 09 69 0a 14 11 4d 20 30 22 90 2f 4d 91 1b 27 03 a9 89 3d ac 2e f1 38 91 66 59 46 f7 44 09 b2 14 10 a6 7f 71 d6 b5 3d 69 5e 37 09 77 cf 91 26 07 3b 04 74 13 18 93 a6 f4 0e 53 f8 f9 4b 09 59 66 9e 0a e6 20 10 91 fc e0 b6 54 da dd f1 d4 19 06 63 b7 56 9a 82 77 cd 03 7e 9c 9e eb 3e 5c 19 cf 04 02 f6 ed bb f6 0c bf f7 36 ba 6e 95 1e 5a af 4d 4f 1e a2 8f 12 05 63 09 4a b3 84 dd e5 68 87 99 b2 bb cc db 61 c6 45 ec ba 5f 9a 8c e7 34 73 76 9a 85 4f cd b3 73 8a 34 4d 38 c4 89 41 37 01 fb f6 9d ff de 36 da 19 78 bf 13 3b c7 ee 75 91 68 2a 14 77 57 f7 80 c3 59 43 03 7b bf 4d 9c a6 9b f0 0d fa 94 78 e6 5d f7 d1 47 3e b5 f6 05 a1 45 d5 d4 e8 3b Data Ascii: '<%6\L}E`;DKrM<riM 0"/M'=.8fYFDq=i^7w&;tSKYf TcVw~>\6nZMOcJhaE_4svOs4M8A76x;uh*wWYC{Mx]G>E;
2024-09-20 12:29:07 UTC	142	IN	Data Raw: 9a 91 07 a2 c8 20 10 96 a6 b2 2c 53 4e dd 73 4e c7 e3 51 21 4d 2a 35 fa 4c 2f 3c 20 60 22 81 40 9a 51 c1 a5 9d 41 f7 57 20 72 fd d2 6f 87 34 4d cc b8 d9 31 b1 d3 34 3b 3f 44 e7 11 f0 a5 69 87 af 69 66 54 6d 49 b2 0c f2 c0 4e 93 8a 64 a7 49 0d 98 4f e0 f6 1d ff ba c1 b6 3b 8f 65 45 2a 72 dd 32 dc bf bf c3 94 dc 33 d8 ee 1f de eb 5a b7 f1 35 4a f3 6b a6 cc 08 ff 0f 7e 5c 70 68 8b 66 7f b7 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: ,SNsNQ!M5L/< `"@QAW ro4M14;?DiifTmINdIO;eEr23Z5Jk~\phfIENDB`

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:07 UTC	688	OUT	GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:07 UTC	644	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:07 GMT Content-Type: image/webp Content-Length: 6778 Connection: close x-amz-id-2: q9WmeyNbLppRoP/tZh1JsqIDd0b2FBNwwOZ4ijs/BFdm2BWl1lDtaE2HNscSGeOigk/+LHfOCLGwV2wdS8BxDa7dunLcqwl2bQDU/A6bhkw= x-amz-request-id: 7T7R9D8QPWM8C0B8 Last-Modified: Thu, 21 Dec 2023 07:39:51 GMT ETag: "2deea30793899f56a236f1ba505155ab" x-amz-server-side-encryption: AES256 Cache-Control: max-age=84600, must-revalidate x-amz-version-id: .9LTfep43eO88TqIHc3WnYAIb3vaJe3A CF-Cache-Status: HIT Age: 25288 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1b8bb6d4228-EWR
2024-09-20 12:29:07 UTC	725	IN	Data Raw: 52 49 46 46 72 1a 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 e1 00 00 81 00 00 41 4c 50 48 a1 08 00 00 05 47 a0 20 6d 03 66 f5 2f 79 cf 46 44 84 00 fc 1f de ac ed c9 33 49 da 36 14 6b 11 bf 11 b1 ea 7f 81 73 02 65 ce 11 54 4c 40 fd 21 f2 6f 7f 81 73 02 61 c7 08 32 e6 8d 04 38 3a e8 cf 5f 11 fd 77 28 db 4a dc dc 04 b7 c6 14 b3 08 92 3f 30 ff d7 d9 5c 0f 4d 80 81 3a cb 01 c6 40 3f 1e 3b 1e bd 1b 94 ec 6a 02 dd 45 b4 92 f6 a2 d2 91 3a 6b fd 0a 00 6a 48 44 64 2c f5 c3 77 a2 d0 48 9d a5 72 07 e8 00 d4 80 2c 93 b1 fd f0 11 d0 99 91 3a 2b e5 88 d8 76 47 86 db 46 d6 f6 c3 0f 0e d1 40 af ce 4a 38 c4 10 10 80 88 b9 f0 33 93 06 11 7d 68 d9 40 9d 85 ea e0 43 0c 1e 8d 61 2e 35 67 36 56 0d df f9 18 bc 07 51 27 6b 75 d6 01 43 6c 1b 82 e1 5c eb 91 d9 6a 50 b4 Data Ascii: RIFFrWEBPVP8XALPHG mf/yFD3I6kseTL@!osa28:_w(J?0\M:@?;jE:kjHDd,wHr,:+vGF@J83}h@Ca.5g6VQ'kuCl\jP
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: 59 c5 99 59 96 10 f6 10 71 88 f2 2d 5a 7d 26 f6 33 b8 1b d8 a9 42 34 5b 26 fa 88 4f 43 88 4b db 06 f9 60 e6 bb 5f ba 51 b0 5d 3b a8 9a 56 c2 de 30 8b 03 88 88 59 fb 54 a3 d1 91 a4 f7 05 0c 8c d1 2a 5a 51 67 60 8a ac b1 13 c3 8f d2 73 98 11 0f 72 db e9 42 b7 77 70 06 60 9a 10 e9 04 c0 75 62 2d 0d 00 8f 1e 87 ba 5a 15 bf 98 e4 ca f9 68 85 9b 39 a0 73 7d 71 30 2c a6 26 5d 94 c4 58 26 f1 d1 46 89 0f 33 8c 15 b5 46 c3 b2 4a 55 b9 d8 77 83 2f 88 6e 9c b5 12 33 11 38 f0 6a b7 4c c5 b2 1d e1 db 06 30 bc fd 34 b8 81 bd 1e fc 17 2e 6d bf 95 49 09 27 6a 13 51 11 ff 52 a6 16 f4 8a ac 1c dc 81 a2 3e c6 80 6e 3e 82 5f 68 74 a5 89 39 d7 c2 7c 0b 74 3e 78 3f 7c d8 c9 30 97 92 85 e0 63 10 47 bb 94 5c e5 6d 9b 04 33 d0 cc b7 a1 98 5c de 6a 2d 96 87 8c 6e 8c 52 7b 98 30 d7 Data Ascii: YYq-Z}&3B4[&OCK`_Q];V0YT*ZQg`srBwp`ub-Zh9s}q0,&]X&F3FJUw/n38jL04.mI'jQR>n>_ht9\|t>x?\|0cG\m3\j-nR{0
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: fc d6 a8 75 5d 7c 4a 8f d7 e8 c7 cd f5 58 3b f1 5b 6a 87 f8 ee 44 ad a7 72 9c af 9a 79 dd 6e 31 6d 29 22 40 13 6a b9 69 d4 f3 ac 85 56 05 7c dc f7 5d 45 73 3a 88 4b 91 b5 c8 c2 33 9c 8f 5b 0c 68 9c 3a 82 8c b1 9d 4b b2 2e ce fb 18 50 a1 84 fa cf 11 b4 f0 32 12 7d 1f 7b 10 d1 2e 09 33 ad 8b 93 82 f6 0c a4 26 ed 56 b9 40 cb e2 5a d1 81 b2 8a 22 0a 22 52 e6 63 dd cc 00 4c 2c b5 fe 4f 32 cb e2 54 c3 60 eb 8e 12 59 7a 37 30 c8 87 0a ac 5d 98 6d 64 fe bf b6 19 00 56 50 38 20 aa 11 00 00 d0 47 00 9d 01 2a e2 00 82 00 3e 6d 34 96 47 24 23 22 21 29 18 09 50 80 0d 89 64 08 72 b1 99 16 41 bd 7c f9 fd cf f7 3e 5e 8e 94 c8 cf 78 31 b6 ed 27 3c 3f e1 bd 4d f9 80 7e b4 f9 d2 fa 90 fe c1 fe e7 d4 3f f2 ff eb df b5 5e f3 be 83 7f ae 7f 80 fc 49 f9 00 fe 7f fd 97 d6 bb fe Data Ascii: u]\|JX;[jDryn1m)"@jiV\|]Es:K3[h:K.P2}{.3&V@Z""RcL,O2T`Yz70]mdVP8 G*>m4G$#"!)PdrA\|>^x1'<?M~?^I
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: 3c e3 28 c8 28 8f 62 9c 5a 96 d2 63 53 ec ca 8a 92 82 d7 5c ee 87 da a4 01 e9 f0 85 50 43 bd f1 f7 3c 7a 5b b6 66 be d1 1a 6a 17 32 fe 41 79 da bc 3f 8b 67 c5 fa b9 f1 e9 f0 ea 68 fb 64 0a 31 55 40 e4 a8 12 c3 d7 e0 c3 9a b7 4f e0 81 c4 f0 77 a3 22 55 04 a4 73 a6 fb f2 06 2b 28 a9 57 0f 2e 36 73 27 d9 09 b8 37 27 6b 69 ed 0a a4 d0 c9 2d 4e f7 65 9d 3b 2d 5d 1b 48 36 b3 e8 bd 65 e1 a2 23 95 fc 77 f9 09 be 0d ab 79 bb e5 3b e2 ec 93 61 60 10 a9 e6 1d 39 89 76 d4 02 a5 35 91 3d 5b 90 26 c5 b9 43 a4 5c 9a c8 4d 68 ef a8 49 a5 39 36 8b 8e 0d fd bb e2 db f8 5a 94 00 cc 21 4d 9b 2c 05 5d 1c d8 ce 2a 2f 97 e0 90 2b 0b c3 14 fc 47 ed 1e b6 57 d5 e4 7b 2a 60 1d 4e 9c b5 99 14 81 50 86 6b d6 b6 36 07 d3 3a ed ff 3b e7 3a 9d be 43 3e fc be 7a 56 1a 6e 02 70 9e f8 cf Data Ascii: <((bZcS\PC<z[fj2Ay?ghd1U@Ow"Us+(W.6s'7'ki-Ne;-]H6e#wy;a`9v5=[&C\MhI96Z!M,]/+GW{`NPk6:;:C>zVnp
2024-09-20 12:29:07 UTC	1369	IN	Data Raw: 3e 07 e1 8a 03 97 7e 0f f3 8f aa 3c 82 a6 18 c6 80 ce b8 dc 23 8b 54 2c 49 22 d8 e2 48 f2 39 0d d6 ba b2 d4 5d 75 1f 3b 10 50 e5 f4 74 c7 30 8b 89 17 77 01 5c 10 77 db f7 2f 50 47 ad 9b de 31 e0 4d a4 e6 3a e4 03 0e 0e 0f 83 7e 52 bf 51 8b 4c 9c 41 4b 57 9c b0 0e 7f 1e 17 12 e2 73 2e 6d 52 4d 98 87 34 a4 9c ef 62 c9 09 d4 71 5f 86 93 4c ca 50 13 71 39 8b 36 66 df 70 4e d2 c2 c4 a8 c0 be 57 bd 12 6f f9 9b e6 dc c7 24 6a 08 57 2d 3f 63 95 3b 9c e0 2e 26 dd 91 c0 18 ff 42 f7 a9 c2 5a bd d1 40 06 c3 10 7f c8 64 16 98 e0 35 9b 4b b2 5b ff 37 2e 3b 0a cc d0 ef dc 01 c0 f7 ee ef 7c 99 12 60 45 94 01 09 98 c0 03 5e f0 1f 8e c4 0b 0a 22 97 7c 2a d2 67 43 04 41 f4 67 ee cd 20 04 14 cb a7 54 30 1d 9b 3f 30 f5 42 c8 a5 4a 57 8e 07 0d bf a8 0d 99 0a 3e 99 f0 ab 4d 6d Data Ascii: >~<#T,I"H9]u;Pt0w\w/PG1M:~RQLAKWs.mRM4bq_LPq96fpNWo$jW-?c;.&BZ@d5K[7.;\|`E^"\|*gCAg T0?0BJW>Mm
2024-09-20 12:29:07 UTC	577	IN	Data Raw: 5a 0e 71 bf f6 9f d5 ce 49 ce a8 3c 5b 9c 3b 05 d1 d6 8f 0f d5 ec 5d 7f 10 99 50 13 bb b1 61 74 95 19 6f 8f c1 ac 07 37 08 b7 c6 03 a3 fa 61 f2 2f db e2 ca a4 d1 30 cb 00 79 91 22 d5 7f 6f 6b 1d d3 c3 6c dd 6e b6 ad 1a 09 76 98 90 dd b8 47 d6 31 13 c7 6b 16 25 ae 8d 55 c6 6e 69 68 7f a1 07 0b 60 03 af 61 53 6e 6a 09 e7 5b 0f 38 f5 2d 8d e7 04 db cc af cd 3d d7 6a c3 e0 3d 28 2f 55 fd 51 f2 be 5f ae 52 42 aa 04 12 0a 32 66 be 20 8a 1e 07 6a a5 90 4c 83 72 be 07 1f 13 64 75 41 76 6f 27 80 e0 f6 57 66 5e 9c 12 13 e7 b0 43 cc a1 f6 c4 ba 3b 93 d1 7f 42 dd d0 0f 4b 85 d3 cc 76 35 9e ab d9 d1 3a 5c 72 c3 ba 59 2d 76 06 a7 54 5c 66 bb 74 1c 8c c4 09 f5 cc b9 34 ff 09 8f fc 2d 77 b2 95 25 0a e0 98 32 cf 45 bb 46 86 9c a6 c9 cf 24 48 fa bc 76 90 0a ff 0d be 46 60 Data Ascii: ZqI<[;]Pato7a/0y"oklnvG1k%Unih`aSnj[8-=j=(/UQ_RB2f jLrduAvo'Wf^C;BKv5:\rY-vT\ft4-w%2EF$HvF`

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	715	OUT	GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	631	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:08 GMT Content-Type: image/svg+xml Content-Length: 654 Connection: close x-amz-id-2: iMwtTJTlsQic062ldR2tWWe/QpI/twW/kC08NAuSkE36Uv1Ip3dKhA5wwkH3rJWcJmGyDJqQCFeIpDIE2IHBQQ== x-amz-request-id: FVC6ENAZS09JPTQT Last-Modified: Wed, 13 Dec 2023 16:34:21 GMT ETag: "166c01555262c9617db663ec8a38364b" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: ZAs7majvHYt8oLX63btjRfdozrskAdOe CF-Cache-Status: HIT Age: 9743757 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1bf08d442e2-EWR
2024-09-20 12:29:09 UTC	654	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 38 2e 35 38 35 22 20 68 65 69 67 68 74 3d 22 31 39 2e 30 31 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 38 2e 35 38 35 20 31 39 2e 30 31 22 3e 0d 0a 20 20 3c 67 20 69 64 3d 22 47 72 6f 75 70 5f 32 35 36 33 33 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 47 72 6f 75 70 20 32 35 36 33 33 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 20 30 29 22 3e 0d 0a 20 20 20 20 3c 67 20 69 64 3d 22 47 72 6f 75 70 5f 35 35 35 33 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 47 72 6f 75 70 20 35 35 35 33 22 3e 0d 0a 20 20 20 20 20 20 3c 67 20 69 64 3d 22 45 6c 6c 69 70 73 65 5f 33 30 39 22 20 64 61 74 61 2d 6e 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="18.585" height="19.01" viewBox="0 0 18.585 19.01"> <g id="Group_25633" data-name="Group 25633" transform="translate(0 0)"> <g id="Group_5553" data-name="Group 5553"> <g id="Ellipse_309" data-na

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	561	OUT	GET /npm/medium-zoom@1.0.3/dist/medium-zoom.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	774	IN	HTTP/1.1 200 OK Connection: close Content-Length: 9224 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 1.0.3 X-JSD-Version-Type: version ETag: W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs" Accept-Ranges: bytes Age: 194015 Date: Fri, 20 Sep 2024 12:29:08 GMT X-Served-By: cache-fra-etou8220020-FRA, cache-ewr-kewr1740028-EWR X-Cache: HIT, MISS Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 2f 2a 21 20 6d 65 64 69 75 6d 2d 7a 6f 6f 6d 20 31 2e 30 2e 33 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 72 61 6e 63 6f 69 73 63 68 61 6c 69 66 6f 75 72 2f 6d 65 64 69 75 6d 2d 7a 6f 6f 6d 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 65 2e 6d 65 64 69 75 6d 5a 6f 6f 6d 3d 74 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f Data Ascii: /! medium-zoom 1.0.3 \| MIT License \| https://github.com/francoischalifour/medium-zoom /!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):e.mediumZoom=t()}(this,functio
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 29 7b 76 61 72 20 6e 3d 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 7c 7c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 69 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 74 79 6c 65 22 29 3b 69 2e 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2c 22 74 6f 70 22 3d 3d 3d 6f 26 26 6e 2e 66 69 72 73 74 43 68 69 6c 64 3f 6e 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 69 2c 6e 2e 66 69 72 73 74 43 68 69 6c 64 29 3a 6e 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 69 29 2c 69 2e 73 74 79 6c 65 53 68 65 65 74 3f 69 2e 73 74 79 6c 65 53 68 65 65 74 2e 63 73 73 54 65 78 74 3d 65 3a 69 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 6f 63 Data Ascii: ypeof document){var n=document.head\|\|document.getElementsByTagName("head")[0],i=document.createElement("style");i.type="text/css","top"===o&&n.firstChild?n.insertBefore(i,n.firstChild):n.appendChild(i),i.styleSheet?i.styleSheet.cssText=e:i.appendChild(doc
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 6c 65 66 74 3a 30 2c 74 6f 70 3a 30 2c 72 69 67 68 74 3a 30 2c 62 6f 74 74 6f 6d 3a 30 7d 2c 74 3d 76 6f 69 64 20 30 2c 6f 3d 76 6f 69 64 20 30 3b 69 66 28 62 2e 63 6f 6e 74 61 69 6e 65 72 29 69 66 28 62 2e 63 6f 6e 74 61 69 6e 65 72 20 69 6e 73 74 61 6e 63 65 6f 66 20 4f 62 6a 65 63 74 29 74 3d 28 65 3d 48 28 7b 7d 2c 65 2c 62 2e 63 6f 6e 74 61 69 6e 65 72 29 29 2e 77 69 64 74 68 2d 65 2e 6c 65 66 74 2d 65 2e 72 69 67 68 74 2d 32 2a 62 2e 6d 61 72 67 69 6e 2c 6f 3d 65 2e 68 65 69 67 68 74 2d 65 2e 74 6f 70 2d 65 2e 62 6f 74 74 6f 6d 2d 32 2a 62 2e 6d 61 72 67 69 6e 3b 65 6c 73 65 7b 76 61 72 20 6e 3d 28 43 28 62 2e 63 6f 6e 74 61 69 6e 65 72 29 3f 62 2e 63 6f 6e 74 61 69 6e 65 72 3a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 62 Data Ascii: left:0,top:0,right:0,bottom:0},t=void 0,o=void 0;if(b.container)if(b.container instanceof Object)t=(e=H({},e,b.container)).width-e.left-e.right-2b.margin,o=e.height-e.top-e.bottom-2b.margin;else{var n=(C(b.container)?b.container:document.querySelector(b
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 2e 73 63 72 6f 6c 6c 4c 65 66 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 4c 65 66 74 7c 7c 30 2c 61 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 2c 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2b 6c 2b 22 70 78 22 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 64 2b 63 2b 22 70 78 22 2c 61 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 72 2b 22 70 78 22 2c 61 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 6d 2b 22 70 78 22 2c 61 2e 73 74 79 6c 65 2e 74 72 61 6e 73 66 6f 72 6d 3d 22 22 2c 61 29 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 77 29 2c 62 2e 74 65 6d 70 6c 61 74 65 29 7b 76 61 72 20 75 3d 43 28 62 2e 74 Data Ascii: .scrollLeft\|\|document.body.scrollLeft\|\|0,a.removeAttribute("id"),a.style.position="absolute",a.style.top=i+l+"px",a.style.left=d+c+"px",a.style.width=r+"px",a.style.height=m+"px",a.style.transform="",a),document.body.appendChild(w),b.template){var u=C(b.t
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 68 29 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 7a 6f 6f 6d 65 64 48 64 29 2c 67 28 29 29 7d 2c 31 30 29 7d 65 6c 73 65 20 69 66 28 45 2e 6f 72 69 67 69 6e 61 6c 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 73 72 63 73 65 74 22 29 29 7b 45 2e 7a 6f 6f 6d 65 64 48 64 3d 45 2e 7a 6f 6f 6d 65 64 2e 63 6c 6f 6e 65 4e 6f 64 65 28 29 2c 45 2e 7a 6f 6f 6d 65 64 48 64 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 73 69 7a 65 73 22 29 3b 76 61 72 20 66 3d 45 2e 7a 6f 6f 6d 65 64 48 64 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 45 2e 7a 6f 6f 6d 65 64 48 64 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 Data Ascii: tener("click",h),document.body.appendChild(E.zoomedHd),g())},10)}else if(E.original.hasAttribute("srcset")){E.zoomedHd=E.zoomed.cloneNode(),E.zoomedHd.removeAttribute("sizes");var f=E.zoomedHd.addEventListener("load",function(){E.zoomedHd.removeEventListe
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 6e 20 45 2e 6f 72 69 67 69 6e 61 6c 3f 68 28 29 3a 69 28 7b 74 61 72 67 65 74 3a 65 7d 29 7d 2c 76 3d 5b 5d 2c 72 3d 5b 5d 2c 7a 3d 21 31 2c 79 3d 30 2c 62 3d 6f 2c 45 3d 7b 6f 72 69 67 69 6e 61 6c 3a 6e 75 6c 6c 2c 7a 6f 6f 6d 65 64 3a 6e 75 6c 6c 2c 7a 6f 6f 6d 65 64 48 64 3a 6e 75 6c 6c 2c 74 65 6d 70 6c 61 74 65 3a 6e 75 6c 6c 7d 3b 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3d 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 65 29 3f 62 3d 65 3a 28 65 7c 7c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 29 26 26 6e 28 65 29 2c 62 3d 48 28 7b 6d 61 72 67 69 6e 3a 30 2c 62 61 63 6b 67 72 6f 75 6e 64 3a 22 23 66 66 66 22 2c 73 63 72 6f 6c 6c 4f 66 66 73 65 74 3a 34 30 2c 63 6f 6e 74 61 69 Data Ascii: n E.original?h():i({target:e})},v=[],r=[],z=!1,y=0,b=o,E={original:null,zoomed:null,zoomedHd:null,template:null};"[object Object]"===Object.prototype.toString.call(e)?b=e:(e\|\|"string"==typeof e)&&n(e),b=H({margin:0,background:"#fff",scrollOffset:40,contai
2024-09-20 12:29:09 UTC	956	IN	Data Raw: 65 29 29 7d 2c 61 74 74 61 63 68 3a 6e 2c 64 65 74 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 74 3d 41 72 72 61 79 28 65 29 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 74 5b 6f 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 6f 5d 3b 45 2e 7a 6f 6f 6d 65 64 26 26 68 28 29 3b 76 61 72 20 6e 3d 30 3c 74 2e 6c 65 6e 67 74 68 3f 74 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 5b 5d 2e 63 6f 6e 63 61 74 28 65 2c 6c 28 74 29 29 7d 2c 5b 5d 29 3a 76 3b 72 65 74 75 72 6e 20 6e 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 6d 65 64 69 75 6d 2d 7a 6f 6f 6d 2d 69 6d 61 67 65 22 29 2c 65 Data Ascii: e))},attach:n,detach:function(){for(var e=arguments.length,t=Array(e),o=0;o<e;o++)t[o]=arguments[o];E.zoomed&&h();var n=0<t.length?t.reduce(function(e,t){return[].concat(e,l(t))},[]):v;return n.forEach(function(e){e.classList.remove("medium-zoom-image"),e

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	563	OUT	GET /npm/@finsweet/attributes-richtext@1/richtext.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:08 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 8519 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 1.10.2 X-JSD-Version-Type: version ETag: W/"2147-I41v+oq443LPQB6aPqMil27q9QY" Accept-Ranges: bytes Age: 34647 Date: Fri, 20 Sep 2024 12:29:08 GMT X-Served-By: cache-fra-eddf8230147-FRA, cache-ewr-kewr1740059-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-09-20 12:29:08 UTC	1378	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 28 29 3d 3e 7b 76 61 72 20 6d 74 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 20 54 74 3d 28 74 2c 65 2c 6f 29 3d 3e 65 20 69 6e 20 74 3f 6d 74 28 74 2c 65 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 6f 7d 29 3a 74 5b 65 5d 3d 6f 3b 76 61 72 20 76 3d 28 74 2c 65 2c 6f 29 3d 3e 28 54 74 28 74 2c 74 79 70 65 6f 66 20 65 21 3d 22 73 79 6d 62 6f 6c 22 3f 65 2b 22 22 3a 65 2c 6f 29 2c 6f 29 3b 76 61 72 20 66 3d 22 66 73 2d 61 74 74 72 69 62 75 74 65 73 22 3b 76 61 72 20 48 3d 22 63 6d 73 61 74 74 72 69 62 75 74 65 22 3b 76 61 72 20 45 3d 22 72 69 63 68 74 65 78 74 22 3b 76 61 72 20 Data Ascii: "use strict";(()=>{var mt=Object.defineProperty;var Tt=(t,e,o)=>e in t?mt(t,e,{enumerable:!0,configurable:!0,writable:!0,value:o}):t[e]=o;var v=(t,e,o)=>(Tt(t,typeof e!="symbol"?e+"":e,o),o);var f="fs-attributes";var H="cmsattribute";var E="richtext";var
2024-09-20 12:29:08 UTC	1378	IN	Data Raw: 69 3d 64 28 29 3b 72 26 26 69 26 26 28 72 2e 64 65 73 74 72 6f 79 28 29 2c 72 2e 69 6e 69 74 28 7b 73 69 74 65 49 64 3a 69 2c 61 70 69 55 72 6c 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6e 64 65 72 2e 77 65 62 66 6c 6f 77 2e 63 6f 6d 22 7d 29 29 7d 69 66 28 74 21 3d 6e 75 6c 6c 26 26 74 2e 69 6e 63 6c 75 64 65 73 28 22 6c 69 67 68 74 62 6f 78 22 29 26 26 28 28 6f 3d 65 2e 72 65 71 75 69 72 65 28 22 6c 69 67 68 74 62 6f 78 22 29 29 3d 3d 6e 75 6c 6c 7c 7c 6f 2e 72 65 61 64 79 28 29 29 2c 74 21 3d 6e 75 6c 6c 26 26 74 2e 69 6e 63 6c 75 64 65 73 28 22 73 6c 69 64 65 72 22 29 29 7b 6c 65 74 20 72 3d 65 2e 72 65 71 75 69 72 65 28 22 73 6c 69 64 65 72 22 29 3b 72 26 26 28 72 2e 72 65 64 72 61 77 28 29 2c 72 2e 72 65 61 64 79 28 29 29 7d 72 65 74 75 72 6e 20 74 21 3d Data Ascii: i=d();r&&i&&(r.destroy(),r.init({siteId:i,apiUrl:"https://render.webflow.com"}))}if(t!=null&&t.includes("lightbox")&&((o=e.require("lightbox"))==null\|\|o.ready()),t!=null&&t.includes("slider")){let r=e.require("slider");r&&(r.redraw(),r.ready())}return t!=
2024-09-20 12:29:08 UTC	1378	IN	Data Raw: 28 73 29 7d 72 65 74 75 72 6e 5b 65 2c 6f 2c 28 72 2c 69 29 3d 3e 7b 6c 65 74 20 73 3d 74 5b 69 5d 3b 72 65 74 75 72 6e 20 73 3f 72 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 73 2e 6b 65 79 29 3a 6e 75 6c 6c 7d 5d 7d 3b 76 61 72 20 78 3d 7b 70 72 65 76 65 6e 74 4c 6f 61 64 3a 7b 6b 65 79 3a 60 24 7b 66 7d 2d 70 72 65 76 65 6e 74 6c 6f 61 64 60 7d 2c 64 65 62 75 67 4d 6f 64 65 3a 7b 6b 65 79 3a 60 24 7b 66 7d 2d 64 65 62 75 67 60 7d 2c 73 72 63 3a 7b 6b 65 79 3a 22 73 72 63 22 2c 76 61 6c 75 65 73 3a 7b 66 69 6e 73 77 65 65 74 3a 22 40 66 69 6e 73 77 65 65 74 2f 61 74 74 72 69 62 75 74 65 73 22 7d 7d 2c 64 65 76 3a 7b 6b 65 79 3a 60 24 7b 66 7d 2d 64 65 76 60 7d 7d 2c 5b 4d 2c 62 65 5d 3d 77 28 78 29 3b 76 61 72 20 58 3d 74 3d 3e 7b 6c 65 74 7b 63 75 72 72 Data Ascii: (s)}return[e,o,(r,i)=>{let s=t[i];return s?r.getAttribute(s.key):null}]};var x={preventLoad:{key:`${f}-preventload`},debugMode:{key:`${f}-debug`},src:{key:"src",values:{finsweet:"@finsweet/attributes"}},dev:{key:`${f}-dev`}},[M,be]=w(x);var X=t=>{let{curr
2024-09-20 12:29:08 UTC	1378	IN	Data Raw: 65 65 74 22 2c 7b 6f 70 65 72 61 74 6f 72 3a 22 63 6f 6e 74 61 69 6e 73 22 7d 29 2c 65 3d 4d 28 22 64 65 76 22 29 3b 72 65 74 75 72 6e 5b 2e 2e 2e 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 60 73 63 72 69 70 74 24 7b 74 7d 2c 20 73 63 72 69 70 74 24 7b 65 7d 60 29 5d 2e 72 65 64 75 63 65 28 28 72 2c 69 29 3d 3e 7b 76 61 72 20 63 3b 6c 65 74 20 73 3d 69 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 78 2e 64 65 76 2e 6b 65 79 29 7c 7c 28 28 63 3d 69 2e 73 72 63 2e 6d 61 74 63 68 28 2f 5b 5c 77 2d 2e 20 5d 2b 28 3f 3d 28 5c 2e 6a 73 29 24 29 2f 29 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 63 5b 30 5d 29 3b 72 65 74 75 72 6e 20 73 26 26 21 72 2e 69 6e 63 6c 75 64 65 73 28 73 29 26 26 72 2e 70 75 73 68 28 73 29 2c 72 7d 2c 5b Data Ascii: eet",{operator:"contains"}),e=M("dev");return[...document.querySelectorAll(`script${t}, script${e}`)].reduce((r,i)=>{var c;let s=i.getAttribute(x.dev.key)\|\|((c=i.src.match(/[\w-. ]+(?=(\.js)$)/))==null?void 0:c[0]);return s&&!r.includes(s)&&r.push(s),r},[
2024-09-20 12:29:08 UTC	1378	IN	Data Raw: 75 3d 68 28 29 2c 6c 3d 61 7c 7c 6f 2c 41 3d 28 69 3d 28 72 3d 75 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 75 2e 67 65 74 54 69 6d 65 28 29 29 21 3d 6e 75 6c 6c 3f 72 3a 6e 29 21 3d 6e 75 6c 6c 3f 69 3a 31 2c 70 3d 6c 3f 61 77 61 69 74 20 52 74 28 6c 2c 41 29 3a 6e 75 6c 6c 3b 69 66 28 21 70 29 7b 6c 65 74 7b 70 61 67 65 3a 5f 7d 3d 61 77 61 69 74 20 6f 74 28 73 29 3b 72 65 74 75 72 6e 20 5f 7d 6c 65 74 20 44 3d 61 77 61 69 74 20 49 74 28 70 2c 73 2e 68 72 65 66 29 3b 69 66 28 44 29 7b 6c 65 74 20 5f 3d 4e 28 44 29 3b 72 65 74 75 72 6e 20 65 26 26 21 6e 74 28 5f 2c 61 29 26 26 65 74 28 70 2c 73 2c 61 2c 65 29 2c 5f 7d 72 65 74 75 72 6e 20 61 77 61 69 74 20 65 74 28 70 2c 73 2c 61 2c 65 29 7d 63 61 74 63 68 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 2c 79 Data Ascii: u=h(),l=a\|\|o,A=(i=(r=u==null?void 0:u.getTime())!=null?r:n)!=null?i:1,p=l?await Rt(l,A):null;if(!p){let{page:_}=await ot(s);return _}let D=await It(p,s.href);if(D){let _=N(D);return e&&!nt(_,a)&&et(p,s,a,e),_}return await et(p,s,a,e)}catch{return null}},y
2024-09-20 12:29:09 UTC	1378	IN	Data Raw: 60 22 29 2e 72 65 70 6c 61 63 65 28 2f 28 26 23 78 32 37 3b 29 2f 67 2c 22 27 22 29 2e 72 65 70 6c 61 63 65 28 2f 28 3c 62 72 3e 29 2f 67 2c 60 0a 60 29 3b 76 61 72 20 69 74 3d 5b 5d 2c 7b 6f 72 69 67 69 6e 3a 68 74 2c 68 72 65 66 3a 50 74 7d 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 61 74 3d 61 73 79 6e 63 20 74 3d 3e 7b 6c 65 74 5b 65 5d 3d 74 2e 6d 61 74 63 68 28 62 29 7c 7c 5b 5d 3b 69 66 28 21 65 29 72 65 74 75 72 6e 3b 6c 65 74 20 6f 3d 65 2e 72 65 70 6c 61 63 65 28 5a 2c 22 22 29 2e 74 72 69 6d 28 29 3b 69 66 28 21 4f 2e 74 65 73 74 28 6f 29 29 7b 6c 65 74 20 61 3d 61 77 61 69 74 20 63 74 28 6f 29 3b 72 65 74 75 72 6e 20 61 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 61 2e 6f 75 74 65 72 48 54 4d 4c 7d 6c 65 74 5b 72 5d 3d 6f 2e 73 70 6c 69 Data Ascii: `").replace(/(')/g,"'").replace(/(<br>)/g,``);var it=[],{origin:ht,href:Pt}=window.location,at=async t=>{let[e]=t.match(b)\|\|[];if(!e)return;let o=e.replace(Z,"").trim();if(!O.test(o)){let a=await ct(o);return a==null?void 0:a.outerHTML}let[r]=o.spli
2024-09-20 12:29:09 UTC	251	IN	Data Raw: 3a 22 70 72 65 66 69 78 65 64 22 7d 29 7d 60 29 5d 3b 72 65 74 75 72 6e 20 61 77 61 69 74 20 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 74 2e 6d 61 70 28 44 74 29 29 2c 4b 28 45 2c 74 29 7d 2c 44 74 3d 61 73 79 6e 63 20 74 3d 3e 7b 6c 65 74 20 65 3d 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 42 74 29 3d 3d 3d 4f 74 2e 74 72 75 65 2c 6f 3d 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 55 74 29 3d 3d 3d 4e 74 2e 74 72 75 65 2c 6e 3d 74 74 28 74 29 3b 61 77 61 69 74 20 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 6e 2e 6d 61 70 28 72 3d 3e 6c 74 28 72 2c 65 29 29 29 2c 6f 26 26 61 77 61 69 74 20 50 28 5b 22 69 78 32 22 5d 29 7d 3b 6a 28 7b 69 6e 69 74 3a 70 74 2c 76 65 72 73 69 6f 6e 3a 71 2c 61 74 74 72 69 62 75 74 65 4b 65 79 3a 45 7d 29 3b 7d 29 28 29 3b 0a Data Ascii: :"prefixed"})}`)];return await Promise.all(t.map(Dt)),K(E,t)},Dt=async t=>{let e=t.getAttribute(Bt)===Ot.true,o=t.getAttribute(Ut)===Nt.true,n=tt(t);await Promise.all(n.map(r=>lt(r,e))),o&&await P(["ix2"])};j({init:pt,version:q,attributeKey:E});})();

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	670	OUT	GET /6579dd0b5f9a54376d296915/66abcfee331da80089b29d7e_Huntress%20Logo%20Wide%20Teal.webp HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	649	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:08 GMT Content-Type: image/webp Content-Length: 9574 Connection: close x-amz-id-2: aY+XrVSaeuY04pbFKxvYMel2wqlSamjPVhvFeOFl5lMqiLc1XgQ3b52KJzUr52YWvQKbfnfzGfxaCRb2pLtUJaG60q05ZJqHUepNSxQ/ofM= x-amz-request-id: X3PS9QG1GWF94035 Last-Modified: Thu, 01 Aug 2024 18:11:59 GMT ETag: "4d43f1ba43ff10e933af8c3cba746277" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: fAbeElApcA4jQlgHVcKv6DhyLXOyvQel CF-Cache-Status: HIT Age: 3852706 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1bef80841ef-EWR
2024-09-20 12:29:09 UTC	720	IN	Data Raw: 52 49 46 46 5e 25 00 00 57 45 42 50 56 50 38 4c 52 25 00 00 2f 8d 02 25 10 2a 4d f3 ff 2b db 23 37 7e e9 fd 36 bc 72 92 a5 d9 03 9a 7e a4 fb fa ff ff e7 7e 24 99 9e 70 7a 15 4e 5e c8 c0 75 ae 73 ce 75 dd 50 f1 b5 fa 85 a9 4b 95 28 cc ca 6e 5c bd 35 43 b7 6b 20 cc cc d9 b1 d9 32 ec 18 56 1c 66 66 66 66 4e 54 f2 94 61 17 66 46 2d c3 e9 ad 99 ef 81 95 d9 c3 5d 0e 33 33 33 33 27 dd 1d 66 92 63 66 87 39 0a ae 98 99 35 61 56 8a 99 51 13 ee 5d 98 99 b1 57 6d 66 66 b6 97 cc 0a 9b 19 7e e1 28 0c a6 5d 98 c9 cc ee 09 33 a3 2a a6 30 93 99 99 99 06 14 ce 8c 14 de 33 a9 a6 3a cc 6c 66 5c b9 b7 c6 50 57 99 ee 2a b3 ad 70 d2 d3 55 61 e6 64 50 61 d6 84 99 cc b6 32 66 66 da b9 a6 7c db b6 6d bb 6d 6c 5b fc 0b c7 85 89 06 46 2f a5 b4 3e 38 68 c4 05 71 d3 1b 5e f5 01 fa 1f Data Ascii: RIFF^%WEBPVP8LR%/%M+#7~6r~~$pzN^usuPK(n\5Ck 2VffffNTafF-]3333'fcf95aVQ]Wmff~(]303:lf\PW*pUadPa2ff\|mml[F/>8hq^
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: d7 4f 40 f2 31 ab c6 8f f0 95 b9 1e e2 8e 4d cf bc da 8d ca b8 64 a3 aa 83 9b 93 ba 48 c3 25 8e a6 1b ef 17 80 26 be b8 32 3c 73 17 ff 5c ac 96 0d fd 14 a4 d9 3f 97 df 04 d4 eb 20 d0 5c cf 79 e7 8a f9 6d d2 a3 d7 f7 af 55 4f e2 a8 7a 29 2c 27 00 90 46 c6 70 81 24 55 43 a0 c7 f0 6a 76 87 28 6e 17 91 d4 fc 6b a1 b4 ee ef 27 a0 fe 61 91 1a 40 aa 3d 5a e5 b8 af 45 0e 00 47 9c 80 b4 28 18 fd e3 1f 30 80 61 dc de 66 10 2e 72 47 6a 6e 35 f6 81 07 d8 28 a5 36 5e 24 51 e9 2c d8 0c 1d 40 aa f5 5f 67 ed 43 b9 09 06 91 92 b7 3a 78 4c 05 96 b8 3e 60 8b 2c a7 a0 ea a6 3b 37 3d 00 e8 8a 4e b1 df ac e5 59 18 23 04 00 9a 9a 9a ed 5a c3 aa 6b a2 28 92 7d bd ed f7 3a e8 6a de 86 90 02 95 d9 39 94 35 0f 58 fe 0e 23 4d 67 de 08 20 9e 02 a2 e8 14 54 bd 50 70 46 f4 19 6d 44 5b Data Ascii: O@1MdH%&2<s\? \ymUOz),'Fp$UCjv(nk'a@=ZEG(0af.rGjn5(6^$Q,@_gC:xL>`,;7=NY#Zk(}:j95X#Mg TPpFmD[
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: e3 49 2e b8 cf 4a 9a 75 cc f4 40 e2 fb 55 ca 20 b2 ca ca 46 6a 1a 11 4f 01 ad 9d 45 44 b5 de c3 4c 60 b7 c6 7a 28 5a 03 a8 a9 7a d4 f6 07 3f 1e 38 b9 8b d5 d7 f7 98 58 fc f3 3d ae c6 44 11 75 de 78 bb 2b ee 76 d7 41 2a a3 5b 92 2a 3c b7 17 ac 86 48 09 ab 6a 4d d1 b4 04 62 09 ac ea ab 3f 7f cf 97 56 dd fd 9c 32 68 3c 72 71 b5 ec d3 47 6c 31 98 86 56 8a ff 1a 58 ec ed 1d e0 ed f8 16 c8 6c 11 08 68 78 a8 ae f2 dc 2b 11 75 03 56 d4 9c 2f 32 dc 59 b5 bb 3a b4 2e 44 e4 2a eb ca 5f ce 2b c9 7d af 6a 68 84 b3 ba ce ed 13 f7 7d 59 5d 73 27 78 f0 fb 4e 50 b4 47 ab 4b d2 eb 6e 3f 4e 28 5a fc c7 42 47 87 d5 aa 64 b6 ba 10 90 aa f4 51 a4 07 cd c6 c0 67 7a e7 f6 12 06 60 e1 f9 48 f4 3c d9 80 51 eb 42 a0 ba 58 c0 4f 3f a6 ab a2 6b 9b 77 1f 14 5b 9f 54 8a 0b e5 dc 11 57 Data Ascii: I.Ju@U FjOEDL`z(Zz?8X=Dux+vA[<HjMb?V2h<rqGl1VXlhx+uV/2Y:.D*_+}jh}Y]s'xNPGKn?N(ZBGdQgz`H<QBXO?kw[TW
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 54 6a 84 0e d1 a9 2e ac 32 2a 69 11 12 9e 89 46 7f be c7 9d 17 76 10 45 bf 33 42 2c 31 11 9e 60 d8 bc 16 c3 9c 0b 68 95 ff 08 4d ef 92 16 8c e0 55 12 00 44 36 7c 6c 9e 27 77 97 c5 c6 52 b3 e3 7d fd 88 77 93 e8 2b ad fb f9 c4 aa cc 5a 11 cf e6 1e bf fe 00 a5 b9 0c 9d 56 c7 06 5b fe 2e b2 30 8d b8 ac 99 89 4c 3a c7 06 5b 21 5b 0d 13 55 5b 5b 24 83 2c 5c 40 49 d4 28 ce 09 c6 16 18 c4 74 5b aa ab e7 df 5d 58 c4 24 b2 1c 41 65 0f 24 82 eb 4f 83 51 8f 0b 41 64 d1 ff 8a e0 cb eb a5 99 ba 9d f0 96 43 4f 35 e4 f8 5a e2 be dd b5 df 4e e8 63 2e 6b c1 da 12 1f 80 2e d8 0a ac f9 dd 6d f1 94 3a 9d 65 66 84 39 a1 89 32 27 a4 3a a7 1b c3 2d 0f 7e 3c 70 92 a4 5e 33 86 2a f9 fb 95 a4 fd 36 5a 7c e3 5a e1 7e 35 d6 d2 67 e9 bf 01 00 b4 26 7c fd 91 f3 42 d2 6d 99 de 0d ec 25 Data Ascii: Tj.2iFvE3B,1`hMUD6\|l'wR}w+ZV[.0L:[![U[[$,\@I(t[]X$Ae$OQAdCO5ZNc.k.m:ef92':-~<p^36Z\|Z~5g&\|Bm%
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 80 37 b2 37 a2 e8 92 78 54 9a e6 bd 36 71 e0 db 11 42 b3 d5 f7 d3 03 28 19 4b 4e c6 4c 38 3d 00 a7 ee 7b ff bd 2e e9 92 0e 30 8c e7 d0 f1 8c 62 90 28 93 26 e4 0f b0 7a 80 34 9c 7b f7 26 ca 21 05 23 4f 2f 15 20 03 a3 d3 ea bf 53 0e b9 db 03 8f 13 da 16 4e e1 f7 b2 9a 96 e7 22 cf 61 a7 1c f1 2f 81 8b 58 1a f9 d7 fd be 54 7f fd c0 10 cd 6d 00 b0 aa f4 4d 38 bd 2e 09 4e ec 23 7e e0 0d 74 b8 93 99 96 ea 9b e7 7e 32 5b 01 d8 47 b3 84 3d 2d 87 86 29 e9 80 51 e7 50 de 96 e4 41 39 7c 47 53 da c0 e0 8a 67 77 59 c5 4b 1e 67 d9 3a 8e e1 7f 29 42 4d 15 f8 27 26 1b a7 7a 7a f0 ee 9e 2c 44 0c 61 22 be 96 29 cb 69 65 6d a7 89 36 8b 38 79 0c 80 7d f5 a9 ee 4d eb 96 20 f1 3d 8c 2b 0c e3 6b 60 27 5b 49 b3 58 5f 4f 4c 24 52 41 ac 98 73 99 dc 22 c0 f2 5a fa 92 23 4b 95 41 59 Data Ascii: 77xT6qB(KNL8={.0b(&z4{&!#O/ SN"a/XTmM8.N#~t~2[G=-)QPA9\|GSgwYKg:)BM'&zz,Da")iem68y}M =+k`'[IX_OL$RAs"Z#KAY
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 6a 7a b2 5f 16 63 e9 e4 f9 f3 11 5a 59 c9 dc 9c d4 2a a8 08 8b cc 56 fb d4 05 87 ec 93 43 95 3e 63 55 4f 56 31 2b 61 e1 d7 a6 ff 94 01 38 94 8f f8 2b d3 00 d1 d0 a0 9b c8 ad 45 3a 75 07 30 66 16 49 1d 9a db 92 0d be 11 6e c6 2a d9 af 8d b8 de ca fc e7 6f d3 91 ae fd 9a 62 4c 2f bf 47 8a 8d 00 c0 d0 53 c8 ff ad d0 17 8c 78 f5 c9 b2 fb 85 f2 03 45 98 59 7a d6 3c ba b0 35 92 ad ba 7a c4 4b 6c b5 a1 be e0 17 58 8d 7b 6e 40 e4 85 91 f3 6e 5c 5c 6e 27 cc 42 ab ef 56 c8 82 87 b8 3c a0 b7 ef 41 fb 1d 46 5d 4b 11 68 32 1f 56 0f d9 56 6e 93 8f 84 5a bd 00 30 83 e4 b9 b6 a5 53 8d 78 3e a9 fe e0 d8 08 59 88 54 06 02 56 1d 09 ca 32 89 e1 bb 49 21 6d e5 dc 7e b2 42 eb 7e 7b 62 bc 8c 30 d5 db 89 a9 de 2f 23 f7 c6 b3 b6 bf 08 51 3d 0c e3 5b 4a f5 9f 4d af 22 dc 4c 48 ab Data Ascii: jz_cZYVC>cUOV1+a8+E:u0fInobL/GSxEYz<5zKlX{n@n\\n'BV<AF]Kh2VVnZ0Sx>YTV2I!m~B~{b0/#Q=[JM"LH
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 0c 61 17 ab ba cb d0 83 05 b0 c9 a3 23 29 e6 07 60 bc e8 45 18 bf 1c 00 a5 ac 00 2e d9 30 fb 5c 89 6d 01 67 39 ab 52 cf f5 26 ab 37 6d 6b 9d 08 9b 8b a1 52 5a cc 96 59 bd de a9 57 ec 58 10 fc 97 2a 26 56 82 f6 28 10 53 70 72 cb f8 24 26 42 5e e8 ca ba ae 74 56 db 0c b5 6c f8 c7 00 8e 8b 24 17 b9 50 06 a0 61 20 86 0e 92 9c bd 6e 20 5b 49 6f 3b 84 fd bf d2 fe 60 ea 56 a5 6d bb 2d 3b aa 07 61 49 74 a4 31 af 23 66 c9 9f 1a b6 ea 84 16 80 26 be e9 46 a5 34 97 46 1c be 0b db a5 79 79 73 dc 95 fa 04 7f ac 4d 8c 5a 17 82 45 3e ce f6 7c 69 53 54 c1 6a 57 b5 ae fd 4a 85 41 17 cd 04 86 4a 7c 3e 5c 00 c6 38 d2 ab f2 f0 a9 01 38 26 39 e8 95 03 67 6e ba c6 70 57 e1 1d 00 56 39 15 6a b2 3d d0 0a 10 2a ec 44 78 d3 db 8e a0 58 69 98 55 10 5b 01 32 27 e3 ac 0a 3d e6 6f 8f Data Ascii: a#)`E.0\mg9R&7mkRZYWX&V(Spr$&B^tVl$Pa n [Io;`Vm-;aIt1#f&F4FyysMZE>\|iSTjWJAJ\|>\88&9gnpWV9j=DxXiU[2'=o
2024-09-20 12:29:09 UTC	640	IN	Data Raw: 92 d7 55 0b 81 be be c7 54 ab 0e 20 0f e0 50 02 f2 07 29 ae 50 cb 95 12 5e d8 db 00 9c e5 07 f1 17 d4 43 30 e5 e5 85 f0 e3 bc d0 f3 0f 02 f4 f5 c4 6c ac a5 a8 da 95 8c 36 4a 01 e7 1a a0 f2 df 32 67 87 a8 8d 3e 45 c9 db 00 f2 7a 1f f6 f8 20 00 83 2e 9a 1b 97 38 4f e4 9a 00 e0 07 2c 2a 38 e1 17 83 3a e9 fd 32 d9 0b 21 b5 6e 7f ad 9e a7 60 18 a0 9c 64 3a 45 1f 69 12 8d 19 00 a6 3d 05 a6 35 a8 97 36 cf 8f c4 96 0d 41 24 ff c2 96 b3 b5 84 d7 fd fd 04 84 00 77 f1 eb c6 26 58 e0 8e 1b 3d e0 50 be c0 4e e4 6a 26 38 70 55 1f c3 a3 30 f2 21 aa ae 99 d5 1d 76 a3 c5 37 b5 08 68 dc e3 50 6b 8e e3 69 03 f8 f4 be 9b a9 9b 00 b7 b2 8d 08 ef 06 b4 7e a9 96 99 25 68 7a bb 59 c6 2e 94 85 25 31 72 5e de 00 c0 e6 3e 6d 94 c6 e1 e0 c7 03 07 10 f0 f4 cd ac 9f 00 db 37 dd 88 2b Data Ascii: UT P)P^C0l6J2g>Ez .8O,*8:2!n`d:Ei=56A$w&X=PNj&8pU0!v7hPki~%hzY.%1r^>m7+

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	676	OUT	GET /655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	619	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:08 GMT Content-Type: image/svg+xml Content-Length: 407 Connection: close x-amz-id-2: iNGut8bC/ryAFxlgEGt3yoo5ijja+4Jl6ix5fm6TBtea9dOyTIKNnMhz2rL0wq1mDAjErOlaVGU= x-amz-request-id: FVC7HZ8HVBFX4HXK Last-Modified: Fri, 24 Nov 2023 10:23:48 GMT ETag: "7b97da408ecd186da2775e85d3b5fc35" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: 6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF CF-Cache-Status: HIT Age: 9743757 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1befe460f88-EWR
2024-09-20 12:29:09 UTC	407	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 33 2e 38 31 38 22 20 68 65 69 67 68 74 3d 22 35 2e 38 38 33 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 33 2e 38 31 38 20 35 2e 38 38 33 22 3e 0d 0a 20 20 3c 67 20 69 64 3d 22 53 65 63 6f 6e 64 61 72 79 5f 54 65 78 74 5f 43 54 41 5f 42 6c 61 63 6b 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 53 65 63 6f 6e 64 61 72 79 20 54 65 78 74 20 43 54 41 20 42 6c 61 63 6b 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 20 35 2e 38 38 33 29 20 72 6f 74 61 74 65 28 2d 39 30 29 22 3e 0d 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 50 61 74 68 5f 34 34 36 39 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 50 61 74 68 20 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="3.818" height="5.883" viewBox="0 0 3.818 5.883"> <g id="Secondary_Text_CTA_Black" data-name="Secondary Text CTA Black" transform="translate(0 5.883) rotate(-90)"> <path id="Path_4469" data-name="Path

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	579	OUT	GET /6579dd0b5f9a54376d296915/js/huntress-new.28c3b280d.js HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	628	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:08 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close x-amz-id-2: 6GafYDgqz5cUfn5gsyR8/JUHWHRIKxhR51wVbPV9+enxTvm99DzDb5oGgv84uK3nPY62d+3cJNnXrHKAt2hbydbfdwf58oE7 x-amz-request-id: NXG2PZDT217122MW Last-Modified: Thu, 19 Sep 2024 14:19:04 GMT ETag: W/"03dde5cd826c786c1abb391fdb926c94" x-amz-server-side-encryption: AES256 Cache-Control: public, max-age=31536000, immutable x-amz-version-id: 9DOLSvB_pM7A0F7x4vfMgsKBotNktzWH CF-Cache-Status: HIT Age: 79784 Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1bf3d647ce2-EWR
2024-09-20 12:29:09 UTC	741	IN	Data Raw: 37 64 32 61 0d 0a 0a 2f 2a 21 0a 20 2a 20 57 65 62 66 6c 6f 77 3a 20 46 72 6f 6e 74 2d 65 6e 64 20 73 69 74 65 20 6c 69 62 72 61 72 79 0a 20 2a 20 40 6c 69 63 65 6e 73 65 20 4d 49 54 0a 20 2a 20 49 6e 6c 69 6e 65 20 73 63 72 69 70 74 73 20 6d 61 79 20 61 63 63 65 73 73 20 74 68 65 20 61 70 69 20 75 73 69 6e 67 20 61 6e 20 61 73 79 6e 63 20 68 61 6e 64 6c 65 72 3a 0a 20 2a 20 20 20 76 61 72 20 57 65 62 66 6c 6f 77 20 3d 20 57 65 62 66 6c 6f 77 20 7c 7c 20 5b 5d 3b 0a 20 2a 20 20 20 57 65 62 66 6c 6f 77 2e 70 75 73 68 28 72 65 61 64 79 46 75 6e 63 74 69 6f 6e 29 3b 0a 20 2a 2f 0a 0a 28 28 29 3d 3e 7b 76 61 72 20 67 50 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3b 76 61 72 20 4f 69 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 Data Ascii: 7d2a/! Webflow: Front-end site library * @license MIT * Inline scripts may access the api using an async handler: * var Webflow = Webflow \|\| []; * Webflow.push(readyFunction); */(()=>{var gP=Object.create;var Oi=Object.defineProperty;var
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 21 3d 6e 75 6c 6c 3f 67 50 28 62 50 28 65 29 29 3a 7b 7d 2c 68 68 28 74 7c 7c 21 65 7c 7c 21 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 4f 69 28 72 2c 22 64 65 66 61 75 6c 74 22 2c 7b 76 61 6c 75 65 3a 65 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 7d 29 3a 72 2c 65 29 29 2c 63 74 3d 65 3d 3e 68 68 28 4f 69 28 7b 7d 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 65 29 3b 76 61 72 20 6a 73 3d 62 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 77 69 6e 64 6f 77 2e 74 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 52 2c 57 29 7b 76 61 72 20 58 3d 6e 65 77 20 54 2e 42 61 72 65 3b 72 65 74 75 72 6e 20 58 2e 69 6e 69 74 28 52 2c 57 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 52 29 7b 72 65 74 75 72 Data Ascii: !=null?gP(bP(e)):{},hh(t\|\|!e\|\|!e.__esModule?Oi(r,"default",{value:e,enumerable:!0}):r,e)),ct=e=>hh(Oi({},"__esModule",{value:!0}),e);var js=b(()=>{"use strict";window.tram=function(e){function t(R,W){var X=new T.Bare;return X.init(R,W)}function r(R){retur
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 65 29 3f 68 65 3d 47 65 2e 63 61 6c 6c 28 69 65 2c 5f 74 2c 54 65 2c 69 65 2c 6f 65 29 3a 51 28 47 65 29 26 26 28 68 65 3d 47 65 29 2c 51 28 68 65 29 29 66 6f 72 28 76 61 72 20 49 6e 20 69 6e 20 68 65 29 57 2e 63 61 6c 6c 28 68 65 2c 49 6e 29 26 26 28 5f 74 5b 49 6e 5d 3d 68 65 5b 49 6e 5d 29 3b 72 65 74 75 72 6e 20 4b 28 5f 74 2e 69 6e 69 74 29 7c 7c 28 5f 74 2e 69 6e 69 74 3d 6f 65 29 2c 69 65 7d 2c 69 65 2e 6f 70 65 6e 28 64 65 29 7d 72 65 74 75 72 6e 20 61 65 7d 28 22 70 72 6f 74 6f 74 79 70 65 22 2c 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 29 2c 6d 3d 7b 65 61 73 65 3a 5b 22 65 61 73 65 22 2c 66 75 6e 63 74 69 6f 6e 28 52 2c 57 2c 58 2c 51 29 7b 76 61 72 20 4b 3d 28 52 2f 3d 51 29 2a 52 2c 5a 3d 4b 2a 52 3b 72 65 74 75 72 6e 20 57 2b 58 2a Data Ascii: e)?he=Ge.call(ie,_t,Te,ie,oe):Q(Ge)&&(he=Ge),Q(he))for(var In in he)W.call(he,In)&&(_t[In]=he[In]);return K(_t.init)\|\|(_t.init=oe),ie},ie.open(de)}return ae}("prototype",{}.hasOwnProperty),m={ease:["ease",function(R,W,X,Q){var K=(R/=Q)R,Z=KR;return W+X*
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 30 2e 30 33 30 2c 20 30 2e 36 38 35 2c 20 30 2e 32 32 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 52 2c 57 2c 58 2c 51 29 7b 72 65 74 75 72 6e 20 58 2a 28 52 2f 3d 51 29 2a 52 2a 52 2a 52 2b 57 7d 5d 2c 22 65 61 73 65 2d 6f 75 74 2d 71 75 61 72 74 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 31 36 35 2c 20 30 2e 38 34 30 2c 20 30 2e 34 34 30 2c 20 31 29 22 2c 66 75 6e 63 74 69 6f 6e 28 52 2c 57 2c 58 2c 51 29 7b 72 65 74 75 72 6e 2d 58 2a 28 28 52 3d 52 2f 51 2d 31 29 2a 52 2a 52 2a 52 2d 31 29 2b 57 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 71 75 61 72 74 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 37 37 30 2c 20 30 2c 20 30 2e 31 37 35 2c 20 31 29 22 2c 66 75 6e 63 74 69 6f 6e 28 52 2c 57 2c 58 2c 51 29 7b 72 65 74 75 72 6e 28 Data Ascii: 0.030, 0.685, 0.220)",function(R,W,X,Q){return X(R/=Q)RRR+W}],"ease-out-quart":["cubic-bezier(0.165, 0.840, 0.440, 1)",function(R,W,X,Q){return-X((R=R/Q-1)RRR-1)+W}],"ease-in-out-quart":["cubic-bezier(0.770, 0, 0.175, 1)",function(R,W,X,Q){return(
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 32 2a 28 2d 4d 61 74 68 2e 70 6f 77 28 32 2c 2d 31 30 2a 2d 2d 52 29 2b 32 29 2b 57 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 63 69 72 63 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 36 30 30 2c 20 30 2e 30 34 30 2c 20 30 2e 39 38 30 2c 20 30 2e 33 33 35 29 22 2c 66 75 6e 63 74 69 6f 6e 28 52 2c 57 2c 58 2c 51 29 7b 72 65 74 75 72 6e 2d 58 2a 28 4d 61 74 68 2e 73 71 72 74 28 31 2d 28 52 2f 3d 51 29 2a 52 29 2d 31 29 2b 57 7d 5d 2c 22 65 61 73 65 2d 6f 75 74 2d 63 69 72 63 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 30 37 35 2c 20 30 2e 38 32 30 2c 20 30 2e 31 36 35 2c 20 31 29 22 2c 66 75 6e 63 74 69 6f 6e 28 52 2c 57 2c 58 2c 51 29 7b 72 65 74 75 72 6e 20 58 2a 4d 61 74 68 2e 73 71 72 74 28 31 2d 28 52 3d 52 2f 51 2d 31 29 2a 52 29 2b Data Ascii: 2(-Math.pow(2,-10--R)+2)+W}],"ease-in-circ":["cubic-bezier(0.600, 0.040, 0.980, 0.335)",function(R,W,X,Q){return-X(Math.sqrt(1-(R/=Q)R)-1)+W}],"ease-out-circ":["cubic-bezier(0.075, 0.820, 0.165, 1)",function(R,W,X,Q){return XMath.sqrt(1-(R=R/Q-1)R)+
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 2c 22 2d 6f 2d 22 2c 22 2d 6d 73 2d 22 5d 2c 56 3d 66 75 6e 63 74 69 6f 6e 28 52 29 7b 69 66 28 52 20 69 6e 20 6b 2e 73 74 79 6c 65 29 72 65 74 75 72 6e 7b 64 6f 6d 3a 52 2c 63 73 73 3a 52 7d 3b 76 61 72 20 57 2c 58 2c 51 3d 22 22 2c 4b 3d 52 2e 73 70 6c 69 74 28 22 2d 22 29 3b 66 6f 72 28 57 3d 30 3b 57 3c 4b 2e 6c 65 6e 67 74 68 3b 57 2b 2b 29 51 2b 3d 4b 5b 57 5d 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 4b 5b 57 5d 2e 73 6c 69 63 65 28 31 29 3b 66 6f 72 28 57 3d 30 3b 57 3c 4f 2e 6c 65 6e 67 74 68 3b 57 2b 2b 29 69 66 28 58 3d 4f 5b 57 5d 2b 51 2c 58 20 69 6e 20 6b 2e 73 74 79 6c 65 29 72 65 74 75 72 6e 7b 64 6f 6d 3a 58 2c 63 73 73 3a 71 5b 57 5d 2b 52 7d 7d 2c 6a 3d 74 2e 73 75 70 70 6f 72 74 3d 7b 62 69 6e 64 3a 46 Data Ascii: ,"-o-","-ms-"],V=function(R){if(R in k.style)return{dom:R,css:R};var W,X,Q="",K=R.split("-");for(W=0;W<K.length;W++)Q+=K[W].charAt(0).toUpperCase()+K[W].slice(1);for(W=0;W<O.length;W++)if(X=O[W]+Q,X in k.style)return{dom:X,css:q[W]+R}},j=t.support={bind:F
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 64 28 74 68 69 73 2e 61 63 74 69 76 65 3d 21 30 29 3b 69 66 28 67 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 76 65 29 7b 73 77 69 74 63 68 28 6c 65 29 7b 63 61 73 65 22 68 69 64 65 22 3a 69 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 73 74 6f 70 22 3a 61 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 72 65 64 72 61 77 22 3a 63 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 57 2e 63 61 6c 6c 28 74 68 69 73 2c 6c 65 2c 77 65 26 26 77 65 5b 31 5d 29 7d 72 65 74 75 72 6e 20 5a 2e 63 61 6c 6c 28 74 68 69 73 29 7d 69 66 28 67 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 20 76 6f 69 64 20 6c 65 2e 63 61 6c 6c 28 74 68 69 73 2c 74 68 69 73 29 3b 69 66 28 67 65 3d 3d Data Ascii: d(this.active=!0);if(ge=="string"&&ve){switch(le){case"hide":ie.call(this);break;case"stop":ae.call(this);break;case"redraw":ce.call(this);break;default:W.call(this,le,we&&we[1])}return Z.call(this)}if(ge=="function")return void le.call(this,this);if(ge==
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 50 29 7d 66 75 6e 63 74 69 6f 6e 20 64 65 28 6c 65 29 7b 74 79 70 65 6f 66 20 6c 65 21 3d 22 73 74 72 69 6e 67 22 26 26 28 6c 65 3d 22 62 6c 6f 63 6b 22 29 2c 74 68 69 73 2e 65 6c 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 6c 65 7d 66 75 6e 63 74 69 6f 6e 20 69 65 28 29 7b 61 65 2e 63 61 6c 6c 28 74 68 69 73 29 2c 74 68 69 73 2e 65 6c 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 65 22 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 29 7b 74 68 69 73 2e 65 6c 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 66 75 6e 63 74 69 6f 6e 20 68 65 28 29 7b 61 65 2e 63 61 6c 6c 28 74 68 69 73 29 2c 65 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 65 6c 2c 68 29 2c 74 68 69 73 2e 24 65 6c 3d 74 68 69 73 2e 65 6c 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 54 65 Data Ascii: P)}function de(le){typeof le!="string"&&(le="block"),this.el.style.display=le}function ie(){ae.call(this),this.el.style.display="none"}function ce(){this.el.offsetHeight}function he(){ae.call(this),e.removeData(this.el,h),this.$el=this.el=null}function Te
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 66 61 63 65 26 26 42 28 74 68 69 73 2e 65 6c 2c 6a 2e 62 61 63 6b 66 61 63 65 2e 63 73 73 2c 22 68 69 64 64 65 6e 22 29 7d 2c 6c 74 28 22 61 64 64 22 2c 57 29 2c 6c 74 28 22 73 74 61 72 74 22 2c 58 29 2c 6c 74 28 22 77 61 69 74 22 2c 51 29 2c 6c 74 28 22 74 68 65 6e 22 2c 4b 29 2c 6c 74 28 22 6e 65 78 74 22 2c 5a 29 2c 6c 74 28 22 73 74 6f 70 22 2c 61 65 29 2c 6c 74 28 22 73 65 74 22 2c 6f 65 29 2c 6c 74 28 22 73 68 6f 77 22 2c 64 65 29 2c 6c 74 28 22 68 69 64 65 22 2c 69 65 29 2c 6c 74 28 22 72 65 64 72 61 77 22 2c 63 65 29 2c 6c 74 28 22 64 65 73 74 72 6f 79 22 2c 68 65 29 7d 29 2c 54 3d 63 28 77 2c 66 75 6e 63 74 69 6f 6e 28 52 29 7b 66 75 6e 63 74 69 6f 6e 20 57 28 58 2c 51 29 7b 76 61 72 20 4b 3d 65 2e 64 61 74 61 28 58 2c 68 29 7c 7c 65 2e 64 61 74 Data Ascii: face&&B(this.el,j.backface.css,"hidden")},lt("add",W),lt("start",X),lt("wait",Q),lt("then",K),lt("next",Z),lt("stop",ae),lt("set",oe),lt("show",de),lt("hide",ie),lt("redraw",ce),lt("destroy",he)}),T=c(w,function(R){function W(X,Q){var K=e.data(X,h)\|\|e.dat
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 67 3d 74 68 69 73 2e 6e 61 6d 65 2b 41 2b 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 2b 22 6d 73 22 2b 28 74 68 69 73 2e 65 61 73 65 21 3d 22 65 61 73 65 22 3f 41 2b 6d 5b 74 68 69 73 2e 65 61 73 65 5d 5b 30 5d 3a 22 22 29 2b 28 74 68 69 73 2e 64 65 6c 61 79 3f 41 2b 74 68 69 73 2e 64 65 6c 61 79 2b 22 6d 73 22 3a 22 22 29 29 7d 2c 52 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 5a 29 7b 5a 3d 74 68 69 73 2e 63 6f 6e 76 65 72 74 28 5a 2c 74 68 69 73 2e 74 79 70 65 29 2c 74 68 69 73 2e 75 70 64 61 74 65 28 5a 29 2c 74 68 69 73 2e 72 65 64 72 61 77 28 29 7d 2c 52 2e 74 72 61 6e 73 69 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 5a 29 7b 74 68 69 73 2e 61 63 74 69 76 65 3d 21 30 2c 5a 3d 74 68 69 73 2e 63 6f 6e 76 65 72 74 28 5a 2c 74 68 69 73 2e 74 79 70 65 29 2c 74 Data Ascii: g=this.name+A+this.duration+"ms"+(this.ease!="ease"?A+m[this.ease][0]:"")+(this.delay?A+this.delay+"ms":""))},R.set=function(Z){Z=this.convert(Z,this.type),this.update(Z),this.redraw()},R.transition=function(Z){this.active=!0,Z=this.convert(Z,this.type),t

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	552	OUT	GET /rich-text-enhancer/bundle.v1.0.0.js HTTP/1.1 Host: tools.refokus.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	504	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Age: 7767430 Cache-Control: public, max-age=0, must-revalidate Content-Disposition: inline; filename="bundle.v1.0.0.js" Content-Length: 1681 Content-Type: application/javascript; charset=utf-8 Date: Fri, 20 Sep 2024 12:29:08 GMT Etag: "bfd9ff53d0c1baa43dbb0f44751f23e9" Server: Vercel Strict-Transport-Security: max-age=63072000 X-Vercel-Cache: HIT X-Vercel-Id: iad1::srbj2-1726835348348-41972f47d3f8 Connection: close
2024-09-20 12:29:09 UTC	1681	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 74 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 65 78 70 6f 72 74 73 2e 57 65 62 66 6c 6f 77 54 6f 6f 6c 73 3d 74 28 29 3a 65 2e 57 65 62 66 6c 6f 77 54 6f 6f 6c 73 3d 74 28 29 7d 28 73 65 6c 66 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 Data Ascii: !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.WebflowTools=t():e.WebflowTools=t()}(self,(function(){return function(){"use strict";va

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Exploits

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 1000

Chrome Cache Entry: 1001

Chrome Cache Entry: 1002

Chrome Cache Entry: 1003

Chrome Cache Entry: 1004

Chrome Cache Entry: 1005

Chrome Cache Entry: 1006

Chrome Cache Entry: 375

Chrome Cache Entry: 376

Chrome Cache Entry: 377

Chrome Cache Entry: 378

Chrome Cache Entry: 379

Chrome Cache Entry: 380

Chrome Cache Entry: 381

Chrome Cache Entry: 382

Chrome Cache Entry: 383

Chrome Cache Entry: 384

Chrome Cache Entry: 385

Chrome Cache Entry: 386

Chrome Cache Entry: 387

Chrome Cache Entry: 388

Chrome Cache Entry: 389

Chrome Cache Entry: 390

Chrome Cache Entry: 391

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:08 UTC	527	OUT	GET /3911692.js HTTP/1.1 Host: js.hs-scripts.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	987	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:08 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 2932 Connection: close Cf-Bgj: minify Cf-Polished: origSize=3044 access-control-allow-credentials: true access-control-allow-origin: https://www.huntress.com access-control-max-age: 3600 vary: origin x-content-type-options: nosniff x-envoy-upstream-service-time: 9 x-evy-trace-listener: listener_https x-evy-trace-route-configuration: listener_https/all x-evy-trace-route-service-name: envoyset-translator x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-58bbf9c46c-pccwh x-evy-trace-virtual-host: all x-hubspot-correlation-id: f49807b5-08a0-4e04-b56c-ba16bf3b1f5b x-request-id: f49807b5-08a0-4e04-b56c-ba16bf3b1f5b Last-Modified: Fri, 20 Sep 2024 12:27:35 GMT CF-Cache-Status: HIT Age: 38 Expires: Fri, 20 Sep 2024 12:30:38 GMT Cache-Control: public, max-age=90 Accept-Ranges: bytes Server: cloudflare CF-RAY: 8c61d1bf69af41c3-EWR
2024-09-20 12:29:09 UTC	382	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 69 66 28 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 74 29 29 7b 76 61 72 20 6e 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 66 6f 72 28 76 61 72 20 61 20 69 6e 20 6e 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6a 73 2e 68 75 62 73 70 6f 74 2e 63 6f 6d 2f 77 65 62 2d 69 6e 74 65 72 61 63 74 69 76 65 73 2d 65 6d 62 65 64 2e 6a 73 22 2c 6e 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 6e 2e 69 64 3d 74 2c 72 29 72 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 61 29 26 26 6e 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 61 2c 72 5b 61 5d 29 3b 76 61 72 20 69 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 Data Ascii: !function(t,e,r){if(!document.getElementById(t)){var n=document.createElement("script");for(var a in n.src="https://js.hubspot.com/web-interactives-embed.js",n.type="text/javascript",n.id=t,r)r.hasOwnProperty(a)&&n.setAttribute(a,r[a]);var i=document.getE
2024-09-20 12:29:09 UTC	1369	IN	Data Raw: 64 61 74 61 2d 6c 6f 61 64 65 72 22 3a 22 68 73 2d 73 63 72 69 70 74 6c 6f 61 64 65 72 22 2c 22 64 61 74 61 2d 68 73 6a 73 2d 70 6f 72 74 61 6c 22 3a 33 39 31 31 36 39 32 2c 22 64 61 74 61 2d 68 73 6a 73 2d 65 6e 76 22 3a 22 70 72 6f 64 22 2c 22 64 61 74 61 2d 68 73 6a 73 2d 68 75 62 6c 65 74 22 3a 22 6e 61 31 22 7d 29 3b 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 69 66 28 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 74 29 29 7b 76 61 72 20 6e 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 66 6f 72 28 76 61 72 20 61 20 69 6e 20 6e 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6a 73 2e 68 73 6c 65 61 64 66 6c 6f 77 73 2e 6e 65 74 2f 6c 65 61 64 66 6c 6f 77 73 2e 6a 73 Data Ascii: data-loader":"hs-scriptloader","data-hsjs-portal":3911692,"data-hsjs-env":"prod","data-hsjs-hublet":"na1"});!function(t,e,r){if(!document.getElementById(t)){var n=document.createElement("script");for(var a in n.src="https://js.hsleadflows.net/leadflows.js
2024-09-20 12:29:09 UTC	1181	IN	Data Raw: 37 32 36 38 33 35 31 30 30 30 30 30 2f 33 39 31 31 36 39 32 2e 6a 73 22 2c 63 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 63 2e 69 64 3d 65 3b 76 61 72 20 6e 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 63 2c 6e 29 7d 7d 28 22 68 73 2d 61 6e 61 6c 79 74 69 63 73 22 29 3b 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 69 66 28 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 74 29 29 7b 76 61 72 20 6e 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 66 6f 72 28 76 61 72 20 61 20 69 6e Data Ascii: 726835100000/3911692.js",c.type="text/javascript",c.id=e;var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(c,n)}}("hs-analytics");!function(t,e,r){if(!document.getElementById(t)){var n=document.createElement("script");for(var a in

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:09 UTC	557	OUT	GET /gleeda/7d3165787015692aec4d2aad740ab8fe.js HTTP/1.1 Host: gist.github.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	543	IN	HTTP/1.1 200 OK Server: GitHub.com Date: Fri, 20 Sep 2024 12:29:09 GMT Content-Type: text/javascript; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With ETag: W/"4c00829bcd392faf52545ec1f9afd960" Cache-Control: max-age=0, private, must-revalidate Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
2024-09-20 12:29:09 UTC	3377	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co
2024-09-20 12:29:09 UTC	800	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 67 68 5f 73 65 73 73 3d 62 33 67 4c 51 6e 64 44 47 41 79 67 78 76 4d 43 45 46 68 70 4b 4c 46 63 50 66 76 50 69 66 54 25 32 42 73 63 77 6c 53 58 57 33 4e 47 36 6b 4d 5a 46 57 37 45 6b 64 6b 48 54 44 4b 65 69 4f 41 79 6f 65 49 35 25 32 46 43 72 25 32 46 57 71 43 6b 7a 54 42 46 44 50 63 4f 54 70 50 31 34 6e 4c 34 48 55 32 65 33 43 74 5a 35 68 46 71 48 79 38 32 52 64 70 38 54 25 32 42 57 77 5a 25 32 46 6d 6d 74 53 4d 53 61 63 39 61 30 64 35 4e 49 4d 64 5a 36 76 4d 68 56 34 6f 4f 58 36 77 4a 36 64 50 6d 6f 49 77 30 69 34 5a 67 4e 52 38 6b 36 50 59 74 67 35 47 4b 58 74 59 4d 64 42 59 64 39 66 71 39 25 32 46 66 47 75 54 7a 68 4d 41 7a 30 37 45 30 46 42 25 32 46 69 4d 4c 77 6d 6b 25 32 42 51 76 53 54 44 47 42 6a 4a 39 78 61 Data Ascii: Set-Cookie: _gh_sess=b3gLQndDGAygxvMCEFhpKLFcPfvPifT%2BscwlSXW3NG6kMZFW7EkdkHTDKeiOAyoeI5%2FCr%2FWqCkzTBFDPcOTpP14nL4HU2e3CtZ5hFqHy82Rdp8T%2BWwZ%2FmmtSMSac9a0d5NIMdZ6vMhV4oOX6wJ6dPmoIw0i4ZgNR8k6PYtg5GKXtYMdBYd9fq9%2FfGuTzhMAz07E0FB%2FiMLwmk%2BQvSTDGBjJ9xa
2024-09-20 12:29:09 UTC	2130	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 67 69 73 74 2d 65 6d 62 65 64 2d 33 38 61 65 64 64 66 38 64 31 35 61 2e 63 73 73 22 3e 27 29 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 64 69 76 20 69 64 3d 5c 22 67 69 73 74 31 33 32 37 32 36 34 31 38 5c 22 20 63 6c 61 73 73 3d 5c 22 67 69 73 74 5c 22 3e 5c 6e 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 5c 22 67 69 73 74 2d 66 69 6c 65 5c 22 20 74 72 61 6e 73 6c 61 74 65 3d 5c 22 6e 6f 5c 22 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 5c 22 6c 69 67 68 74 5c 22 20 64 61 74 61 2d 6c 69 67 Data Ascii: document.write('<link rel="stylesheet" href="https://github.githubassets.com/assets/gist-embed-38aeddf8d15a.css">')document.write('<div id=\"gist132726418\" class=\"gist\">\n <div class=\"gist-file\" translate=\"no\" data-color-mode=\"light\" data-lig
2024-09-20 12:29:09 UTC	1370	IN	Data Raw: 5c 22 20 76 65 72 73 69 6f 6e 3d 5c 22 31 2e 31 5c 22 20 77 69 64 74 68 3d 5c 22 31 36 5c 22 20 64 61 74 61 2d 76 69 65 77 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 5c 22 74 72 75 65 5c 22 20 63 6c 61 73 73 3d 5c 22 6f 63 74 69 63 6f 6e 20 6f 63 74 69 63 6f 6e 2d 61 6c 65 72 74 5c 22 3e 5c 6e 20 20 20 20 3c 70 61 74 68 20 64 3d 5c 22 4d 36 2e 34 35 37 20 31 2e 30 34 37 63 2e 36 35 39 2d 31 2e 32 33 34 20 32 2e 34 32 37 2d 31 2e 32 33 34 20 33 2e 30 38 36 20 30 6c 36 2e 30 38 32 20 31 31 2e 33 37 38 41 31 2e 37 35 20 31 2e 37 35 20 30 20 30 20 31 20 31 34 2e 30 38 32 20 31 35 48 31 2e 39 31 38 61 31 2e 37 35 20 31 2e 37 35 20 30 20 30 20 31 2d 31 2e 35 34 33 2d 32 2e 35 37 35 5a 6d 31 2e 37 36 33 2e 37 30 37 61 2e 32 35 2e 32 35 20 30 20 30 20 30 2d 2e 34 34 20 30 Data Ascii: \" version=\"1.1\" width=\"16\" data-view-component=\"true\" class=\"octicon octicon-alert\">\n <path d=\"M6.457 1.047c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0 1 14.082 15H1.918a1.75 1.75 0 0 1-1.543-2.575Zm1.763.707a.25.25 0 0 0-.44 0
2024-09-20 12:29:09 UTC	1370	IN	Data Raw: 63 6b 65 72 2d 63 6f 6d 6d 61 6e 64 73 2d 4c 43 32 5c 22 20 63 6c 61 73 73 3d 5c 22 62 6c 6f 62 2d 63 6f 64 65 20 62 6c 6f 62 2d 63 6f 64 65 2d 69 6e 6e 65 72 20 6a 73 2d 66 69 6c 65 2d 6c 69 6e 65 5c 22 3e 26 71 75 6f 74 3b 43 3a 5c 5c 57 69 6e 64 6f 77 73 5c 5c 73 79 73 74 65 6d 33 32 5c 5c 63 6d 64 2e 65 78 65 26 71 75 6f 74 3b 20 2f 63 20 77 6d 69 63 20 75 73 65 72 61 63 63 6f 75 6e 74 20 77 68 65 72 65 20 28 64 6f 6d 61 69 6e 3d 26 71 75 6f 74 3b 25 43 4f 4d 50 55 54 45 52 4e 41 4d 45 25 26 71 75 6f 74 3b 29 20 67 65 74 20 6e 61 6d 65 3c 5c 2f 74 64 3e 5c 6e 20 20 20 20 20 20 20 20 3c 5c 2f 74 72 3e 5c 6e 20 20 20 20 20 20 20 20 3c 74 72 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 69 64 3d 5c 22 66 69 6c 65 2d 66 6f 75 6e 64 61 74 69 6f 6e 2d Data Ascii: cker-commands-LC2\" class=\"blob-code blob-code-inner js-file-line\">"C:\\Windows\\system32\\cmd.exe" /c wmic useraccount where (domain="%COMPUTERNAME%") get name<\/td>\n <\/tr>\n <tr>\n <td id=\"file-foundation-
2024-09-20 12:29:09 UTC	1370	IN	Data Raw: 68 79 73 69 63 61 6c 4d 65 6d 6f 72 79 3c 5c 2f 74 64 3e 5c 6e 20 20 20 20 20 20 20 20 3c 5c 2f 74 72 3e 5c 6e 20 20 20 20 20 20 20 20 3c 74 72 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 69 64 3d 5c 22 66 69 6c 65 2d 66 6f 75 6e 64 61 74 69 6f 6e 2d 73 6f 66 74 77 61 72 65 2d 61 74 74 61 63 6b 65 72 2d 63 6f 6d 6d 61 6e 64 73 2d 4c 36 5c 22 20 63 6c 61 73 73 3d 5c 22 62 6c 6f 62 2d 6e 75 6d 20 6a 73 2d 6c 69 6e 65 2d 6e 75 6d 62 65 72 20 6a 73 2d 63 6f 64 65 2d 6e 61 76 2d 6c 69 6e 65 2d 6e 75 6d 62 65 72 20 6a 73 2d 62 6c 6f 62 2d 72 6e 75 6d 5c 22 20 64 61 74 61 2d 6c 69 6e 65 2d 6e 75 6d 62 65 72 3d 5c 22 36 5c 22 3e 3c 5c 2f 74 64 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 69 64 3d 5c 22 66 69 6c 65 2d 66 6f 75 6e 64 61 74 69 6f 6e 2d Data Ascii: hysicalMemory<\/td>\n <\/tr>\n <tr>\n <td id=\"file-foundation-software-attacker-commands-L6\" class=\"blob-num js-line-number js-code-nav-line-number js-blob-rnum\" data-line-number=\"6\"><\/td>\n <td id=\"file-foundation-
2024-09-20 12:29:09 UTC	576	IN	Data Raw: 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6c 65 65 64 61 2f 37 64 33 31 36 35 37 38 37 30 31 35 36 39 32 61 65 63 34 64 32 61 61 64 37 34 30 61 62 38 66 65 2f 72 61 77 2f 65 65 32 31 35 35 64 39 37 63 32 65 33 38 61 30 30 61 66 32 35 65 65 39 61 31 36 63 66 33 34 66 64 36 63 65 35 65 65 38 2f 46 6f 75 6e 64 61 74 69 6f 6e 25 32 30 53 6f 66 74 77 61 72 65 25 32 30 41 74 74 61 63 6b 65 72 25 32 30 43 6f 6d 6d 61 6e 64 73 5c 22 20 73 74 79 6c 65 3d 5c 22 66 6c 6f 61 74 3a 72 69 67 68 74 5c 22 20 63 6c 61 73 73 3d 5c 22 4c 69 6e 6b 2d 2d 69 6e 54 65 78 74 42 6c 6f 63 6b 5c 22 3e 76 69 65 77 20 72 61 77 3c 5c 2f 61 3e 5c 6e 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 5c 22 68 74 74 70 73 3a 2f 2f 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 67 6c Data Ascii: ist.github.com/gleeda/7d3165787015692aec4d2aad740ab8fe/raw/ee2155d97c2e38a00af25ee9a16cf34fd6ce5ee8/Foundation%20Software%20Attacker%20Commands\" style=\"float:right\" class=\"Link--inTextBlock\">view raw<\/a>\n <a href=\"https://gist.github.com/gl

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:09 UTC	623	OUT	GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.huntress.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:09 UTC	574	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 89476 Connection: close Last-Modified: Mon, 20 Jul 2020 17:53:02 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 19 Sep 2024 22:17:50 GMT Cache-Control: max-age=84600, must-revalidate Etag: "dc5e7f18c8d36ac1d3d4753a87c98d0a" Vary: Accept-Encoding Via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront) Age: 51082 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P4 X-Amz-Cf-Id: 64t7jcE98SeKlHq5UJBfwEo1jHKitwr-3pqEkseh9MR3wv2D-w6yqA==
2024-09-20 12:29:09 UTC	15810	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 Data Ascii: /! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
2024-09-20 12:29:09 UTC	16384	IN	Data Raw: 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 3d 79 21 3d 3d 6d 3f 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 3a 22 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 22 2c 63 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 78 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 70 3d 21 6e 26 26 21 78 2c 64 3d 21 31 3b 69 66 28 63 29 7b 69 66 28 79 29 7b 77 68 69 6c 65 28 6c 29 7b 61 3d 65 3b 77 68 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e Data Ascii: ction(e){return!!e.parentNode}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return
2024-09-20 12:29:09 UTC	16384	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 64 6f 53 63 72 6f 6c 6c 3f 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 53 2e 72 65 61 64 79 29 3a 28 45 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 42 29 2c 43 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 42 29 29 3b 76 61 72 20 24 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 29 7b 76 61 72 20 73 3d 30 2c 75 3d 65 2e 6c 65 6e 67 74 68 2c 6c 3d 6e 75 6c 6c 3d 3d 6e 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 28 6e 29 29 66 6f 72 28 73 20 69 6e 20 69 3d 21 30 2c 6e 29 24 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 Data Ascii: documentElement.doScroll?C.setTimeout(S.ready):(E.addEventListener("DOMContentLoaded",B),C.addEventListener("load",B));var $=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(
2024-09-20 12:29:09 UTC	16384	IN	Data Raw: 6f 6e 63 65 3a 75 2e 6e 6f 6e 63 65 7c 7c 75 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 7d 2c 6c 29 3a 62 28 75 2e 74 65 78 74 43 6f 6e 74 65 6e 74 2e 72 65 70 6c 61 63 65 28 6a 65 2c 22 22 29 2c 75 2c 6c 29 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 74 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 2c 69 3d 74 3f 53 2e 66 69 6c 74 65 72 28 74 2c 65 29 3a 65 2c 6f 3d 30 3b 6e 75 6c 6c 21 3d 28 72 3d 69 5b 6f 5d 29 3b 6f 2b 2b 29 6e 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 63 6c 65 61 6e 44 61 74 61 28 76 65 28 72 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 6e 26 26 69 65 28 72 29 26 26 79 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e Data Ascii: once:u.nonce\|\|u.getAttribute("nonce")},l):b(u.textContent.replace(je,""),u,l))}return n}function Re(e,t,n){for(var r,i=t?S.filter(t,e):e,o=0;null!=(r=i[o]);o++)n\|\|1!==r.nodeType\|\|S.cleanData(ve(r)),r.parentNode&&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.
2024-09-20 12:29:09 UTC	16384	IN	Data Raw: 29 7b 72 65 74 75 72 6e 20 72 3d 53 2e 66 78 26 26 53 2e 66 78 2e 73 70 65 65 64 73 5b 72 5d 7c 7c 72 2c 65 3d 65 7c 7c 22 66 78 22 2c 74 68 69 73 2e 71 75 65 75 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 72 29 3b 74 2e 73 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 43 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6e 29 7d 7d 29 7d 2c 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 69 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 Data Ascii: ){return r=S.fx&&S.fx.speeds[r]\|\|r,e=e\|\|"fx",this.queue(e,function(e,t){var n=C.setTimeout(e,r);t.stop=function(){C.clearTimeout(n)}})},rt=E.createElement("input"),it=E.createElement("select").appendChild(E.createElement("option")),rt.type="checkbox",y.ch
2024-09-20 12:29:09 UTC	8130	IN	Data Raw: 7b 53 28 74 68 69 73 29 2e 72 65 70 6c 61 63 65 57 69 74 68 28 74 68 69 73 2e 63 68 69 6c 64 4e 6f 64 65 73 29 7d 29 2c 74 68 69 73 7d 7d 29 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 Data Ascii: {S(this).replaceWith(this.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth\|\|e.offsetHeight\|\|e.getClientRects().length)},S.ajaxSettings.xhr=function(){try{re

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:09 UTC	440	OUT	GET /655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:10 UTC	649	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:09 GMT Content-Type: image/svg+xml Content-Length: 407 Connection: close x-amz-id-2: iNGut8bC/ryAFxlgEGt3yoo5ijja+4Jl6ix5fm6TBtea9dOyTIKNnMhz2rL0wq1mDAjErOlaVGU= x-amz-request-id: FVC7HZ8HVBFX4HXK Last-Modified: Fri, 24 Nov 2023 10:23:48 GMT ETag: "7b97da408ecd186da2775e85d3b5fc35" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: 6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF CF-Cache-Status: HIT Age: 9743758 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1c95c628ce0-EWR alt-svc: h3=":443"; ma=86400
2024-09-20 12:29:10 UTC	407	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 33 2e 38 31 38 22 20 68 65 69 67 68 74 3d 22 35 2e 38 38 33 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 33 2e 38 31 38 20 35 2e 38 38 33 22 3e 0d 0a 20 20 3c 67 20 69 64 3d 22 53 65 63 6f 6e 64 61 72 79 5f 54 65 78 74 5f 43 54 41 5f 42 6c 61 63 6b 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 53 65 63 6f 6e 64 61 72 79 20 54 65 78 74 20 43 54 41 20 42 6c 61 63 6b 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 20 35 2e 38 38 33 29 20 72 6f 74 61 74 65 28 2d 39 30 29 22 3e 0d 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 50 61 74 68 5f 34 34 36 39 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 50 61 74 68 20 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="3.818" height="5.883" viewBox="0 0 3.818 5.883"> <g id="Secondary_Text_CTA_Black" data-name="Secondary Text CTA Black" transform="translate(0 5.883) rotate(-90)"> <path id="Path_4469" data-name="Path

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:10 UTC	552	OUT	GET /us1/v5/datadog-rum.js HTTP/1.1 Host: www.datadoghq-browser-agent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:10 UTC	590	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 165755 Connection: close Last-Modified: Wed, 18 Sep 2024 17:10:42 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Fri, 20 Sep 2024 12:29:11 GMT Cache-Control: max-age=14400, s-maxage=60 ETag: "d94ed3395587080509add3c99878f7f2" Vary: Accept-Encoding X-Cache: RefreshHit from cloudfront Via: 1.1 f741e5a55bc5bd136ac1f5406bb11d88.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P10 X-Amz-Cf-Id: ETJ7_yotFe_UCbaS9jZGekIgwCj8MNclK9oZm98jTp0LH7CH5EtLRA== Timing-Allow-Origin: *
2024-09-20 12:29:10 UTC	15794	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 7b 6c 6f 67 3a 22 6c 6f 67 22 2c 64 65 62 75 67 3a 22 64 65 62 75 67 22 2c 69 6e 66 6f 3a 22 69 6e 66 6f 22 2c 77 61 72 6e 3a 22 77 61 72 6e 22 2c 65 72 72 6f 72 3a 22 65 72 72 6f 72 22 7d 2c 65 3d 63 6f 6e 73 6f 6c 65 2c 6e 3d 7b 7d 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 5b 74 5d 3d 65 5b 74 5d 7d 29 29 3b 76 61 72 20 72 3d 22 44 61 74 61 64 6f 67 20 42 72 6f 77 73 65 72 20 53 44 4b 3a 22 2c 69 3d 7b 64 65 62 75 67 3a 6e 2e 64 65 62 75 67 2e 62 69 6e 64 28 65 2c 72 29 2c 6c 6f 67 3a 6e 2e 6c 6f 67 2e 62 69 6e 64 28 65 2c 72 29 2c 69 6e 66 6f 3a 6e 2e 69 6e 66 6f 2e 62 69 6e 64 28 65 2c 72 Data Ascii: !function(){"use strict";var t={log:"log",debug:"debug",info:"info",warn:"warn",error:"error"},e=console,n={};Object.keys(t).forEach((function(t){n[t]=e[t]}));var r="Datadog Browser SDK:",i={debug:n.debug.bind(e,r),log:n.log.bind(e,r),info:n.info.bind(e,r
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 6e 2c 63 6f 6e 6e 65 63 74 69 76 69 74 79 3a 75 65 28 29 7d 29 2c 65 78 70 65 72 69 6d 65 6e 74 61 6c 5f 66 65 61 74 75 72 65 73 3a 67 28 44 74 28 29 29 7d 2c 76 6f 69 64 20 30 21 3d 3d 72 3f 72 28 29 3a 7b 7d 29 7d 28 74 2c 6e 2c 75 29 3b 69 2e 6e 6f 74 69 66 79 28 63 29 2c 73 65 28 22 74 65 6c 65 6d 65 74 72 79 22 2c 63 29 2c 6f 2e 61 64 64 28 61 29 7d 7d 2c 63 3d 79 65 2c 7b 73 65 74 43 6f 6e 74 65 78 74 50 72 6f 76 69 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 3d 74 7d 2c 6f 62 73 65 72 76 61 62 6c 65 3a 69 2c 65 6e 61 62 6c 65 64 3a 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 5f 65 28 65 2c 6e 29 7b 68 28 74 2e 64 65 62 75 67 2c 65 2c 6e 29 2c 6d 65 28 53 28 7b 74 79 70 65 3a 66 65 2e 6c 6f 67 2c 6d 65 73 73 61 67 65 3a 65 2c 73 74 61 74 75 73 3a 22 Data Ascii: n,connectivity:ue()}),experimental_features:g(Dt())},void 0!==r?r():{})}(t,n,u);i.notify(c),se("telemetry",c),o.add(a)}},c=ye,{setContextProvider:function(t){r=t},observable:i,enabled:a}}function _e(e,n){h(t.debug,e,n),me(S({type:fe.log,message:e,status:"
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 64 7c 7c 74 2e 74 72 61 63 65 43 6f 6e 74 65 78 74 49 6e 6a 65 63 74 69 6f 6e 3d 3d 3d 42 6e 2e 41 4c 4c 29 65 2e 74 72 61 63 65 49 64 3d 59 6e 28 29 2c 65 2e 73 70 61 6e 49 64 3d 59 6e 28 29 2c 72 28 28 69 3d 65 2e 74 72 61 63 65 49 64 2c 6f 3d 65 2e 73 70 61 6e 49 64 2c 61 3d 65 2e 74 72 61 63 65 53 61 6d 70 6c 65 64 2c 73 3d 63 2e 70 72 6f 70 61 67 61 74 6f 72 54 79 70 65 73 2c 75 3d 7b 7d 2c 73 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 64 61 74 61 64 6f 67 22 3a 53 28 75 2c 7b 22 78 2d 64 61 74 61 64 6f 67 2d 6f 72 69 67 69 6e 22 3a 22 72 75 6d 22 2c 22 78 2d 64 61 74 61 64 6f 67 2d 70 61 72 65 6e 74 2d 69 64 22 3a 6f 2e 74 6f 44 65 63 69 6d 61 6c 53 74 72 69 6e 67 28 29 2c 22 78 2d Data Ascii: d\|\|t.traceContextInjection===Bn.ALL)e.traceId=Yn(),e.spanId=Yn(),r((i=e.traceId,o=e.spanId,a=e.traceSampled,s=c.propagatorTypes,u={},s.forEach((function(t){switch(t){case"datadog":S(u,{"x-datadog-origin":"rum","x-datadog-parent-id":o.toDecimalString(),"x-
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 64 65 78 4f 66 28 64 2e 74 79 70 65 29 26 26 6b 3f 7b 69 64 3a 6b 7d 3a 76 6f 69 64 20 30 29 2c 73 79 6e 74 68 65 74 69 63 73 3a 76 2c 63 69 5f 74 65 73 74 3a 75 2e 67 65 74 28 29 2c 64 69 73 70 6c 61 79 3a 73 2e 67 65 74 28 29 2c 63 6f 6e 6e 65 63 74 69 76 69 74 79 3a 75 65 28 29 7d 2c 68 29 3b 78 2e 63 6f 6e 74 65 78 74 3d 57 28 53 2e 63 6f 6e 74 65 78 74 2c 79 2e 63 6f 6e 74 65 78 74 2c 5f 29 2c 22 68 61 73 5f 72 65 70 6c 61 79 22 69 6e 20 78 2e 73 65 73 73 69 6f 6e 7c 7c 28 78 2e 73 65 73 73 69 6f 6e 2e 68 61 73 5f 72 65 70 6c 61 79 3d 53 2e 68 61 73 52 65 70 6c 61 79 29 2c 22 76 69 65 77 22 3d 3d 3d 78 2e 74 79 70 65 26 26 28 78 2e 73 65 73 73 69 6f 6e 2e 73 61 6d 70 6c 65 64 5f 66 6f 72 5f 72 65 70 6c 61 79 3d 31 3d 3d 3d 77 2e 73 65 73 73 69 6f 6e Data Ascii: dexOf(d.type)&&k?{id:k}:void 0),synthetics:v,ci_test:u.get(),display:s.get(),connectivity:ue()},h);x.context=W(S.context,y.context,_),"has_replay"in x.session\|\|(x.session.has_replay=S.hasReplay),"view"===x.type&&(x.session.sampled_for_replay=1===w.session
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 73 65 6c 65 63 74 69 6f 6e 7d 29 29 3b 72 65 74 75 72 6e 20 74 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 68 61 73 45 72 72 6f 72 26 26 74 2e 61 64 64 46 72 75 73 74 72 61 74 69 6f 6e 28 22 65 72 72 6f 72 5f 63 6c 69 63 6b 22 29 2c 66 6f 28 74 29 26 26 21 6e 26 26 74 2e 61 64 64 46 72 75 73 74 72 61 74 69 6f 6e 28 22 64 65 61 64 5f 63 6c 69 63 6b 22 29 7d 29 29 2c 7b 69 73 52 61 67 65 3a 21 31 7d 7d 76 61 72 20 6c 6f 3d 27 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 72 Data Ascii: selection}));return t.forEach((function(t){t.hasError&&t.addFrustration("error_click"),fo(t)&&!n&&t.addFrustration("dead_click")})),{isRage:!1}}var lo='input:not([type="checkbox"]):not([type="radio"]):not([type="button"]):not([type="submit"]):not([type="r
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 2c 69 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 3a 72 28 29 7d 7d 7d 7d 28 6e 29 2c 73 3d 61 2e 67 65 74 56 69 65 77 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 2c 75 3d 61 2e 73 74 6f 70 56 69 65 77 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 2c 63 3d 31 2f 30 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 29 7b 65 2e 73 6f 72 74 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 65 2e 64 75 72 61 74 69 6f 6e 2d 74 2e 64 75 72 61 74 69 6f 6e 7d 29 29 2e 73 70 6c 69 63 65 28 72 61 29 7d 72 65 74 75 72 6e 7b 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 65 2e 66 69 6e 64 49 6e 64 65 78 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 Data Ascii: ,interactionCount:r()}}}}(n),s=a.getViewInteractionCount,u=a.stopViewInteractionCount,c=1/0,l=function(t){var e=[];function n(){e.sort((function(t,e){return e.duration-t.duration})).splice(ra)}return{process:function(t){var r=e.findIndex((function(e){retu
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 65 73 4c 69 6d 69 74 2c 69 3d 74 2e 64 75 72 61 74 69 6f 6e 4c 69 6d 69 74 2c 6f 3d 74 2e 70 61 67 65 45 78 69 74 4f 62 73 65 72 76 61 62 6c 65 2c 61 3d 74 2e 73 65 73 73 69 6f 6e 45 78 70 69 72 65 4f 62 73 65 72 76 61 62 6c 65 2c 73 3d 6f 2e 73 75 62 73 63 72 69 62 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 28 74 2e 72 65 61 73 6f 6e 29 7d 29 29 2c 75 3d 61 2e 73 75 62 73 63 72 69 62 65 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 28 22 73 65 73 73 69 6f 6e 5f 65 78 70 69 72 65 22 29 7d 29 29 2c 63 3d 6e 65 77 20 65 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 75 6e 73 75 62 73 63 72 69 62 65 28 29 2c 75 2e 75 6e 73 75 62 73 63 72 69 62 65 28 29 7d 7d 29 Data Ascii: esLimit,i=t.durationLimit,o=t.pageExitObservable,a=t.sessionExpireObservable,s=o.subscribe((function(t){return f(t.reason)})),u=a.subscribe((function(){return f("session_expire")})),c=new et((function(){return function(){s.unsubscribe(),u.unsubscribe()}})
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 4c 49 6e 70 75 74 45 6c 65 6d 65 6e 74 7c 7c 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 54 65 78 74 41 72 65 61 45 6c 65 6d 65 6e 74 7c 7c 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 53 65 6c 65 63 74 45 6c 65 6d 65 6e 74 29 26 26 63 28 65 29 7d 29 2c 7b 63 61 70 74 75 72 65 3a 21 30 2c 70 61 73 73 69 76 65 3a 21 30 7d 29 2e 73 74 6f 70 3b 69 66 28 61 29 72 3d 4c 3b 65 6c 73 65 7b 76 61 72 20 75 3d 5b 44 65 28 48 54 4d 4c 49 6e 70 75 74 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2c 22 76 61 6c 75 65 22 2c 63 29 2c 44 65 28 48 54 4d 4c 49 6e 70 75 74 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2c 22 63 68 65 63 6b 65 64 22 2c 63 29 2c 44 65 28 48 54 4d 4c 53 65 6c 65 63 74 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2c Data Ascii: LInputElement\|\|e instanceof HTMLTextAreaElement\|\|e instanceof HTMLSelectElement)&&c(e)}),{capture:!0,passive:!0}).stop;if(a)r=L;else{var u=[De(HTMLInputElement.prototype,"value",c),De(HTMLInputElement.prototype,"checked",c),De(HTMLSelectElement.prototype,
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 6f 72 28 65 3d 30 3b 65 3c 3d 69 3b 65 2b 2b 29 79 5b 65 5d 3d 30 3b 66 6f 72 28 74 3d 30 3b 74 3c 3d 31 34 33 3b 29 6f 5b 32 2a 74 2b 31 5d 3d 38 2c 74 2b 2b 2c 79 5b 38 5d 2b 2b 3b 66 6f 72 28 3b 74 3c 3d 32 35 35 3b 29 6f 5b 32 2a 74 2b 31 5d 3d 39 2c 74 2b 2b 2c 79 5b 39 5d 2b 2b 3b 66 6f 72 28 3b 74 3c 3d 32 37 39 3b 29 6f 5b 32 2a 74 2b 31 5d 3d 37 2c 74 2b 2b 2c 79 5b 37 5d 2b 2b 3b 66 6f 72 28 3b 74 3c 3d 32 38 37 3b 29 6f 5b 32 2a 74 2b 31 5d 3d 38 2c 74 2b 2b 2c 79 5b 38 5d 2b 2b 3b 66 6f 72 28 45 28 6f 2c 32 38 37 2c 79 29 2c 74 3d 30 3b 74 3c 72 3b 74 2b 2b 29 64 5b 32 2a 74 2b 31 5d 3d 35 2c 64 5b 32 2a 74 5d 3d 41 28 74 2c 35 29 3b 70 3d 6e 65 77 20 62 28 6f 2c 73 2c 32 35 37 2c 6e 2c 69 29 2c 67 3d 6e 65 77 20 62 28 64 2c 5f 2c 30 2c 72 2c Data Ascii: or(e=0;e<=i;e++)y[e]=0;for(t=0;t<=143;)o[2t+1]=8,t++,y[8]++;for(;t<=255;)o[2t+1]=9,t++,y[9]++;for(;t<=279;)o[2t+1]=7,t++,y[7]++;for(;t<=287;)o[2t+1]=8,t++,y[8]++;for(E(o,287,y),t=0;t<r;t++)d[2t+1]=5,d[2t]=A(t,5);p=new b(o,s,257,n,i),g=new b(d,_,0,r,
2024-09-20 12:29:11 UTC	16384	IN	Data Raw: 3d 44 74 5b 32 35 34 5d 3d 31 3b 76 61 72 20 43 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 69 6e 70 75 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 6e 65 78 74 5f 69 6e 3d 30 2c 74 68 69 73 2e 61 76 61 69 6c 5f 69 6e 3d 30 2c 74 68 69 73 2e 74 6f 74 61 6c 5f 69 6e 3d 30 2c 74 68 69 73 2e 6f 75 74 70 75 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 6e 65 78 74 5f 6f 75 74 3d 30 2c 74 68 69 73 2e 61 76 61 69 6c 5f 6f 75 74 3d 30 2c 74 68 69 73 2e 74 6f 74 61 6c 5f 6f 75 74 3d 30 2c 74 68 69 73 2e 6d 73 67 3d 22 22 2c 74 68 69 73 2e 73 74 61 74 65 3d 6e 75 6c 6c 2c 74 68 69 73 2e 64 61 74 61 5f 74 79 70 65 3d 32 2c 74 68 69 73 2e 61 64 6c 65 72 3d 30 7d 2c 48 74 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 4d 74 3d 4b 2e 5a 5f 4e Data Ascii: =Dt[254]=1;var Ct=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0},Ht=Object.prototype.toString,Mt=K.Z_N

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:10 UTC	550	OUT	GET /include/1726835400000/5d3cypit2iz8.js HTTP/1.1 Host: js.driftt.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:10 UTC	1237	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 216826 Connection: close Server: istio-envoy Date: Fri, 20 Sep 2024 12:29:10 GMT Last-Modified: Mon, 21 Aug 2023 14:57:31 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi Accept-Ranges: bytes access-control-allow-credentials: true,true access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security: max-age=31536000; includeSubDomains x-envoy-upstream-service-time: 39 ETag: "576cdc1c0941a520c47b54aef3b463f7" Via: 1.1 ccbaf468b9286180aaf02d6bf95cd27e.cloudfront.net (CloudFront), 1.1 0e49b385c2bbe9db0820bc1551bde98a.cloudfront.net (CloudFront) x-amz-cf-pop: IAD55-P7 Cache-Control: max-age=10 access-control-allow-origin: * access-control-allow-methods: GET, POST, OPTIONS strict-transport-security: max-age=31536000; includeSubDomains Vary: Accept-Encoding X-Cache: Miss from cloudfront X-Amz-Cf-Pop: FRA60-P8 X-Amz-Cf-Id: Qh8zQYBR3Qzvdi6lI6QApJ5GNSfKmrkVB3DdZlY-N3mC1DiPYf9JMQ==
2024-09-20 12:29:10 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 77 65 62 70 61 63 6b 4a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 28 74 29 7b 66 6f 72 28 76 61 72 20 72 2c 6f 2c 69 3d 74 5b 30 5d 2c 73 3d 74 5b 31 5d 2c 63 3d 30 2c 75 3d 5b 5d 3b 63 3c 69 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 6f 3d 69 5b 63 5d 2c 6e 5b 6f 5d 26 26 75 2e 70 75 73 68 28 6e 5b 6f 5d 5b 30 5d 29 2c 6e 5b 6f 5d 3d 30 3b 66 6f 72 28 72 20 69 6e 20 73 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 73 2c 72 29 26 26 28 65 5b 72 5d 3d 73 5b 72 5d 29 3b 66 6f 72 28 61 26 26 61 28 74 29 3b 75 2e 6c 65 6e 67 74 68 3b 29 75 2e 73 68 69 66 74 28 29 28 29 7d 76 61 72 20 74 3d 7b 7d 2c 6e 3d 7b 30 3a 30 7d 3b 66 75 6e 63 74 69 Data Ascii: !function(e){function webpackJsonpCallback(t){for(var r,o,i=t[0],s=t[1],c=0,u=[];c<i.length;c++)o=i[c],n[o]&&u.push(n[o][0]),n[o]=0;for(r in s)Object.prototype.hasOwnProperty.call(s,r)&&(e[r]=s[r]);for(a&&a(t);u.length;)u.shift()()}var t={},n={0:0};functi
2024-09-20 12:29:10 UTC	7529	IN	Data Raw: 6f 2e 74 72 79 4c 6f 63 3c 3d 74 68 69 73 2e 70 72 65 76 26 26 72 2e 63 61 6c 6c 28 6f 2c 22 66 69 6e 61 6c 6c 79 4c 6f 63 22 29 26 26 74 68 69 73 2e 70 72 65 76 3c 6f 2e 66 69 6e 61 6c 6c 79 4c 6f 63 29 7b 76 61 72 20 69 3d 6f 3b 62 72 65 61 6b 7d 7d 69 26 26 28 22 62 72 65 61 6b 22 3d 3d 3d 65 7c 7c 22 63 6f 6e 74 69 6e 75 65 22 3d 3d 3d 65 29 26 26 69 2e 74 72 79 4c 6f 63 3c 3d 74 26 26 74 3c 3d 69 2e 66 69 6e 61 6c 6c 79 4c 6f 63 26 26 28 69 3d 6e 75 6c 6c 29 3b 76 61 72 20 61 3d 69 3f 69 2e 63 6f 6d 70 6c 65 74 69 6f 6e 3a 7b 7d 3b 72 65 74 75 72 6e 20 61 2e 74 79 70 65 3d 65 2c 61 2e 61 72 67 3d 74 2c 69 3f 28 74 68 69 73 2e 6d 65 74 68 6f 64 3d 22 6e 65 78 74 22 2c 74 68 69 73 2e 6e 65 78 74 3d 69 2e 66 69 6e 61 6c 6c 79 4c 6f 63 2c 64 29 3a 74 68 Data Ascii: o.tryLoc<=this.prev&&r.call(o,"finallyLoc")&&this.prev<o.finallyLoc){var i=o;break}}i&&("break"===e\|\|"continue"===e)&&i.tryLoc<=t&&t<=i.finallyLoc&&(i=null);var a=i?i.completion:{};return a.type=e,a.arg=t,i?(this.method="next",this.next=i.finallyLoc,d):th
2024-09-20 12:29:10 UTC	12792	IN	Data Raw: 53 61 6d 65 44 6f 6d 61 69 6e 28 65 29 29 72 65 74 75 72 6e 20 61 73 73 65 72 74 53 61 6d 65 44 6f 6d 61 69 6e 28 65 29 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 3b 66 6f 72 28 76 61 72 20 74 3d 30 2c 6e 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 69 66 72 61 6d 65 22 29 3b 74 3c 6e 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 72 20 72 3d 6e 5b 74 5d 3b 69 66 28 72 26 26 72 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 26 26 72 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 3d 3d 3d 65 29 72 65 74 75 72 6e 20 72 7d 7d 66 75 6e 63 74 69 6f 6e 20 63 6c 6f 73 65 57 69 6e 64 6f 77 28 65 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 77 69 6e 64 6f 77 29 2c 42 6f Data Ascii: SameDomain(e))return assertSameDomain(e).frameElement;for(var t=0,n=document.querySelectorAll("iframe");t<n.length;t++){var r=n[t];if(r&&r.contentWindow&&r.contentWindow===e)return r}}function closeWindow(e){if(function(e){return void 0===e&&(e=window),Bo
2024-09-20 12:29:10 UTC	4616	IN	Data Raw: 22 43 61 6e 20 6e 6f 74 20 64 65 74 65 72 6d 69 6e 65 20 63 75 72 72 65 6e 74 20 73 63 72 69 70 74 22 29 7d 29 2c 77 3d 75 6e 69 71 75 65 49 44 28 29 3b 66 75 6e 63 74 69 6f 6e 20 67 6c 6f 62 61 6c 5f 67 65 74 47 6c 6f 62 61 6c 28 65 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 77 69 6e 64 6f 77 29 3b 76 61 72 20 74 3d 22 5f 5f 70 6f 73 74 5f 72 6f 62 6f 74 5f 31 30 5f 30 5f 34 36 5f 5f 22 3b 72 65 74 75 72 6e 20 65 21 3d 3d 77 69 6e 64 6f 77 3f 65 5b 74 5d 3a 65 5b 74 5d 3d 65 5b 74 5d 7c 7c 7b 7d 7d 6d 65 6d 6f 69 7a 65 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 74 72 79 7b 65 3d 76 28 29 7d 63 61 74 63 68 28 72 29 7b 72 65 74 75 72 6e 20 77 7d 76 61 72 20 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 75 69 64 22 Data Ascii: "Can not determine current script")}),w=uniqueID();function global_getGlobal(e){void 0===e&&(e=window);var t="__post_robot_10_0_46__";return e!==window?e[t]:e[t]=e[t]\|\|{}}memoize(function(){var e;try{e=v()}catch(r){return w}var t=e.getAttribute("data-uid"
2024-09-20 12:29:10 UTC	12792	IN	Data Raw: 22 57 69 6e 64 6f 77 20 69 73 20 63 6c 6f 73 65 64 2c 20 63 61 6e 20 6e 6f 74 20 64 65 74 65 72 6d 69 6e 65 20 74 79 70 65 22 29 3b 72 65 74 75 72 6e 20 67 65 74 4f 70 65 6e 65 72 28 65 29 3f 22 70 6f 70 75 70 22 3a 22 69 66 72 61 6d 65 22 7d 29 3b 69 2e 63 61 74 63 68 28 73 72 63 5f 75 74 69 6c 5f 6e 6f 6f 70 29 2c 61 2e 63 61 74 63 68 28 73 72 63 5f 75 74 69 6c 5f 6e 6f 6f 70 29 3b 76 61 72 20 73 3d 66 75 6e 63 74 69 6f 6e 20 67 65 74 4e 61 6d 65 28 29 7b 72 65 74 75 72 6e 20 65 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 69 73 57 69 6e 64 6f 77 43 6c 6f 73 65 64 28 65 29 29 72 65 74 75 72 6e 20 69 73 53 61 6d 65 44 6f 6d 61 69 6e 28 65 29 3f 61 73 73 65 72 74 53 61 6d 65 44 6f 6d 61 69 6e 28 65 29 2e 6e 61 6d 65 3a 69 7d 29 7d 3b Data Ascii: "Window is closed, can not determine type");return getOpener(e)?"popup":"iframe"});i.catch(src_util_noop),a.catch(src_util_noop);var s=function getName(){return e.then(function(e){if(!isWindowClosed(e))return isSameDomain(e)?assertSameDomain(e).name:i})};
2024-09-20 12:29:10 UTC	4616	IN	Data Raw: 74 63 68 28 6f 29 7b 72 2e 70 72 6f 6d 69 73 65 2e 72 65 6a 65 63 74 28 6f 29 7d 72 2e 61 63 6b 3d 21 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 52 65 73 70 6f 6e 73 65 28 65 2c 74 2c 6e 29 7b 69 66 28 21 69 73 52 65 73 70 6f 6e 73 65 4c 69 73 74 65 6e 65 72 45 72 72 6f 72 65 64 28 6e 2e 68 61 73 68 29 29 7b 76 61 72 20 72 2c 6f 3d 67 65 74 52 65 73 70 6f 6e 73 65 4c 69 73 74 65 6e 65 72 28 6e 2e 68 61 73 68 29 3b 69 66 28 21 6f 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 4e 6f 20 68 61 6e 64 6c 65 72 20 66 6f 75 6e 64 20 66 6f 72 20 70 6f 73 74 20 6d 65 73 73 61 67 65 20 72 65 73 70 6f 6e 73 65 20 66 6f 72 20 6d 65 73 73 61 67 65 3a 20 22 2b 6e 2e 6e 61 6d 65 2b 22 20 66 72 6f 6d 20 22 2b 74 2b 22 20 69 6e 20 22 2b 77 69 6e 64 6f 77 Data Ascii: tch(o){r.promise.reject(o)}r.ack=!0}}function handleResponse(e,t,n){if(!isResponseListenerErrored(n.hash)){var r,o=getResponseListener(n.hash);if(!o)throw new Error("No handler found for post message response for message: "+n.name+" from "+t+" in "+window
2024-09-20 12:29:10 UTC	8949	IN	Data Raw: 69 6e 64 6f 77 2c 65 29 26 26 77 69 6e 64 6f 77 2e 74 6f 70 29 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 74 6f 70 7d 63 61 74 63 68 28 6f 29 7b 7d 74 72 79 7b 69 66 28 69 73 41 6e 63 65 73 74 6f 72 50 61 72 65 6e 74 28 65 2c 77 69 6e 64 6f 77 29 26 26 77 69 6e 64 6f 77 2e 74 6f 70 29 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 74 6f 70 7d 63 61 74 63 68 28 6f 29 7b 7d 66 6f 72 28 76 61 72 20 74 3d 30 2c 6e 3d 66 75 6e 63 74 69 6f 6e 20 67 65 74 41 6c 6c 43 68 69 6c 64 46 72 61 6d 65 73 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 2c 72 3d 67 65 74 46 72 61 6d 65 73 28 65 29 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 6f 3d 72 5b 6e 5d 3b 74 2e 70 75 73 68 28 6f 29 3b 66 6f 72 28 76 61 72 20 69 3d 30 2c 61 3d 67 65 74 41 6c Data Ascii: indow,e)&&window.top)return window.top}catch(o){}try{if(isAncestorParent(e,window)&&window.top)return window.top}catch(o){}for(var t=0,n=function getAllChildFrames(e){for(var t=[],n=0,r=getFrames(e);n<r.length;n++){var o=r[n];t.push(o);for(var i=0,a=getAl
2024-09-20 12:29:10 UTC	6396	IN	Data Raw: 72 28 76 61 72 20 66 3d 21 30 2c 6c 3d 30 3b 6c 3c 63 3b 6c 2b 2b 29 69 66 28 72 65 61 64 28 65 2c 69 2b 6c 29 21 3d 3d 72 65 61 64 28 74 2c 6c 29 29 7b 66 3d 21 31 3b 62 72 65 61 6b 7d 69 66 28 66 29 72 65 74 75 72 6e 20 69 7d 72 65 74 75 72 6e 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 68 65 78 57 72 69 74 65 28 65 2c 74 2c 6e 2c 72 29 7b 6e 3d 4e 75 6d 62 65 72 28 6e 29 7c 7c 30 3b 76 61 72 20 6f 3d 65 2e 6c 65 6e 67 74 68 2d 6e 3b 72 3f 28 72 3d 4e 75 6d 62 65 72 28 72 29 29 3e 6f 26 26 28 72 3d 6f 29 3a 72 3d 6f 3b 76 61 72 20 69 3d 74 2e 6c 65 6e 67 74 68 3b 69 66 28 69 25 32 21 3d 3d 30 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 49 6e 76 61 6c 69 64 20 68 65 78 20 73 74 72 69 6e 67 22 29 3b 72 3e 69 2f 32 26 26 28 72 3d 69 2f 32 29 Data Ascii: r(var f=!0,l=0;l<c;l++)if(read(e,i+l)!==read(t,l)){f=!1;break}if(f)return i}return-1}function hexWrite(e,t,n,r){n=Number(n)\|\|0;var o=e.length-n;r?(r=Number(r))>o&&(r=o):r=o;var i=t.length;if(i%2!==0)throw new TypeError("Invalid hex string");r>i/2&&(r=i/2)
2024-09-20 12:29:10 UTC	9988	IN	Data Raw: 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 2d 31 21 3d 3d 74 68 69 73 2e 69 6e 64 65 78 4f 66 28 65 2c 74 2c 6e 29 7d 2c 42 75 66 66 65 72 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 3d 66 75 6e 63 74 69 6f 6e 20 69 6e 64 65 78 4f 66 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 62 69 64 69 72 65 63 74 69 6f 6e 61 6c 49 6e 64 65 78 4f 66 28 74 68 69 73 2c 65 2c 74 2c 6e 2c 21 30 29 7d 2c 42 75 66 66 65 72 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 3d 66 75 6e 63 74 69 6f 6e 20 6c 61 73 74 49 6e 64 65 78 4f 66 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 62 69 64 69 72 65 63 74 69 6f 6e 61 6c 49 6e 64 65 78 4f 66 28 74 68 69 73 2c 65 2c 74 2c 6e 2c 21 31 29 7d 2c 42 75 66 66 65 72 2e 70 72 6f 74 6f 74 79 70 65 2e 77 72 69 74 65 3d Data Ascii: ,t,n){return-1!==this.indexOf(e,t,n)},Buffer.prototype.indexOf=function indexOf(e,t,n){return bidirectionalIndexOf(this,e,t,n,!0)},Buffer.prototype.lastIndexOf=function lastIndexOf(e,t,n){return bidirectionalIndexOf(this,e,t,n,!1)},Buffer.prototype.write=
2024-09-20 12:29:10 UTC	9483	IN	Data Raw: 64 20 30 21 3d 3d 72 26 26 22 73 74 72 69 6e 67 22 21 3d 3d 74 79 70 65 6f 66 20 72 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 65 6e 63 6f 64 69 6e 67 20 6d 75 73 74 20 62 65 20 61 20 73 74 72 69 6e 67 22 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 72 26 26 21 42 75 66 66 65 72 2e 69 73 45 6e 63 6f 64 69 6e 67 28 72 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 55 6e 6b 6e 6f 77 6e 20 65 6e 63 6f 64 69 6e 67 3a 20 22 2b 72 29 7d 65 6c 73 65 22 6e 75 6d 62 65 72 22 3d 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 65 26 3d 32 35 35 29 3b 69 66 28 74 3c 30 7c 7c 74 68 69 73 2e 6c 65 6e 67 74 68 3c 74 7c 7c 74 68 69 73 2e 6c 65 6e 67 74 68 3c 6e 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 Data Ascii: d 0!==r&&"string"!==typeof r)throw new TypeError("encoding must be a string");if("string"===typeof r&&!Buffer.isEncoding(r))throw new TypeError("Unknown encoding: "+r)}else"number"===typeof e&&(e&=255);if(t<0\|\|this.length<t\|\|this.length<n)throw new RangeE

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:10 UTC	571	OUT	GET /assets/gist-embed-38aeddf8d15a.css HTTP/1.1 Host: github.githubassets.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:10 UTC	681	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85072 Cache-Control: public, max-age=31536000, immutable Content-Type: text/css Last-Modified: Wed, 11 Sep 2024 21:38:47 GMT ETag: "0x8DCD2AA1E85F4AA" Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 279923 Date: Fri, 20 Sep 2024 12:29:10 GMT X-Served-By: cache-iad-kiad7000148-IAD, cache-ewr-kewr1740041-EWR X-Cache: HIT, MISS X-Cache-Hits: 42, 0 Vary: Accept-Encoding Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31536000 X-Fastly-Request-ID: ee643df641f0c8627c8e7a572e12ef25a8ad37fe
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 5b 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 6c 69 67 68 74 22 5d 5b 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 5d 2c 0a 5b 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 6c 69 67 68 74 22 5d 5b 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 5d 20 3a 3a 62 61 63 6b 64 72 6f 70 2c 0a 5b 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 5d 5b 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 5d 2c 0a 5b 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 5d 5b 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 5d 20 3a 3a 62 61 63 6b 64 72 6f 70 20 7b 0a 20 20 2d 2d 74 6f 70 69 63 54 61 67 2d 62 6f 72 64 65 72 43 6f 6c Data Ascii: [data-color-mode="light"][data-light-theme="light"],[data-color-mode="light"][data-light-theme="light"] ::backdrop,[data-color-mode="auto"][data-light-theme="light"],[data-color-mode="auto"][data-light-theme="light"] ::backdrop { --topicTag-borderCol
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 6c 6f 72 2d 63 6f 6d 6d 65 6e 74 3a 20 23 31 66 32 33 32 38 3b 0a 20 20 2d 2d 63 6f 64 65 4d 69 72 72 6f 72 2d 73 79 6e 74 61 78 2d 66 67 43 6f 6c 6f 72 2d 63 6f 6e 73 74 61 6e 74 3a 20 23 30 35 35 30 61 65 3b 0a 20 20 2d 2d 63 6f 64 65 4d 69 72 72 6f 72 2d 73 79 6e 74 61 78 2d 66 67 43 6f 6c 6f 72 2d 65 6e 74 69 74 79 3a 20 23 38 32 35 30 64 66 3b 0a 20 20 2d 2d 63 6f 64 65 4d 69 72 72 6f 72 2d 73 79 6e 74 61 78 2d 66 67 43 6f 6c 6f 72 2d 6b 65 79 77 6f 72 64 3a 20 23 63 66 32 32 32 65 3b 0a 20 20 2d 2d 63 6f 64 65 4d 69 72 72 6f 72 2d 73 79 6e 74 61 78 2d 66 67 43 6f 6c 6f 72 2d 73 74 6f 72 61 67 65 3a 20 23 63 66 32 32 32 65 3b 0a 20 20 2d 2d 63 6f 64 65 4d 69 72 72 6f 72 2d 73 79 6e 74 61 78 2d 66 67 43 6f 6c 6f 72 2d 73 74 72 69 6e 67 3a 20 23 30 61 Data Ascii: lor-comment: #1f2328; --codeMirror-syntax-fgColor-constant: #0550ae; --codeMirror-syntax-fgColor-entity: #8250df; --codeMirror-syntax-fgColor-keyword: #cf222e; --codeMirror-syntax-fgColor-storage: #cf222e; --codeMirror-syntax-fgColor-string: #0a
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 66 66 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 62 6c 75 65 2d 62 67 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 30 30 36 65 64 62 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 62 6c 75 65 2d 66 67 43 6f 6c 6f 72 3a 20 23 30 30 35 66 63 63 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 62 6c 75 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 61 64 65 31 66 66 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 62 6c 75 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 30 30 36 65 64 62 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 67 72 65 65 6e 2d 62 67 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 63 61 66 37 63 61 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 67 72 65 65 6e 2d 62 67 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 Data Ascii: ff; --display-blue-bgColor-emphasis: #006edb; --display-blue-fgColor: #005fcc; --display-blue-borderColor-muted: #ade1ff; --display-blue-borderColor-emphasis: #006edb; --display-green-bgColor-muted: #caf7ca; --display-green-bgColor-emphasis: #
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 32 65 31 32 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 63 6f 72 61 6c 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 66 65 63 65 62 65 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 63 6f 72 61 6c 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 64 34 33 35 31 31 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 79 65 6c 6c 6f 77 2d 62 67 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 66 66 65 63 39 65 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 79 65 6c 6c 6f 77 2d 62 67 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 39 34 36 61 30 30 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 79 65 6c 6c 6f 77 2d 66 67 43 6f 6c 6f 72 3a 20 23 38 30 35 39 30 30 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 79 65 6c 6c 6f 77 2d 62 6f 72 64 65 72 43 6f 6c Data Ascii: 2e12; --display-coral-borderColor-muted: #fecebe; --display-coral-borderColor-emphasis: #d43511; --display-yellow-bgColor-muted: #ffec9e; --display-yellow-bgColor-emphasis: #946a00; --display-yellow-fgColor: #805900; --display-yellow-borderCol
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 6c 69 76 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 36 34 37 36 32 64 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 6c 69 6d 65 2d 62 67 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 65 33 66 32 62 35 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 6c 69 6d 65 2d 62 67 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 35 32 37 61 32 39 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 6c 69 6d 65 2d 66 67 43 6f 6c 6f 72 3a 20 23 34 37 36 63 32 38 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 6c 69 6d 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 63 37 65 35 38 30 3b 0a 20 20 2d 2d 64 69 73 70 6c 61 79 2d 6c 69 6d 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 65 6d 70 68 61 73 69 73 3a 20 23 35 32 37 61 32 39 3b 0a 20 20 2d 2d 64 69 Data Ascii: live-borderColor-emphasis: #64762d; --display-lime-bgColor-muted: #e3f2b5; --display-lime-bgColor-emphasis: #527a29; --display-lime-fgColor: #476c28; --display-lime-borderColor-muted: #c7e580; --display-lime-borderColor-emphasis: #527a29; --di
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 31 66 32 33 32 38 32 36 3b 0a 20 20 2d 2d 61 76 61 74 61 72 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 30 70 78 20 30 70 78 20 32 70 78 20 23 66 66 66 66 66 66 63 63 3b 0a 20 20 2d 2d 61 76 61 74 61 72 53 74 61 63 6b 2d 66 61 64 65 2d 62 67 43 6f 6c 6f 72 2d 64 65 66 61 75 6c 74 3a 20 23 63 38 64 31 64 61 3b 0a 20 20 2d 2d 61 76 61 74 61 72 53 74 61 63 6b 2d 66 61 64 65 2d 62 67 43 6f 6c 6f 72 2d 6d 75 74 65 64 3a 20 23 64 61 65 30 65 37 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 62 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 66 36 66 38 66 61 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 62 67 43 6f 6c 6f 72 2d 68 6f 76 65 72 3a 20 23 65 66 66 32 66 35 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 62 67 43 6f 6c 6f 72 2d 61 63 74 69 76 65 3a 20 23 65 36 65 61 65 66 3b Data Ascii: 1f232826; --avatar-shadow: 0px 0px 0px 2px #ffffffcc; --avatarStack-fade-bgColor-default: #c8d1da; --avatarStack-fade-bgColor-muted: #dae0e7; --control-bgColor-rest: #f6f8fa; --control-bgColor-hover: #eff2f5; --control-bgColor-active: #e6eaef;
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 6e 74 72 6f 6c 2d 63 68 65 63 6b 65 64 2d 62 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 30 39 36 39 64 61 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 63 68 65 63 6b 65 64 2d 62 67 43 6f 6c 6f 72 2d 68 6f 76 65 72 3a 20 23 30 38 36 30 63 61 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 63 68 65 63 6b 65 64 2d 62 67 43 6f 6c 6f 72 2d 61 63 74 69 76 65 3a 20 23 30 37 35 37 62 61 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 63 68 65 63 6b 65 64 2d 62 67 43 6f 6c 6f 72 2d 64 69 73 61 62 6c 65 64 3a 20 23 38 31 38 62 39 38 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 63 68 65 63 6b 65 64 2d 66 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 2d 2d 63 6f 6e 74 72 6f 6c 2d 63 68 65 63 6b 65 64 2d 66 67 43 6f 6c 6f 72 2d 64 69 73 61 62 6c 65 64 3a 20 23 Data Ascii: ntrol-checked-bgColor-rest: #0969da; --control-checked-bgColor-hover: #0860ca; --control-checked-bgColor-active: #0757ba; --control-checked-bgColor-disabled: #818b98; --control-checked-fgColor-rest: #ffffff; --control-checked-fgColor-disabled: #
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 65 64 3a 20 23 65 36 65 61 65 66 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 64 65 66 61 75 6c 74 2d 62 67 43 6f 6c 6f 72 2d 64 69 73 61 62 6c 65 64 3a 20 23 65 66 66 32 66 35 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 64 65 66 61 75 6c 74 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 64 31 64 39 65 30 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 64 65 66 61 75 6c 74 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 68 6f 76 65 72 3a 20 23 64 31 64 39 65 30 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 64 65 66 61 75 6c 74 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 61 63 74 69 76 65 3a 20 23 64 31 64 39 65 30 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 64 65 66 61 75 6c 74 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 64 69 73 61 62 6c 65 64 3a 20 23 38 31 38 62 39 38 31 61 3b 0a 20 20 2d Data Ascii: ed: #e6eaef; --button-default-bgColor-disabled: #eff2f5; --button-default-borderColor-rest: #d1d9e0; --button-default-borderColor-hover: #d1d9e0; --button-default-borderColor-active: #d1d9e0; --button-default-borderColor-disabled: #818b981a; -
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 6c 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 66 66 66 66 66 66 30 30 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 69 6e 76 69 73 69 62 6c 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 68 6f 76 65 72 3a 20 23 66 66 66 66 66 66 30 30 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 69 6e 76 69 73 69 62 6c 65 2d 62 6f 72 64 65 72 43 6f 6c 6f 72 2d 64 69 73 61 62 6c 65 64 3a 20 23 38 31 38 62 39 38 31 61 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 6f 75 74 6c 69 6e 65 2d 66 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 30 39 36 39 64 61 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 6f 75 74 6c 69 6e 65 2d 66 67 43 6f 6c 6f 72 2d 68 6f 76 65 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 2d 6f 75 74 6c 69 6e 65 2d 66 67 43 6f 6c 6f 72 2d 61 63 74 69 76 65 Data Ascii: le-borderColor-rest: #ffffff00; --button-invisible-borderColor-hover: #ffffff00; --button-invisible-borderColor-disabled: #818b981a; --button-outline-fgColor-rest: #0969da; --button-outline-fgColor-hover: #ffffff; --button-outline-fgColor-active
2024-09-20 12:29:10 UTC	1378	IN	Data Raw: 62 75 74 74 6f 6e 2d 73 74 61 72 2d 69 63 6f 6e 43 6f 6c 6f 72 3a 20 23 65 61 63 35 34 66 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 43 6f 75 6e 74 65 72 2d 64 65 66 61 75 6c 74 2d 62 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 38 31 38 62 39 38 31 66 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 43 6f 75 6e 74 65 72 2d 69 6e 76 69 73 69 62 6c 65 2d 62 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 38 31 38 62 39 38 31 66 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 43 6f 75 6e 74 65 72 2d 70 72 69 6d 61 72 79 2d 62 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 30 30 32 64 31 31 33 33 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 43 6f 75 6e 74 65 72 2d 6f 75 74 6c 69 6e 65 2d 62 67 43 6f 6c 6f 72 2d 72 65 73 74 3a 20 23 30 39 36 39 64 61 31 61 3b 0a 20 20 2d 2d 62 75 74 74 6f 6e 43 6f 75 6e 74 65 72 Data Ascii: button-star-iconColor: #eac54f; --buttonCounter-default-bgColor-rest: #818b981f; --buttonCounter-invisible-bgColor-rest: #818b981f; --buttonCounter-primary-bgColor-rest: #002d1133; --buttonCounter-outline-bgColor-rest: #0969da1a; --buttonCounter

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:10 UTC	799	OUT	GET /6579dd0b5f9a54376d296939/66e88ca4db87912b833221bc_AD_4nXfOwDpF0yBEfx9g2KQU_7gC1nQg6KooRMNo04vFs1ifPF6jT0n6r4w0SZAd9fd5olhmUACBtCzTKgcB4_cTsAwdFPOcqi1EKiAeOCNkiYXMbTYFUgVNlXkA_YNsqmR84gUmAr0CZKGM0HE7qSitXg4ZgvI.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:10 UTC	612	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:10 GMT Content-Type: image/png Content-Length: 81248 Connection: close x-amz-id-2: WlznHwgAI0q3Zh8btoMAsoRRycaQlEK2VnJVKfltnWXGNiY68ebQURjP+q7nE12I5L6kmGITFrM= x-amz-request-id: B8821EJKQF6A8ARZ Last-Modified: Mon, 16 Sep 2024 19:53:09 GMT ETag: "782a1a283572ec5c0f2a76d22c24e358" x-amz-server-side-encryption: AES256 Cache-Control: max-age=84600, must-revalidate x-amz-version-id: r5F4nynjtV_9oSxKk2BDiu.fj86RY5lB CF-Cache-Status: HIT Age: 82836 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1cead080f43-EWR
2024-09-20 12:29:10 UTC	757	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 80 00 00 03 cc 08 06 00 00 00 3a 95 c2 c3 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e ec dd 0b 7c 54 f5 9d ff ff 37 10 12 6e 01 94 20 08 68 c5 00 e2 1d 14 2c ca 5d 5d a0 d6 db 5f 10 96 2d ae 95 8b ac 4a d7 6a 5d 05 a5 ab ec 8a 50 ab b6 6e 51 6b 01 b5 2b ad e5 d6 9f d2 8b c0 5a 21 08 4a 15 05 15 e5 96 88 17 a0 20 89 42 22 97 84 80 ff f3 fd 9e 73 66 ce 4c 66 92 49 18 72 99 bc 9e 3e 8e 73 6e 73 e6 9c 09 99 9c f3 9e cf f7 7b 1a 7c eb 10 00 00 00 00 00 00 52 56 43 ef 11 00 00 00 00 00 00 29 8a 00 08 00 00 00 00 00 20 c5 11 00 01 00 00 00 00 00 a4 38 02 20 00 00 00 00 00 Data Ascii: PNGIHDR:sRGBgAMAapHYsodIDATx^\|T7n h,]]_-Jj]PnQk+Z!J B"sfLfIr>sns{\|RVC) 8
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: 83 de 54 f5 b8 be 5b 33 fd db 45 2d bc 29 97 69 0e 66 9a 85 a5 32 02 20 00 00 00 00 00 ea af 6a 09 80 a2 fb fb 31 9d 3b ff e2 ed 42 6d fb ea f8 6e f5 5e 55 5d 4f 4e d3 5d 97 b4 8c e8 2c 3a d5 fb 05 22 00 02 00 00 00 00 a0 fe 3a e1 01 50 74 e5 cf df 77 15 6b c6 9b 85 3a ec dd c9 ab a6 34 49 6b a0 29 97 b5 d4 77 3b 84 43 9f 54 ae 04 22 00 02 00 00 00 00 a0 fe aa 6c 00 54 a9 fb a7 9b 3e 7f 82 e1 8f e9 e8 f9 c1 55 fb 6b 3c fc 31 cc 3e 98 7d 31 fb e4 33 fb 6a f6 19 00 00 00 00 00 a0 3e 4b 38 00 32 77 9c 0a 76 f8 6c 2a 7f 1e 79 73 bf 37 55 7b 98 7d 32 fb e6 33 fb cc dd b2 00 00 00 00 00 40 7d 96 70 00 64 6e f5 ee 33 7d fe 98 66 5f b5 95 d9 37 b3 8f be e0 be 03 00 00 00 00 00 d4 37 09 f5 01 14 dd e9 f3 8f 96 7f 55 ad 1d 3e 5f d0 ae 89 9a a7 c7 ce aa 8a 4a 8e ea Data Ascii: T[3E-)if2 j1;Bmn^U]ON],:":Ptwk:4Ik)w;CT"lT>Uk<1>}13j>K82wvl*ys7U{}23@}pdn3}f_77U>_J
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: fe 9d d6 de b8 34 e6 3b 19 ca f4 c6 8f db ca cf d5 fb d9 5c 8d 5c e9 4e da 50 66 d4 29 ee 44 8a cb 1c fc a0 56 ff f1 26 9d e1 4d 27 22 19 cf 29 d8 f2 7e a5 02 a4 ea b4 f1 b5 95 3a 73 d2 70 9d 67 26 ec 87 ed 47 fa ee b4 41 ea 66 97 56 85 f3 81 fe c2 46 f5 9f f6 80 16 ce 7a 40 e3 ba 7b b3 23 98 75 76 eb cc fe de a4 e3 bc 51 c3 75 e6 c2 9c 6a ff 80 07 00 00 40 5d 92 af 9d db b3 d4 c9 6d 04 53 4b 24 b2 4f f9 7a 6f 9d d4 ff bc 2c 6f da f5 e5 ee 7c 9d d9 2e 72 5e 2c 89 ae 57 23 0a 0a f4 89 73 f0 e6 8a 72 e3 fb f9 ea d8 d6 9d 6d 99 eb 8b f7 cf b5 d7 05 76 f8 49 5f 67 bd 2c 0d fb 89 37 6d 87 e1 1a a6 ee 1a 3d d0 1c 9f 73 9d b0 27 bc fe 53 37 e6 6b da f1 7c 31 5d 05 31 03 a0 a3 47 c3 ed 54 f2 be ae d9 4a 19 73 5b f8 27 de cc d7 6f 37 ec 8b 39 98 66 60 b7 bc bc d3 Data Ascii: 4;\\NPf)DV&M'")~:spg&GAfVFz@{#uvQuj@]mSK$Ozo,o\|.r^,W#srmvI_g,7m=s'S7k\|1]1GTJs['o79f`
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: a7 44 af ff 69 9f f4 c1 4e bd ee 3c 24 4f 67 5d 70 79 96 56 bc e7 7d 90 14 bd ad d5 6b 7a 6b c4 3f f7 d3 9a 55 6f 7b 61 cc 66 7d b8 a2 a3 2e ef 19 8a ab ca ba f1 27 ba a5 47 1b b3 cb ce 0f b9 8d fa 8e 1c a5 ce af 6d d6 a7 ee d2 d8 aa f2 9c 0a 6c f9 cb 53 ca bf f5 6e dd 78 8e d7 d8 2f b3 bb 6e fc c1 48 7d f8 ca 6a 6f bb 19 3a 7f c2 43 ba 2c e7 7e 3d b3 76 b3 96 3c fa 84 f4 e3 c9 ba b6 83 5d a8 a2 9c 3f e8 f9 de 77 eb ce 01 1d c3 fb 35 e6 5f 75 c1 1f 5e 8f fb f3 0f fe b1 aa 0c f3 87 e3 a5 f6 13 43 a5 99 0b 27 49 d3 ec 1f c0 ee 1a 37 6b a2 c6 75 ce d2 38 d3 04 ac 4c da ef 7c 88 9b e6 61 3f 34 a5 9f 31 b4 6d af 6e 3b 0a aa e7 9b 1a 00 00 00 d4 39 1b df 0f 04 02 26 0c da be 52 2f c9 54 b1 9b e6 42 59 5a ea 2c 37 55 ed 0f f6 97 86 4d 32 e7 aa 13 35 ac 8d 09 66 Data Ascii: DiN<$Og]pyV}kzk?Uo{af}.'GmlSnx/nH}jo:C,~=v<]?w5_u^C'I7ku8L\|a?41mn;9&R/TBYZ,7UM25f
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: be d4 92 5d c7 a4 f4 a6 ba d3 d9 8e ed 48 fa 83 9d ba dc f4 1b 64 3b 86 ce 52 ef 74 53 dd 53 4e 45 8f bf be b7 0d fb 9c 66 ee a2 79 7f fa ca 36 3f 32 fd 13 bd 73 69 23 6d 36 af 95 4c 36 ec 79 55 1f ac 7f 5f eb 96 8e d2 65 bd 33 9c 99 99 ea 35 f8 7b 7a 65 dd 3b da fc d1 6a 0d ed 75 a1 f3 2e d5 76 6d d4 f9 9c 0c bd b3 39 2f 7e 7f 3d 86 e9 27 e8 be 4d ba 73 de ff e9 97 17 bc a8 fb 7e e3 f5 07 e4 e8 d0 a5 9f f4 de a6 4a dd 6d ac 6a 7d ee 64 e9 a2 5e d2 1b 1b 03 cf 33 7d 09 55 d8 19 5f 74 6f ff e1 a6 62 fe b7 16 65 ff 58 01 00 00 00 9e 88 7e 74 4c a8 11 ec 18 39 10 72 c4 38 a7 8c d9 84 29 d6 b9 67 9b 36 3a d3 79 78 cf 34 4d 8a 11 4e d8 e0 e2 f1 c5 ce b9 af 17 1c 45 6c 63 b3 36 86 02 9a 48 a7 b4 cf 0a 35 3b b3 4c c5 4d 28 7c 2a e7 58 bc 65 0f 8e ea ab 61 df ef Data Ascii: ]Hd;RtSSNEfy6?2si#m6L6yU_e35{ze;ju.vm9/~='Ms~Jmj}d^3}U_tobeX~tL9r8)g6:yx4MNElc6H5;LM(\|*Xea
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: 4b dd dc e3 a4 4a 05 40 93 7a 65 ea ea 2e 6e e8 d3 ac 49 86 9a 66 f8 4d 6a ea 9e 64 04 40 c9 72 b8 f4 5b fd f2 ed 22 ad de 71 98 4a a0 38 4c e5 4f bf 4e 4d f4 e3 4b 32 d5 a4 06 fb d5 02 00 00 00 00 a4 86 a4 04 40 47 4a 4b 55 78 e0 a0 1d ff 64 5f a9 6e 5f fa 95 1d 8f a7 26 fa 00 1a 7d 7e 6b dd 7d 59 56 a5 02 a0 a7 87 9d ac 33 5b a7 d9 f1 96 cd 9b a9 71 9a 3b 5e 17 d5 a6 00 08 00 00 00 00 00 54 af ca 06 40 31 ef 02 96 16 08 46 4c 60 62 3a 4f ae eb cc 31 f8 e1 8f 11 3c 46 00 00 00 00 00 80 54 16 b3 02 c8 30 15 40 a6 12 c8 f8 f5 7b 45 7a 79 6b fc 7e 80 32 d3 1b 6a de 88 d3 d4 a8 61 03 fd a3 a8 fc 0e a3 93 a5 59 e3 86 ea d6 26 43 d7 fe fe b3 84 5e f3 fa 6e 4d f5 6f 17 b9 fd ff 98 ca 1f 53 01 54 97 51 01 04 00 00 00 00 40 fd 95 94 26 60 c6 e1 92 12 1d 38 e4 76 Data Ascii: KJ@ze.nIfMjd@r["qJ8LONMK2@GJKUxd_n_&}~k}YV3[q;^T@1FL`b:O1<FT0@{Ezyk~2jaY&C^nMoSTQ@&`8v
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: a3 46 0d 6d 95 4f 5a 5a 9a 88 7c 00 00 00 00 00 00 aa a6 da 02 20 00 00 00 00 00 00 d4 0c 7a 4f 06 00 00 00 00 00 48 71 04 40 00 00 00 00 00 00 29 8e 00 08 00 00 00 00 00 20 c5 11 00 01 00 00 00 00 00 a4 38 02 20 00 00 00 00 00 80 14 47 00 04 00 00 00 00 00 90 e2 08 80 00 00 00 00 00 00 52 1c 01 10 00 00 00 00 00 40 8a 23 00 02 00 00 00 00 00 48 71 04 40 00 00 00 00 00 00 29 ae c1 b7 0e 6f 1c 75 90 f9 e1 95 96 96 aa f4 e8 51 1d 3d 7a 4c 47 8f 1d d3 31 e7 47 6a 7e ac fe 8f b6 41 83 06 76 68 e8 0c 8d 1a 36 54 a3 46 0d 95 d6 a8 91 d2 d2 d2 d4 c0 ae 01 00 00 00 00 00 52 19 01 50 1d 64 7e 64 c5 47 8e a8 e4 48 a9 8e 94 96 7a 73 ab a6 71 5a 9a d2 1b a7 29 a3 71 63 1b 12 01 00 00 00 00 80 d4 43 00 54 87 98 2a 9f c3 25 25 2a 2e 39 e2 cd 49 ae 8c f4 c6 6a 92 9e 6e Data Ascii: FmOZZ\| zOHq@) 8 GR@#Hq@)ouQ=zLG1Gj~Avh6TFRPd~dGHzsqZ)qcCT%%.9Ijn
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: 5f 92 a9 26 69 75 fb df 1e 00 00 00 00 54 06 01 50 2d 77 b8 a4 24 74 fb f4 4d f9 47 74 d7 6b f1 43 96 ae 27 a7 eb f7 37 9e 6e 9b 6c 3d 9c f3 a5 37 b7 ea a2 03 20 e3 d4 cc c6 de 58 59 b1 9a 7e 45 fb c5 95 27 e9 ec 2c 77 1b cd 9b 36 51 93 74 b7 5f a0 ba 2a 19 01 90 69 e2 97 8c e6 70 33 df 2c d4 ca cf b9 d5 7e 22 06 9d de 44 93 2f ab dc 87 1f 00 00 00 00 d4 65 95 0d 80 52 e3 d6 4d 75 48 c9 91 f0 6d de 73 6a f0 e2 7e 48 97 4c 2d bd e9 0c 2d f9 97 ef c4 1d 1e 1c dc ce 5b 3b be e0 31 04 8f ad be 32 e1 de 3f f2 0b f4 55 e1 f1 07 49 a6 f2 07 89 e1 bd 02 00 00 00 80 f2 11 00 55 23 53 6a 75 a4 34 1c 92 bc b5 b3 ec dd b5 4e 84 d1 e7 b7 d6 ec eb 3a aa 55 93 46 f6 0e 60 0b 47 9d ae bb 2f 6d 63 97 99 ea a2 58 c3 9b 5f 1c d4 d5 dd 32 6d 33 b4 f2 04 8f c1 1c 5b 7d 2e 27 Data Ascii: _&iuTP-w$tMGtkC'7nl=7 XY~E',w6Qt_*ip3,~"D/eRMuHmsj~HL--[;12?UIU#Sju4N:UF`G/mcX_2m3[}.'
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: 80 e3 c8 ec d0 54 da 92 ab de 5b 4c df 4e 0d d5 fb ec b2 55 3e 0f cf 2f d4 76 33 b2 af 30 5c 15 64 42 9e b3 d2 bd 79 f9 7a a7 c4 79 ee a5 c1 66 5b 66 da bc b6 c7 59 7f 6c 87 86 da 6e 5e cb d9 c6 2b fb 9c e5 17 77 b4 e1 d5 98 6b 4e 56 6f 67 53 45 bb f2 d5 fb ad a3 ca 0a 17 35 25 c5 87 bf 1d ad e7 d2 27 68 41 ce 7a bd fd de 7a bd 3a 7b b2 c6 5c e0 7f f8 16 eb c3 df 4c d0 cf bf be 5e bf 58 6a 96 af d5 bc 1b 4a f4 3f a3 67 6a 5d a0 cb ae 4f 5f 78 40 cf 1d 9d a0 b9 7f 5e a5 bf 3d f2 3d 9d de f7 7b 1a fa 7f 7f d0 d2 60 48 53 f2 b6 96 3a 7f 08 ae 1b 10 a3 54 e5 e0 07 7a 72 c2 bf 6b dd b9 53 34 ef 75 e7 75 d6 fe 9f e6 4d fb 67 5d 60 0b 84 2a da 87 02 2d fb ef 89 fa a0 cf e3 7a f5 1d 77 f9 2b 8f 8e d7 e0 33 e2 54 17 ed 79 55 f7 dd fa 37 9d 71 cf ff d3 6a e7 78 df Data Ascii: T[LNU>/v30\dByzyf[fYln^+wkNVogSE5%'hAzz:{\L^XjJ?gj]O_x@^=={`HS:TzrkS4uuMg]`*-zw+3TyU7qjx
2024-09-20 12:29:10 UTC	1369	IN	Data Raw: 53 65 02 1c 23 46 19 6f f7 73 35 2c f0 07 34 1e b7 e9 57 d9 3f fa 00 00 00 38 7e 11 5f ee ed dd ad ad 26 14 f1 ce e7 cc 32 53 de 62 03 0e b3 cc 1f f7 2a 5c b6 2e f4 2b 80 3e d2 77 7f e2 7e 59 67 b7 77 e3 c4 c8 f0 23 14 0e 99 90 c7 fd b2 30 d8 a7 a4 2f b8 1f e1 ea 9e 2c 9d d7 3d 3a e8 29 5b 75 1e ae 08 ca d2 45 bd a4 b9 0f fa d5 44 71 14 14 84 5e 23 a2 ff 9f 00 bb 8f df 0f 7e 09 e9 76 3f 60 2a 85 cc 71 3f b9 3b 4b dd 42 ef 89 cb 54 bc 4f 33 c1 58 cc 73 e2 13 8b 00 a8 1a 05 c3 91 62 73 1b ae 6a b6 f0 a3 42 7b f7 af e9 57 b4 53 8f f6 4d 6d 87 d0 f7 2c fb 47 cc e1 fd dd 87 ed 73 5a a4 57 fc 4f 24 78 2c 04 40 2e d3 19 f6 57 85 45 f6 d6 f0 be 8c f4 74 9d 72 52 92 db 33 45 79 78 8f f3 7a ce eb 74 36 cd bf 3e 8b 2a 9d f9 c0 54 08 99 66 5e 2d 6d d3 ac 31 d7 b4 b0 Data Ascii: Se#Fos5,4W?8~_&2Sb\.+>w~Ygw#0/,=:)[uEDq^#~v?`q?;KBTO3XsbsjB{WSMm,GsZWO$x,@.WEtrR3Eyxzt6>*Tf^-m1

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:12 UTC	702	OUT	GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.huntress.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.5d94925d4.min.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:12 UTC	780	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:12 GMT Content-Type: application/octet-stream Content-Length: 19348 Connection: close x-amz-id-2: zWXIPo2VGZV6SkOwjuRS/T8GmAGBxjs9oL0XgUtELfZcbppx1xbeksY6a9CZYKxN8fNa0XJU4n8= x-amz-request-id: AW7HCY1X38N60X4W Access-Control-Allow-Methods: GET, HEAD Access-Control-Max-Age: 3000 Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method Last-Modified: Wed, 13 Dec 2023 16:34:20 GMT ETag: "a0118c6d18835732ae0eb880babc7598" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: 1upZc36cdk27x7Arg8l9thaL3L34ome5 CF-Cache-Status: HIT Age: 2130926 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 8c61d1d8cdfe440d-EWR
2024-09-20 12:29:12 UTC	589	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 4b 94 00 12 00 00 00 00 b8 60 00 00 4b 2b 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 3c 1b a6 4e 1c 84 1c 06 60 00 83 6a 08 3a 09 84 65 11 08 0a 82 9e 20 81 fe 24 0b 83 58 00 01 36 02 24 03 87 2a 04 20 05 86 72 07 85 67 0c 81 7b 1b 4e a5 35 ca b6 dd 2c 08 74 07 22 3d 34 5d 71 0f b8 c3 b0 71 00 8d 87 58 c3 99 81 60 e3 00 80 da 8f 29 fe ff 8f c9 8d 31 b0 47 cc aa 87 a2 cc 0c ac 84 50 39 bb 5d 93 ab 6a ed 3e 3d 69 b1 6d 74 5d f8 ca d1 f4 72 64 85 1a aa b5 ba 78 42 91 28 73 c2 28 19 8a 0f 3e ec e0 c7 f7 73 91 a0 50 71 8b 73 c0 a3 7e df 54 74 4f 2a ba 48 14 ff d0 58 c2 39 70 74 f5 cc 0a b7 c3 99 61 2b d4 7b f6 3b 96 1e 95 8f 4e 92 c9 76 94 99 9c 2c 12 7f 2a 98 9a 26 55 75 8d 9d 81 Data Ascii: wOF2K`K+?FFTM<N`j:e $X6$* rg{N5,t"=4]qqX`)1GP9]j>=imt]rdxB(s(>sPqs~TtOHX9pta+{;Nv,&Uu
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 9f 22 4f 09 84 63 74 5d 15 a6 42 cd ec 93 c9 c9 39 27 13 7e af 39 c9 23 9a 97 c2 a5 c2 e3 64 26 37 4d 72 a1 40 a0 9e 90 37 b7 44 a8 08 74 5d ab 2a 14 aa 1a f9 ac 2d a0 ac fb 5f 38 c7 f6 bc 4d ab b4 de ff 2d e9 fd b6 06 3c 47 63 1f 87 77 49 24 c3 42 94 5c 90 cb af 25 35 7c 81 d5 dd a6 6e 63 db 0b f6 b0 b5 3b 0b 64 98 59 60 8a 0f 33 8f 0f 29 02 ce 2e 09 31 ce 27 08 2f 4d ee af fd 5a bd 6b ed 4a d6 10 2f 65 c3 f5 2d ae f9 9a d8 7e d3 77 bb e0 8d c6 10 8a 35 f1 50 ac 34 2a a1 79 09 0c 09 b7 65 6a 03 56 73 55 1c 40 ab 7a f9 3c ee cd d0 d0 ce 11 52 09 5e b0 a9 04 11 db fd f8 85 fb 19 9b ff ff 5d dd dd a8 e7 36 a7 20 21 ca 41 52 c2 f9 ab 8e b1 55 91 7e 79 95 de 22 da a0 52 53 b8 f7 6b 20 fe 1f 94 a7 f7 10 10 e0 f1 37 00 00 bc b9 18 2c 0a 20 30 0c 80 25 80 e5 60 Data Ascii: "Oct]B9'~9#d&7Mr@7Dt]-_8M-<GcwI$B\%5\|nc;dY`3).1'/MZkJ/e-~w5P4yejVsU@z<R^]6 !ARU~y"RSk 7, 0%`
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: c4 2c e0 27 7d 68 8b cc fa 37 11 c0 85 da 58 78 eb 9d 34 28 e3 3b 5e 9d 3e 03 42 ed 57 07 fd ec a1 5e 32 1c 4f db 7e 69 50 51 b1 e2 51 0d 9e 98 f3 77 dd 9c 97 58 7c d2 3e 6e 41 cb 42 f8 65 52 3d bd 43 b5 64 7a ea 8d 25 26 3d bd 14 bb 03 3f 1b 1e 48 13 4a b8 5e ea 2b 68 4d be 90 9b 53 30 43 17 8c d6 31 0f ec 87 e8 aa fc 32 3d fd 3e 7c 16 0e c9 40 23 b0 e9 8d 75 5a c5 7f 1b 13 68 2e 3f 3f 60 82 16 5c 39 61 69 fc 45 4f 2e e3 47 d4 b3 9c 49 0a ea a5 9c 68 29 27 46 c5 2d a7 b9 f1 11 85 e1 a7 97 5c a7 cc 6e 50 c8 4d 8a 24 48 69 08 51 5a c2 94 83 18 85 88 53 36 d2 94 81 0c a5 21 4b 2f 93 a3 17 c9 53 0c 05 4a 47 91 32 d1 a0 28 9a 94 8a 16 65 a7 43 d1 f4 15 82 60 25 a0 11 cc 88 c2 99 53 2a 96 94 95 2d a5 66 4f 59 38 50 6a 8e db 67 94 24 1d 4c e6 f6 99 65 c9 85 54 Data Ascii: ,'}h7Xx4(;^>BW^2O~iPQQwX\|>nABeR=Cdz%&=?HJ^+hMS0C12=>\|@#uZh.??`\9aiEO.GIh)'F-\nPM$HiQZS6!K/SJG2(eC`%S*-fOY8Pjg$LeT
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 20 79 1c 90 b0 53 b5 74 17 51 ed eb d6 a6 83 c7 a8 ed 8f ba 57 7e 48 af eb d0 96 76 21 28 e8 16 f9 b2 7d 9b 8d 79 48 1d d1 d1 d5 e5 0d 3f 8b 13 6e ea 88 93 7e e3 aa c9 33 eb 0d 02 e9 2e e9 0d 13 b5 14 ed 1a cd 1e 08 12 6a 07 bb 1e 78 e4 f1 71 41 9b 48 df ce e4 a8 7b 06 2d ad 41 df ca f7 03 ae 72 96 a5 ef 1d b1 77 44 98 f7 3b b2 c5 b2 2b c5 38 9c fc 77 9c 15 ab f6 fb f0 c7 59 a9 9d 2b 18 b9 7d 78 13 99 d0 06 ed 5b 67 97 86 21 f9 50 e6 55 bf 68 80 46 11 a8 75 8c 06 57 b8 a7 b5 d8 27 fc 0d 6d 9f 9a bd 2a 47 6c 94 f6 da 3c b5 94 37 55 40 65 27 96 f7 1b 54 bc 72 c0 04 38 f7 30 02 a8 99 da 8f 74 25 40 28 9d c9 93 35 44 db 0d 34 8d d1 69 20 92 58 cb fb ab 22 6b 31 bc 97 b2 37 52 82 e4 84 f0 01 3e 19 81 9d 80 45 4b 2d 0f 9a 78 cd 9c 8c 56 41 35 0e ae 22 f1 a4 41 Data Ascii: yStQW~Hv!(}yH?n~3.jxqAH{-ArwD;+8wY+}x[g!PUhFuW'm*Gl<7U@e'Tr80t%@(5D4i X"k17R>EK-xVA5"A
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 4e 10 2b a5 8d ec 40 2a 0a 80 99 14 65 89 4e c6 26 9a ac 8c 16 1a 8d 3a 52 ba 28 24 a4 0c 63 b0 0e 65 86 ad 8b 67 ef 3d 63 5a 5c 36 82 f8 15 cf 27 fa bf 40 40 58 5c 0c 32 29 f6 1e 9d df a7 e4 ae 04 ee 7b 1c 42 20 53 11 89 ab 90 bf ab 34 2a ad 4b cc b4 d2 33 68 49 29 bc a6 45 69 95 6b ef a4 24 2d 0a 8f 47 a4 90 c9 ad 0b 4d 0b 21 80 28 36 39 c0 10 c5 09 e2 3a d7 86 3e 7b bf 28 8d d8 48 da 71 e3 9a e5 01 2b 64 e3 38 b3 dd 2f ed 3d f5 24 27 aa 4a 15 d1 c0 f8 e6 e5 e2 93 6c 71 76 bc 9c 85 a0 13 2c 8f cf 16 98 cd 4f fd b9 fc 3f 95 f3 1b 83 81 28 7e 17 b6 23 ca 8c 1f 31 85 da c7 49 25 7d 73 9b c5 da ce 78 f8 7a f2 3c c1 5d de da 26 73 61 a1 29 6d 87 dc 65 39 88 fb c9 78 72 cc ec d7 03 be e5 0c 79 bd 8f 02 7d 93 8d 4b 45 8e cb d1 b8 0f 59 8c c0 b2 66 02 d5 54 26 Data Ascii: N+@eN&:R($ceg=cZ\6'@@X\2){B S4K3hI)Eik$-GM!(69:>{(Hq+d8/=$'Jlqv,O?(~#1I%}sxz<]&sa)me9xry}KEYfT&
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 6f 0f 43 cb 3e da 24 69 33 43 b3 22 02 25 02 81 68 ab 72 6a fb 1b fe 02 a5 a2 b6 73 0c 31 0e e4 ab fd 1c b1 b6 0b cc bc 06 0e bd 25 ed 94 f6 92 de 92 15 ca 8a e9 a5 1d 87 44 78 66 eb 60 be 87 eb a2 ae 3c df b5 2b a5 6f 4a 79 08 ce c2 04 7c af b0 60 37 3e e7 26 53 2c 3f 4a a0 86 ef bb 00 13 de ec 87 ca be d4 f9 db fd 3b 30 99 8f 1a fb 72 ef 4e 0f c5 07 04 df a5 1f 65 65 24 3f 81 bd 10 7a 9b f4 94 90 7b 6f 13 da 97 a5 69 d2 6e 63 9a bf 0c 90 c3 94 c7 8a c8 0d f8 22 ec c7 ce f2 db 8d be 2d a6 1b 29 2d cf 4a 29 29 3f 84 02 e3 cd 6b 2c f0 19 f9 21 99 65 55 d9 7e 0e 77 29 21 c5 19 f1 a9 39 59 49 77 2b d3 0a a0 ac d2 ac 44 a8 38 05 0f fe f5 73 d3 83 c9 dd 7f 4e 66 56 4f 77 a6 9d a2 fb 7c 6e 47 f0 25 f6 de 9d fd 77 b1 02 ec 27 89 9b f8 df 98 f9 34 f7 60 a9 74 c9 Data Ascii: oC>$i3C"%hrjs1%Dxf`<+oJy\|`7>&S,?J;0rNee$?z{oinc"-)-J))?k,!eU~w)!9YIw+D8sNfVOw\|nG%w'4`t
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: c3 5e d4 6e cc ee ee 55 b7 fc ab 93 57 85 2d f3 44 4e 12 99 6a 7e e4 88 b2 a4 aa 54 0b e6 4b 01 2a 52 54 d9 04 40 a5 4f 94 49 c0 52 88 44 7e 94 00 91 09 5d 3b 05 50 e9 53 65 d1 80 8a 14 ad a8 b4 7d eb e9 dd 9b 4f 3b c7 8f c7 8e 99 10 45 a5 45 5c f0 12 70 38 c5 57 7b 03 77 bb 1d 50 4e 07 2c 5c 42 f0 c1 6e 29 6e 5a 14 13 7c c9 ac 55 f8 c8 13 0a bc f1 73 31 9f 15 e3 f4 bf a6 49 42 4a 7f dd ca 00 a9 c9 2a c4 c5 ce aa d2 86 47 eb 20 df 3c 3b 1b a0 00 59 21 30 33 f3 e8 26 9c f1 e7 8b 3b 93 0f 03 f3 d0 b1 0c a2 e6 ed 03 29 85 0f 1f 8d e5 3f cc 18 36 6a 77 b2 c3 5c ad 09 f9 b6 9d 56 34 f4 71 87 aa bb 97 ca 3b 37 d5 27 a7 62 69 92 77 a4 7c 91 e0 56 18 41 65 d3 8b b0 0f 6b 9d 75 0b d8 47 f0 db 3b b2 33 fc 7a 2b 38 31 1e 70 4f 9c 0c 50 a0 03 1d 12 90 36 3f fa 4e 8c Data Ascii: ^nUW-DNj~TKRT@OIRD~];PSe}O;EE\p8W{wPN,\Bn)nZ\|Us1IBJG <;Y!03&;)?6jw\V4q;7'biw\|VAekuG;3z+81pOP6?N
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 0b 82 3c b6 fb 96 85 ff 7e 29 db 6e 2f 51 6c 74 e7 13 74 e6 29 36 4b 73 fd 56 ba 6b f3 73 ba ab 83 56 f8 f9 ae da 6b 98 66 65 a6 e6 da 6b 5d 1d d5 dc 98 96 fa 3a e6 a6 1a de b7 07 01 c4 f1 f5 ca ba ce c6 e2 02 37 47 73 3b 47 bf 8c 98 e0 48 bf 0c 47 7b 7b 33 8f 82 f2 ae ba 9a ea d1 f5 36 6a b1 92 c0 96 88 2e 9c 78 5a ac 86 a1 84 58 1d ad 57 e7 bd 8c 94 f2 dc 54 79 17 4e e3 e6 3e 0b 3d 8b 84 88 7b 31 0d be 8e 71 b7 ad ae 53 72 83 4c 81 b5 62 b0 07 17 33 7f 72 0e 94 0b 65 e7 f0 24 dd 98 1f c4 c7 d7 2b b5 53 d0 c2 a9 fa 10 6c 84 be a1 ba 7a e6 b6 2a ee ae ce 2a 2c f3 f1 2f 83 a8 a6 09 4b 79 5b 62 5c cc 5d e5 28 11 50 ae 60 89 64 cc 7f 42 c6 5e 70 c2 c3 89 a6 eb 55 5a 90 95 8a a4 8e 81 bc 7b 26 05 fd 92 8d 50 47 e0 41 5f 9b f4 2e aa f4 f5 2e a8 f0 f1 2d 28 f6 Data Ascii: <~)n/Qltt)6KsVksVkfek]:7Gs;GHG{{36j.xZXWTyN>={1qSrLb3re$+Slz**,/Ky[b\](P`dB^pUZ{&PGA_..-(
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: d3 34 6e e9 94 2a c9 8d 92 b4 70 12 7d d4 ee 86 aa 56 dd e8 c6 ef c0 6b a8 79 b8 13 de fc 2f aa 25 6f ec c8 52 64 45 a9 dd 77 06 d7 42 8d b8 b9 56 0c ce f2 22 9a 35 8b bf 68 8d 8b 23 2c 6c 23 59 33 52 00 f7 41 1a d6 54 3f cf f4 e3 d6 0b 03 df ac de bb d7 18 19 2c 34 9d 9d bd 53 a8 ed 3a 91 98 64 3b 24 2c 5d f3 5e a2 27 73 34 41 db ad 15 ff 93 aa dc a1 26 f4 cf 16 21 35 ed 59 42 e4 21 29 25 bb 65 26 21 ae ec 98 e4 c8 4e 97 a9 6d 9f 5f 3f 1e 5a be f3 a3 8a 4e 2c 43 4c 66 79 0f 34 1b cf c7 ab f7 75 61 95 2f 8b d1 e3 80 ba 99 c8 26 46 bb 17 a2 75 9b 07 4c af 68 9d 88 18 93 de fc 68 b5 f9 49 e9 69 2c 93 0b 26 be 8f e6 9a 82 72 4a 41 49 97 71 3b 8a 63 e7 29 e9 9e a6 15 e9 15 c9 49 31 ab f7 0a d6 3a 5d bf 3f 84 ba f1 39 82 b6 fc b5 d1 7f 8e 32 09 01 0e 37 b5 0b Data Ascii: 4n*p}Vky/%oRdEwBV"5h#,l#Y3RAT?,4S:d;$,]^'s4A&!5YB!)%e&!Nm_?ZN,CLfy4ua/&FuLhhIi,&rJAIq;c)I1:]?927
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 9d 38 af 24 18 0e b5 92 93 75 aa b5 78 9c 26 30 dc f1 1d c6 48 67 fd a3 73 df b0 b6 e6 b9 9e 34 d5 ad ef 6c 0d cb 72 58 de 69 14 12 f0 64 d3 1d e0 1a 93 04 b6 7f b8 8d 76 4f 0a 16 f9 84 16 ea eb 14 17 3f 94 2f 36 35 a0 14 88 1b 09 23 99 45 c3 6e c4 0d d6 18 e8 2d b9 d3 12 d3 69 48 b7 0b c6 00 77 65 cd 12 a5 1a d6 67 10 39 f1 78 22 e0 7f 91 34 40 79 2e 8b c2 46 a3 36 df 41 c0 3c e2 32 ab 30 23 9d 40 47 84 30 ff d2 f3 3f b3 68 f7 62 7e 88 e1 a6 10 52 7e 7f a5 66 83 d6 38 61 64 e7 dd 92 0d 30 ab 69 45 61 c6 45 73 60 d2 d6 3d d1 7e b4 ab e7 35 a4 9c 48 22 38 28 48 12 d4 ad 98 36 7d 05 31 51 17 d2 ae c5 96 69 cb 34 2a d2 dc 09 14 46 ce 22 0b 5c ce 28 ef b4 1f 08 75 e8 28 80 65 c1 d0 8d 99 ca 22 e8 1b 1c 74 df e1 d9 1e c6 41 2f ae cd 86 c1 31 e6 74 86 0c a6 1b Data Ascii: 8$ux&0Hgs4lrXidvO?/65#En-iHweg9x"4@y.F6A<20#@G0?hb~R~f8ad0iEaEs`=~5H"8(H6}1Qi4*F"\(u(e"tA/1t

Timestamp	Bytes transferred	Direction	Data
2024-09-20 12:29:12 UTC	552	OUT	GET /3_24_2_kzhk9kjvjzpzdnk61lg3.js HTTP/1.1 Host: static.huntresscdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.huntress.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-20 12:29:12 UTC	753	IN	HTTP/1.1 200 OK Date: Fri, 20 Sep 2024 12:29:12 GMT Content-Type: text/javascript Content-Length: 80160 Connection: close Cf-Bgj: minify Cf-Polished: origSize=80198 ETag: "eccf49ea3affa7d8ede265d518e6d439" Last-Modified: Thu, 15 Aug 2024 19:33:40 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2927 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BN4QCVg4FudNu907P2WR77I23ZOlN75i3z1bZ0lsEhcl6R4siGseikCJzgGKzu3OpUoIIwajJV%2FqA7P9VTo4ozU8hlvlyGwvSMz6rOEk%2F9GAcinSrn%2FQD5A4E6WDlE3CMs1X4R1Wu4o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c61d1d8ea0518f2-EWR
2024-09-20 12:29:12 UTC	616	IN	Data Raw: 2f 2a 21 0a 2a 20 57 65 62 20 61 6e 61 6c 79 74 69 63 73 20 66 6f 72 20 53 6e 6f 77 70 6c 6f 77 20 76 33 2e 32 34 2e 32 20 28 68 74 74 70 3a 2f 2f 62 69 74 2e 6c 79 2f 73 70 2d 6a 73 29 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 53 6e 6f 77 70 6c 6f 77 20 41 6e 61 6c 79 74 69 63 73 20 4c 74 64 2c 20 32 30 31 30 20 41 6e 74 68 6f 6e 20 50 61 6e 67 0a 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 42 53 44 2d 33 2d 43 6c 61 75 73 65 0a 2a 2f 22 75 73 65 20 73 74 72 69 63 74 22 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 6e 29 7b 76 61 72 20 74 2c 6f 3d 7b 7d 3b 66 6f 72 28 74 20 69 6e 20 65 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c Data Ascii: /! Web analytics for Snowplow v3.24.2 (http://bit.ly/sp-js)* Copyright 2022 Snowplow Analytics Ltd, 2010 Anthon Pang* Licensed under BSD-3-Clause*/"use strict";!function(){function e(e,n){var t,o={};for(t in e)Object.prototype.hasOwnProperty.call(e,
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 6e 2c 30 2c 72 29 29 2c 6f 5b 72 5d 3d 6e 5b 72 5d 29 3b 72 65 74 75 72 6e 20 65 2e 63 6f 6e 63 61 74 28 6f 7c 7c 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 6e 29 29 7d 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 65 2c 6e 3d 7b 7d 2c 74 3d 5b 5d 2c 6f 3d 5b 5d 2c 69 3d 5b 5d 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 75 6c 6c 21 3d 74 26 26 22 22 21 3d 3d 74 26 26 28 6e 5b 65 5d 3d 74 29 7d 3b 72 65 74 75 72 6e 7b 61 64 64 3a 61 2c 61 64 64 44 69 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 65 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 6e 29 Data Ascii: ype.slice.call(n,0,r)),o[r]=n[r]);return e.concat(o\|\|Array.prototype.slice.call(n))}function t(){var e,n={},t=[],o=[],i=[],a=function(e,t){null!=t&&""!==t&&(n[e]=t)};return{add:a,addDict:function(e){for(var n in e)Object.prototype.hasOwnProperty.call(e,n)
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 29 3b 76 61 72 20 73 3d 5a 65 2e 69 6e 64 65 78 4f 66 28 65 2e 63 68 61 72 41 74 28 74 2b 2b 29 29 2c 75 3d 61 3c 3c 31 38 7c 63 3c 3c 31 32 7c 72 3c 3c 36 7c 73 3b 61 3d 75 3e 3e 31 36 26 32 35 35 2c 63 3d 75 3e 3e 38 26 32 35 35 2c 75 26 3d 32 35 35 2c 69 5b 6f 2b 2b 5d 3d 36 34 3d 3d 3d 72 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 61 29 3a 36 34 3d 3d 3d 73 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 61 2c 63 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 61 2c 63 2c 75 29 7d 77 68 69 6c 65 28 74 3c 65 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 20 72 3d 69 2e 6a 6f 69 6e 28 22 22 29 2c 6e 3d 72 2e 72 65 70 6c 61 63 65 28 2f 5c 30 2b 24 2f 2c 22 22 29 2c 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 Data Ascii: );var s=Ze.indexOf(e.charAt(t++)),u=a<<18\|c<<12\|r<<6\|s;a=u>>16&255,c=u>>8&255,u&=255,i[o++]=64===r?String.fromCharCode(a):64===s?String.fromCharCode(a,c):String.fromCharCode(a,c,u)}while(t<e.length);return r=i.join(""),n=r.replace(/\0+$/,""),decodeURIComp
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 65 29 21 3d 3d 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 7d 29 29 3a 76 28 74 29 26 26 28 65 3d 65 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 21 3d 3d 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 7d 29 29 29 7d 2c 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 6f 28 74 5b 72 5d 29 7d 2c 67 65 74 41 70 70 6c 69 63 61 62 6c 65 43 6f 6e 74 65 78 74 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 65 3a 7b 66 6f 72 28 76 61 72 20 6f 3d 30 2c 72 3d 74 2e 67 65 74 4a 73 6f 6e 28 29 3b 6f 3c 72 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 7b 76 61 72 20 69 3d 72 5b 6f 5d 3b 69 66 28 22 75 65 5f 70 78 22 3d 3d 3d 69 2e 6b 65 79 49 66 45 6e 63 6f 64 65 64 26 26 22 Data Ascii: e)!==JSON.stringify(t)})):v(t)&&(e=e.filter((function(e){return JSON.stringify(e)!==JSON.stringify(t)})))},r=0;r<t.length;r++)o(t[r])},getApplicableContexts:function(t){e:{for(var o=0,r=t.getJson();o<r.length;o++){var i=r[o];if("ue_px"===i.keyIfEncoded&&"
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 65 6e 67 74 68 29 26 26 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 22 2a 22 3d 3d 3d 65 5b 30 5d 7c 7c 22 2a 22 3d 3d 3d 65 5b 31 5d 29 72 65 74 75 72 6e 21 31 3b 69 66 28 30 3c 65 2e 73 6c 69 63 65 28 32 29 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 6e 3d 21 31 2c 74 3d 30 3b 66 6f 72 28 65 3d 65 2e 73 6c 69 63 65 28 32 29 3b 74 3c 65 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 69 66 28 22 2a 22 3d 3d 3d 65 5b 74 5d 29 6e 3d 21 30 3b 65 6c 73 65 20 69 66 28 6e 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 20 32 3d 3d 65 2e 6c 65 6e 67 74 68 7d 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 69 66 28 6e 75 6c 6c 21 3d 3d 28 65 3d 2f 5e 69 67 6c 75 3a 28 28 3f 3a 28 3f 3a 5b 61 2d 7a 41 2d 5a 30 2d 39 2d 5f 5d 2b 7c 5c 2a 29 2e 29 Data Ascii: ength)&&function(e){if(""===e[0]\|\|""===e[1])return!1;if(0<e.slice(2).length){var n=!1,t=0;for(e=e.slice(2);t<e.length;t++)if(""===e[t])n=!0;else if(n)return!1;return!0}return 2==e.length}(e)}function u(e){if(null!==(e=/^iglu:((?:(?:[a-zA-Z0-9-_]+\|\).)
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 7c 68 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 77 28 65 2c 6e 29 7b 69 66 28 21 6c 28 65 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 65 3d 75 28 65 29 2c 6e 3d 6e 75 6c 6c 21 3d 3d 28 6e 3d 2f 5e 69 67 6c 75 3a 28 5b 61 2d 7a 41 2d 5a 30 2d 39 2d 5f 2e 5d 2b 29 5c 2f 28 5b 61 2d 7a 41 2d 5a 30 2d 39 2d 5f 5d 2b 29 5c 2f 6a 73 6f 6e 73 63 68 65 6d 61 5c 2f 28 5b 31 2d 39 5d 5b 30 2d 39 5d 2a 29 2d 28 30 7c 5b 31 2d 39 5d 5b 30 2d 39 5d 2a 29 2d 28 30 7c 5b 31 2d 39 5d 5b 30 2d 39 5d 2a 29 24 2f 2e 65 78 65 63 28 6e 29 29 3f 6e 2e 73 6c 69 63 65 28 31 2c 36 29 3a 76 6f 69 64 20 30 2c 65 26 26 6e 29 7b 69 66 28 21 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 6e 3d 6e 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 65 2e 73 70 6c 69 74 28 22 2e 22 29 2c 6e 26 26 Data Ascii: \|h(e)}function w(e,n){if(!l(e))return!1;if(e=u(e),n=null!==(n=/^iglu:([a-zA-Z0-9-_.]+)\/([a-zA-Z0-9-_]+)\/jsonschema\/([1-9][0-9])-(0\|[1-9][0-9])-(0\|[1-9][0-9]*)$/.exec(n))?n.slice(1,6):void 0,e&&n){if(!function(e,n){if(n=n.split("."),e=e.split("."),n&&
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 65 73 73 6f 72 28 6f 28 6c 29 29 2c 65 2e 61 64 64 28 22 65 69 64 22 2c 51 65 2e 76 34 28 29 29 2c 65 2e 61 64 64 44 69 63 74 28 64 29 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 7b 74 79 70 65 3a 22 64 74 6d 22 2c 76 61 6c 75 65 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 3a 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 3f 7b 74 79 70 65 3a 22 64 74 6d 22 2c 76 61 6c 75 65 3a 65 7d 3a 22 74 74 6d 22 3d 3d 3d 65 2e 74 79 70 65 3f 7b 74 79 70 65 3a 22 74 74 6d 22 2c 76 61 6c 75 65 3a 65 2e 76 61 6c 75 65 7d 3a 7b 74 79 70 65 3a 22 64 74 6d 22 2c 76 61 6c 75 65 3a 65 2e 76 61 6c 75 65 7c 7c 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 7d 28 74 29 2c 65 2e 61 64 64 Data Ascii: essor(o(l)),e.add("eid",Qe.v4()),e.addDict(d),t=function(e){return null==e?{type:"dtm",value:(new Date).getTime()}:"number"==typeof e?{type:"dtm",value:e}:"ttm"===e.type?{type:"ttm",value:e.value}:{type:"dtm",value:e.value\|\|(new Date).getTime()}}(t),e.add
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 64 2e 63 64 3d 65 7d 2c 73 65 74 54 69 6d 65 7a 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 2e 74 7a 3d 65 7d 2c 73 65 74 4c 61 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 2e 6c 61 6e 67 3d 65 7d 2c 73 65 74 49 70 41 64 64 72 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 2e 69 70 3d 65 7d 2c 73 65 74 55 73 65 72 61 67 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 2e 75 61 3d 65 7d 2c 61 64 64 47 6c 6f 62 61 6c 43 6f 6e 74 65 78 74 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 75 2e 61 64 64 47 6c 6f 62 61 6c 43 6f 6e 74 65 78 74 73 28 65 29 7d 2c 63 6c 65 61 72 47 6c 6f 62 61 6c 43 6f 6e 74 65 78 74 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 75 2e 63 6c 65 61 72 47 6c 6f 62 61 6c 43 6f 6e 74 65 78 74 73 28 29 7d 2c 72 65 6d 6f 76 65 47 6c 6f Data Ascii: d.cd=e},setTimezone:function(e){d.tz=e},setLang:function(e){d.lang=e},setIpAddress:function(e){d.ip=e},setUseragent:function(e){d.ua=e},addGlobalContexts:function(e){u.addGlobalContexts(e)},clearGlobalContexts:function(){u.clearGlobalContexts()},removeGlo
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 29 7b 74 72 79 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 3b 72 65 74 75 72 6e 20 6e 2e 72 65 6d 6f 76 65 49 74 65 6d 28 65 29 2c 6e 2e 72 65 6d 6f 76 65 49 74 65 6d 28 65 2b 22 2e 65 78 70 69 72 65 73 22 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 28 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 78 28 65 29 7b 72 65 74 75 72 6e 20 62 74 6f 61 28 65 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2b 2f 67 2c 22 2d 22 29 2e 72 65 70 6c 61 63 65 28 2f 5c Data Ascii: ){return!1}}function O(e){try{var n=window.localStorage;return n.removeItem(e),n.removeItem(e+".expires"),!0}catch(e){return!1}}function I(e){try{return window.sessionStorage.getItem(e)}catch(e){}}function x(e){return btoa(e).replace(/\+/g,"-").replace(/\
2024-09-20 12:29:12 UTC	1369	IN	Data Raw: 43 6f 6d 70 6f 6e 65 6e 74 28 6e 75 6c 6c 21 3d 6e 3f 6e 3a 22 22 29 2b 28 74 3f 22 3b 20 45 78 70 69 72 65 73 3d 22 2b 6e 65 77 20 44 61 74 65 28 2b 6e 65 77 20 44 61 74 65 2b 31 65 33 2a 74 29 2e 74 6f 55 54 43 53 74 72 69 6e 67 28 29 3a 22 22 29 2b 28 6f 3f 22 3b 20 50 61 74 68 3d 22 2b 6f 3a 22 22 29 2b 28 72 3f 22 3b 20 44 6f 6d 61 69 6e 3d 22 2b 72 3a 22 22 29 2b 28 69 3f 22 3b 20 53 61 6d 65 53 69 74 65 3d 22 2b 69 3a 22 22 29 2b 28 61 3f 22 3b 20 53 65 63 75 72 65 22 3a 22 22 29 3a 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 28 28 22 3b 20 22 2b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 29 2e 73 70 6c 69 74 28 22 3b 20 22 2b 65 2b 22 3d 22 29 5b 31 5d 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 3b 22 29 5b 30 5d 29 7d 66 75 6e 63 74 69 Data Ascii: Component(null!=n?n:"")+(t?"; Expires="+new Date(+new Date+1e3*t).toUTCString():"")+(o?"; Path="+o:"")+(r?"; Domain="+r:"")+(i?"; SameSite="+i:"")+(a?"; Secure":""):decodeURIComponent((("; "+document.cookie).split("; "+e+"=")[1]\|\|"").split(";")[0])}functi