0day.work Open in urlscan Pro
148.251.132.242 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://0day.work/parsing-the-ds_store-file-format/
Submission: On March 28 via manual (March 28th 2023, 5:37:52 pm UTC) from US — Scanned from DE

Summary HTTP 26 Redirects Links 15 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 26 HTTP transactions. The main IP is 148.251.132.242, located in Germany and belongs to HETZNER-AS, DE. The main domain is 0day.work.
TLS certificate: Issued by R3 on March 11th 2023. Valid for: 3 months.

This is the only time 0day.work was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
26	148.251.132.242 148.251.132.242		24940 (HETZNER-AS) (HETZNER-AS)
26	1

26 148.251.132.242 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.132.251.148.clients.your-server.de

0day.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
piwik.neef.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	0day.work 0day.work	912 KB
1	neef.it piwik.neef.it
26	2

	Domain	Requested by
25	0day.work	0day.work
1	piwik.neef.it	0day.work
26	2

This site contains links to these domains. Also see Links.

Domain
it-solutions-neef.de
twitter.com
github.com
en.wikipedia.org
wiki.mozilla.org
search.cpan.org
digi.ninja
labs.internetwache.org
internetwache.org
en.internetwache.org
www.mbejda.com
ghost.org

Subject Issuer	Validity	Valid
0day.work R3	`2023-03-11` - `2023-06-09`	3 months	crt.sh
piwik.neef.it R3	`2023-01-28` - `2023-04-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://0day.work/parsing-the-ds_store-file-format/
Frame ID: 1AEFE7A95E43797EA2D6E681AFDFDFD8
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Parsing the .DS_Store file format | Sebastian Neef - 0day.work

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

912 kB
Transfer

1189 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://it-solutions-neef.de/datenschutz.html
Title: Mehr erfahren

Search URL Search Domain Scan URL

URL: https://twitter.com/0daywork
Title: @0daywork

Search URL Search Domain Scan URL

URL: https://twitter.com/gehaxelt
Title: @gehaxelt

Search URL Search Domain Scan URL

URL: https://it-solutions-neef.de/impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://github.com/gehaxelt/ds_store
Title: GitHub: Gehaxelt - Go DS_Store

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/.DS_Store
Title: all files (and also directories) in that folder

Search URL Search Domain Scan URL

URL: https://wiki.mozilla.org/DS_Store_File_Format
Title: https://wiki.mozilla.org/DS_Store_File_Format

Search URL Search Domain Scan URL

URL: http://search.cpan.org/~wiml/Mac-Finder-DSStore/DSStoreFormat.pod
Title: http://search.cpan.org/~wiml/Mac-Finder-DSStore/DSStoreFormat.pod

Search URL Search Domain Scan URL

URL: https://digi.ninja/projects/fdb.php
Title: https://digi.ninja/projects/fdb.php

Search URL Search Domain Scan URL

URL: https://github.com/gehaxelt/Python-dsstore
Title: Python version @ GitHub

Search URL Search Domain Scan URL

URL: https://labs.internetwache.org/ds_store/
Title: Online .DS_Store parser

Search URL Search Domain Scan URL

URL: https://internetwache.org/
Title: Internetwache.org

Search URL Search Domain Scan URL

URL: https://en.internetwache.org/scanning-the-alexa-top-1m-for-ds-store-files-12-03-2018/
Title: internetwache.org's english blog

Search URL Search Domain Scan URL

URL: https://www.mbejda.com/
Title: Milos Bejda

Search URL Search Domain Scan URL

URL: https://ghost.org/
Title: Ghost

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 0day.work/parsing-the-ds_store-file-format/	30 KB 10 KB	215ms 57ms	Document text/html	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `bd244e58afec1bbb6f0429ca774405011a53761ad9eccb99235987d1fff1111c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control public, max-age=0 content-encoding gzip content-type text/html; charset=utf-8 date Tue, 28 Mar 2023 17:37:47 GMT etag W/"7688-HoqYCL49ccehNS/50HiDhMaTsSU" server nginx vary Accept-Encoding x-powered-by Express
GET H2	200	bootstrap.min.css 0day.work/assets/css/	111 KB 19 KB	63ms 61ms	Stylesheet text/css	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/css/bootstrap.min.css?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `dc316bc631ec12ef6ddac144e571811d400d4f5c37988f3377d23f79be8a54da` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"1bc43-15e1e047068" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	monokai_sublime.css 0day.work/assets/css/	2 KB 1 KB	63ms 62ms	Stylesheet text/css	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/css/monokai_sublime.css?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `f6b612c54d2b6565e5ffda3c63bf3458c7ccfa50a3f25951444034fbdad015c7` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"8fb-15e1e047068" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	default.css 0day.work/assets/css/	2 KB 1015 B	63ms 61ms	Stylesheet text/css	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/css/default.css?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `320106cb71abe93863e68b69c682eb199de3caef40dc6adc9187639ad4076a98` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"892-15e1e047068" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	elusive-icons.min.css 0day.work/assets/css/	14 KB 3 KB	64ms 62ms	Stylesheet text/css	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/css/elusive-icons.min.css?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `0f48655999a70bc8797ff87c331fbc2c9111eb0f49869a0d6065222b98ce7ed3` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"3716-15e1e047068" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	cookieconsent.min.css 0day.work/assets/css/	4 KB 1 KB	63ms 62ms	Stylesheet text/css	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/css/cookieconsent.min.css?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `917deb54b8880710fc47abd93232c093cb473608eb454cbffe19d7f218c761a9` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Tue, 22 May 2018 23:11:36 GMT server nginx x-powered-by Express etag W/"f63-1638a1f4840" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	jquery.fancybox.min.css 0day.work/assets/css/	14 KB 3 KB	64ms 62ms	Stylesheet text/css	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/css/jquery.fancybox.min.css Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `e72ac4dd95f7f11db42ea03fd4cbe1dca1c9586d47245e36aad66546d1864601` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sun, 28 Oct 2018 17:17:01 GMT server nginx x-powered-by Express etag W/"3611-166bbadcac8" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	jquery.js Show response 0day.work/assets/js/	83 KB 30 KB	64ms 63ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/jquery.js?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `a294fb8bca0e3cd0eb2e1b0cb2c7dbb9c939098c8ef8ba572e16e6d7a6752814` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"14a8d-15e1e047068" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	cookieconsent.min.js Show response 0day.work/assets/js/	19 KB 7 KB	64ms 63ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/cookieconsent.min.js?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `e8aac0b7a7c3e3c17c621bf5bb24c098a602e4ad0c2867598f40d5ee49eca425` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Tue, 22 May 2018 23:11:48 GMT server nginx x-powered-by Express etag W/"4d5b-1638a1f7720" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	cookies.js Show response 0day.work/assets/js/	521 B 741 B	55ms 54ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/cookies.js?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `0351f0ba2ddd38b679170cdad9e75fff8cd1b338b25c718a103ea4729afde033` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Tue, 22 May 2018 23:11:53 GMT server nginx x-powered-by Express etag W/"209-1638a1f8aa8" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes content-length 521
GET H2	200	highlight.pack.js Show response 0day.work/assets/js/	41 KB 17 KB	105ms 104ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/highlight.pack.js?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `d02e99a80d42eb1d1951957d23e71fe144d4a5309ea370e4f71de97e089e1fc8` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"a5cf-15e1e047068" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	0day-1.png 0day.work/content/images/2016/01/	10 KB 11 KB	52ms 50ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2016/01/0day-1.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `10962e060a57a1c37639056fe53447eedef5b296c6cc83edd90197ad5b101c82` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Sat, 10 Sep 2016 11:08:52 GMT server nginx x-powered-by Express etag W/"2964-15713c925a0" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 10596
GET H2	200	dsstore_header.png 0day.work/content/images/2018/03/	73 KB 74 KB	53ms 52ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/dsstore_header.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `740ad21726d0b425ee2dce8dc3df409a9f79471db13d1acb4ab09d3c07fc03b7` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Tue, 06 Mar 2018 22:35:20 GMT server nginx x-powered-by Express etag W/"125d9-161fd746840" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 75225
GET H2	200	rootnode.png 0day.work/content/images/2018/03/	9 KB 9 KB	52ms 51ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/rootnode.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `7d53958b7da0a8081409fef6b713c686958cd57c89247ea3db089dfc533d81c3` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Tue, 06 Mar 2018 22:47:43 GMT server nginx x-powered-by Express etag W/"24a2-161fd7fbe98" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 9378
GET H2	200	dsstore_offsets-1.png 0day.work/content/images/2018/03/	52 KB 52 KB	53ms 52ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/dsstore_offsets-1.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `cc087b7f361812ef3a31e7b518f47af11dddb350821f3b3fd01a5207996f769c` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Thu, 08 Mar 2018 20:05:12 GMT server nginx x-powered-by Express etag W/"cfb7-1620737acc0" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 53175
GET H2	200	dsstore_toc.png 0day.work/content/images/2018/03/	37 KB 38 KB	54ms 53ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/dsstore_toc.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `144b935366bb2d26a0cfc57c3b90b4e6c838ba84a37c2b338913b6174dd7b879` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Tue, 06 Mar 2018 22:52:42 GMT server nginx x-powered-by Express etag W/"951a-161fd844e90" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 38170
GET H2	200	dsstore_freelist.png 0day.work/content/images/2018/03/	215 KB 215 KB	54ms 53ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/dsstore_freelist.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `daafe9ccf82bb343a5eb06db1133b8d1671421f2dded54cc45cb84928b31766c` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Tue, 06 Mar 2018 22:53:09 GMT server nginx x-powered-by Express etag W/"35a1e-161fd84b808" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 219678
GET H2	200	dsstore_rootblock.png 0day.work/content/images/2018/03/	31 KB 31 KB	54ms 53ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/dsstore_rootblock.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `cdd25ae9204ed4dc587aecc1b9d9b036ac30033d30dd9768591685416c0f248b` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Thu, 08 Mar 2018 21:42:58 GMT server nginx x-powered-by Express etag W/"7a2b-16207912ed0" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 31275
GET H2	200	dsstore_block.png 0day.work/content/images/2018/03/	289 KB 289 KB	59ms 58ms	Image image/png	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://0day.work/content/images/2018/03/dsstore_block.png Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `67248afc03b35828e40c227877de9d4e1fdd86b8ede9848e157a0caf79f6bc87` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Thu, 08 Mar 2018 22:28:58 GMT server nginx x-powered-by Express etag W/"483ce-16207bb4c10" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 295886
GET H2	200	jquery.fancybox.min.js Show response 0day.work/assets/js/	66 KB 22 KB	45ms 45ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/jquery.fancybox.min.js?v=1 Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `50b476aa512ee968a0258e3142c0ec25e5bbe9ef6d104d845a39ca110fb42fc4` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sun, 28 Oct 2018 16:58:13 GMT server nginx x-powered-by Express etag W/"10929-166bb9c9488" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	fancybox.js Show response 0day.work/assets/js/	630 B 850 B	41ms 41ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/fancybox.js?v=1 Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `fe38d4f12095ee34c4afdd384cf7b38e9c70b23e3507aabc7ee8bd0a7d5ba855` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Sun, 28 Oct 2018 17:16:32 GMT server nginx x-powered-by Express etag W/"276-166bbad5980" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes content-length 630
GET H2	200	modernizr.js Show response 0day.work/assets/js/	11 KB 5 KB	60ms 58ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/modernizr.js?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `1991b47b0dd898fb6b0affa24c03ee7bfed27796bd0959f54de929b89512afe6` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"2bfe-15e1e047068" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	index.js Show response 0day.work/assets/js/	3 KB 1 KB	60ms 59ms	Script application/javascript	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/js/index.js?v=e3077ced8f Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `3638fc8548aa9fb16254bc33aff6a27d3cc6ec838a8a323480b333f2a9a212c0` Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT content-encoding gzip last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"c65-15e1e047068" vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	apexnew-book-webfont.woff 0day.work/assets/fonts/	24 KB 24 KB	90ms 90ms	Font font/woff	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/fonts/apexnew-book-webfont.woff Requested by Host: 0day.work URL: https://0day.work/assets/css/default.css?v=e3077ced8f Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `7cf07b57c1f5a693766cecaf64874f9b2d432c61686c064bab3b172d2be1fe17` Request headers Referer https://0day.work/assets/css/default.css?v=e3077ced8f Origin https://0day.work accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"5e00-15e1e047068" vary Origin content-type font/woff access-control-allow-origin https://0day.work cache-control public, max-age=31536000 access-control-allow-credentials true accept-ranges bytes content-length 24064
GET H2	200	elusiveicons-webfont.woff 0day.work/assets/fonts/	48 KB 48 KB	91ms 91ms	Font font/woff	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://0day.work/assets/fonts/elusiveicons-webfont.woff?v=2.0.0 Requested by Host: 0day.work URL: https://0day.work/assets/css/elusive-icons.min.css?v=e3077ced8f Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software nginx / Express Resource Hash `91ae80f6f7052ffca5f547838af6d98e13939d6858f8a57c2ace77499697fd62` Request headers Referer https://0day.work/assets/css/elusive-icons.min.css?v=e3077ced8f Origin https://0day.work accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 17:37:47 GMT last-modified Sat, 26 Aug 2017 10:09:21 GMT server nginx x-powered-by Express etag W/"beac-15e1e047068" vary Origin content-type font/woff access-control-allow-origin https://0day.work cache-control public, max-age=31536000 access-control-allow-credentials true accept-ranges bytes content-length 48812
GET H2	502	piwik.js piwik.neef.it/	0 0	205ms 40ms	Script text/html	148.251.132.242 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://piwik.neef.it/piwik.js Requested by Host: 0day.work URL: https://0day.work/parsing-the-ds_store-file-format/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 148.251.132.242 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.242.132.251.148.clients.your-server.de Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://0day.work/parsing-the-ds_store-file-format/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery object| cookieconsent object| hljs function| aTagWrap object| _paq object| html5 object| Modernizr

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://piwik.neef.it/piwik.js Message: Failed to load resource: the server responded with a status of 502 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0day.work
piwik.neef.it
148.251.132.242
0351f0ba2ddd38b679170cdad9e75fff8cd1b338b25c718a103ea4729afde033
0f48655999a70bc8797ff87c331fbc2c9111eb0f49869a0d6065222b98ce7ed3
10962e060a57a1c37639056fe53447eedef5b296c6cc83edd90197ad5b101c82
144b935366bb2d26a0cfc57c3b90b4e6c838ba84a37c2b338913b6174dd7b879
1991b47b0dd898fb6b0affa24c03ee7bfed27796bd0959f54de929b89512afe6
320106cb71abe93863e68b69c682eb199de3caef40dc6adc9187639ad4076a98
3638fc8548aa9fb16254bc33aff6a27d3cc6ec838a8a323480b333f2a9a212c0
50b476aa512ee968a0258e3142c0ec25e5bbe9ef6d104d845a39ca110fb42fc4
67248afc03b35828e40c227877de9d4e1fdd86b8ede9848e157a0caf79f6bc87
740ad21726d0b425ee2dce8dc3df409a9f79471db13d1acb4ab09d3c07fc03b7
7cf07b57c1f5a693766cecaf64874f9b2d432c61686c064bab3b172d2be1fe17
7d53958b7da0a8081409fef6b713c686958cd57c89247ea3db089dfc533d81c3
917deb54b8880710fc47abd93232c093cb473608eb454cbffe19d7f218c761a9
91ae80f6f7052ffca5f547838af6d98e13939d6858f8a57c2ace77499697fd62
a294fb8bca0e3cd0eb2e1b0cb2c7dbb9c939098c8ef8ba572e16e6d7a6752814
bd244e58afec1bbb6f0429ca774405011a53761ad9eccb99235987d1fff1111c
cc087b7f361812ef3a31e7b518f47af11dddb350821f3b3fd01a5207996f769c
cdd25ae9204ed4dc587aecc1b9d9b036ac30033d30dd9768591685416c0f248b
d02e99a80d42eb1d1951957d23e71fe144d4a5309ea370e4f71de97e089e1fc8
daafe9ccf82bb343a5eb06db1133b8d1671421f2dded54cc45cb84928b31766c
dc316bc631ec12ef6ddac144e571811d400d4f5c37988f3377d23f79be8a54da
e72ac4dd95f7f11db42ea03fd4cbe1dca1c9586d47245e36aad66546d1864601
e8aac0b7a7c3e3c17c621bf5bb24c098a602e4ad0c2867598f40d5ee49eca425
f6b612c54d2b6565e5ffda3c63bf3458c7ccfa50a3f25951444034fbdad015c7
fe38d4f12095ee34c4afdd384cf7b38e9c70b23e3507aabc7ee8bd0a7d5ba855