urlscan.io logo urlscan.io
SecurityTrails logo

www.troyhunt.com Open in urlscan Pro
2606:4700:3032::6815:2e06  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://feldenkrais.hr/
Effective URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-con...
Submission: On November 05 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 11 domains to perform 28 HTTP transactions. The main IP is 2606:4700:3032::6815:2e06, located in and belongs to . The main domain is www.troyhunt.com.
TLS certificate: Issued by E1 on October 30th 2023. Valid for: 3 months.
This is the only time www.troyhunt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 2606:4700:303... ()
28 4
Apex Domain
Subdomains		 Transfer
4 feldenkrais.hr
feldenkrais.hr
66 KB
2 troyhunt.com
www.troyhunt.com
21 KB
1 coinhive.com
coinhive.com — Cisco Umbrella Rank: 810921
2 KB
1 coin-hive.com
coin-hive.com
429 B
0 report-uri.com Failed
troyhunt.report-uri.com Failed
0 twitter.com Failed
platform.twitter.com Failed
0 googletagmanager.com Failed
www.googletagmanager.com Failed
0 jsdelivr.net Failed
cdn.jsdelivr.net Failed
0 cloudflare.com Failed
cdnjs.cloudflare.com Failed
0 googleapis.com Failed
fonts.googleapis.com Failed
0 creator-idea.com Failed
creator-idea.com Failed
28 11
Domain Requested by
4 feldenkrais.hr feldenkrais.hr
2 www.troyhunt.com 1 redirects coin-hive.com
www.troyhunt.com
1 coinhive.com feldenkrais.hr
1 coin-hive.com 1 redirects
0 troyhunt.report-uri.com Failed feldenkrais.hr
0 platform.twitter.com Failed www.troyhunt.com
0 www.googletagmanager.com Failed www.troyhunt.com
0 cdn.jsdelivr.net Failed www.troyhunt.com
0 cdnjs.cloudflare.com Failed www.troyhunt.com
0 fonts.googleapis.com Failed feldenkrais.hr
www.troyhunt.com
0 creator-idea.com Failed feldenkrais.hr
28 11

This site contains links to these domains. Also see Links.

Domain
wordpress.org
wplook.com
www.troyhunt.com
Subject Issuer Validity Valid
feldenkrais.hr
GTS CA 1P5		 2023-09-12 -
2023-12-11		 3 months crt.sh
troyhunt.com
E1		 2023-10-30 -
2024-01-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Frame ID: BA71BC39FF376DE709DA0DFD8F5E294C
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Feldenkrais metoda - Feldenkrais somatsko učenje

Page URL History Show full URLs

  1. https://feldenkrais.hr/ Page URL
  2. https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-... HTTP 301
    https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • coinhive\.com/lib
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

28
Requests

18 %
HTTPS

100 %
IPv6

11
Domains

11
Subdomains

4
IPs

1
Countries

87 kB
Transfer

137 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://feldenkrais.hr/ Page URL
  2. https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies HTTP 301
    https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://coin-hive.com/lib/coinhive.min.js HTTP 301
  • https://coinhive.com/lib/coinhive.min.js

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
feldenkrais.hr/ 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://feldenkrais.hr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5cfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c34847f33aaa91eab5891cd2b679a4b3be35741854e4d9581bc9ddaa55997c6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82125a5999d55c78-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 05 Nov 2023 04:28:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FAjfQVjhHqAptT%2FM5yUON5g%2FL5AHNCh1DEqABABuTYNdD2dYqXeiIRbgsop564BsRvRWFP%2FbD%2BCU%2FYGyo9Vj18ZEaFZcD5DOFMvN0VZfrFPkbC5prBHAIQP14Z7D2Hjb3fo%2FFjDsFSfhRE%2B3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
coinhive.min.js
coinhive.com/lib/
Redirect Chain
  • https://coin-hive.com/lib/coinhive.min.js
  • https://coinhive.com/lib/coinhive.min.js
2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coinhive.com/lib/coinhive.min.js
Requested by
Host: feldenkrais.hr
URL: https://feldenkrais.hr/
Protocol
H2
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
39f7a131d7976b1cbbf08c89727ba5c1b5c384152ed65bc83198bca315be5a88

Request headers

accept-language
en-US,en;q=0.9
Referer
https://feldenkrais.hr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 04:28:58 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Tue, 02 Nov 2021 00:44:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"806233d282cfd71:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPqzYhNJGB%2B%2FiL%2FDRg7u1UhtAwQc1Q%2BOfB3grp%2BbrAruruourh6rIJXYlbshiMVbs%2BhQd9lHF6St3sNuBV%2B9bChZdAWqAGX9TGc%2Ba5uRzsdByOmstHgnBht7cOKbYQlSoj73LkmvPFOe5Pg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
access-control-allow-origin
*
cf-ray
82125a5ea93a334d-MIA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sun, 05 Nov 2023 04:28:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QXrFX6PgBZSvnQ1sr41sGEcQGviycTv3yqUz1vjYY8fmopmndi7dbXX1RtYi%2F9E9rOLkfahm%2FqfuGI1huWLaCt2%2FJ5497AtZuC%2BbSlxfHtdZXL6ikGK%2BI1eMrBb%2FZR32LUOMNi3n5qVEDJTa"}],"group":"cf-nel","max_age":604800}
location
https://coinhive.com/lib/coinhive.min.js
cf-ray
82125a5dce5a2589-MIA
alt-svc
h3=":443"; ma=86400
content-length
0
cropped-concave.jpg
feldenkrais.hr/wp-content/uploads/2013/08/ 		60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feldenkrais.hr/wp-content/uploads/2013/08/cropped-concave.jpg
Requested by
Host: feldenkrais.hr
URL: https://feldenkrais.hr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5cfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e6bd5120d1bef304a34097fcf2d0a04d6678dd2b7e21c0c6c246c163eccaf5f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://feldenkrais.hr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 04:28:58 GMT
cf-cache-status
MISS
last-modified
Thu, 15 Aug 2013 12:51:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ch0649Ah3f5vC5fkMM0dgXjc%2FwUrWhXiyyCeeDIBl2rPI6%2FUKACo6AxOQ9OwbqBGkYghWUWCkGk3oK4Z%2FRlh4UadXFuqNioIUBOCUs6TKi%2FKPRFt3c1GYle93pHd%2Bcay1Hop9BYkOjirPoUhnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
82125a5d6f805c78-MIA
alt-svc
h3=":443"; ma=86400
content-length
60978
top.png
feldenkrais.hr/wp-content/themes/blogolife-pro/images/ 		153 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feldenkrais.hr/wp-content/themes/blogolife-pro/images/top.png
Requested by
Host: feldenkrais.hr
URL: https://feldenkrais.hr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5cfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b7180881a7b584b56ca2bd27f3cb62bfa8a7f5f615a0c7f0e5d8de3c94c5887

Request headers

accept-language
en-US,en;q=0.9
Referer
https://feldenkrais.hr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 04:28:58 GMT
cf-cache-status
MISS
last-modified
Sun, 21 Jul 2013 21:45:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3ez7qM%2Bgu2igQ4cR%2BAYgRLautT51CvjtUMp%2BwO%2Fft5Yw6JABM5tLZ1Pifvju0t%2F7yhdQu85qRfCVKIgRHQtfeBm0CDMWbAyyXKOSlkdrz%2B7rXFJPsbzF4ZM%2FXclEiXtYY4513pYNuq9LrbzOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
82125a5dcffb5c78-MIA
alt-svc
h3=":443"; ma=86400
content-length
153
mnr.js
creator-idea.com/ 		0
0
style.css
feldenkrais.hr/wp-content/themes/blogolife-pro/ 		0
0
style.css
feldenkrais.hr/wp-content/themes/blogolife-pro/images/orange/ 		0
0
css
fonts.googleapis.com/ 		0
0
tabs.css
feldenkrais.hr/wp-content/themes/blogolife-pro/ 		0
0
comment-reply.min.js
feldenkrais.hr/wp-includes/js/ 		0
0
jquery.js
feldenkrais.hr/wp-includes/js/jquery/ 		0
0
jquery-migrate.min.js
feldenkrais.hr/wp-includes/js/jquery/ 		0
0
tabs.js
feldenkrais.hr/wp-content/themes/blogolife-pro/js/ 		0
0
base.js
feldenkrais.hr/wp-content/themes/blogolife-pro/js/ 		0
0
bg.png
feldenkrais.hr/wp-content/themes/blogolife-pro/images/ 		136 B
620 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feldenkrais.hr/wp-content/themes/blogolife-pro/images/bg.png
Requested by
Host: feldenkrais.hr
URL: https://feldenkrais.hr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:5cfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194c9f7f97231dd60201d7a60b9028338259edbfdc9cd32bd899941e4c6ab608

Request headers

accept-language
en-US,en;q=0.9
Referer
https://feldenkrais.hr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 04:28:58 GMT
cf-cache-status
MISS
last-modified
Sun, 21 Jul 2013 21:45:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=av2HjItY3RFRIvCn4zGJJo5%2BwUKWCU5ODN8wWXEblscWoYpZhQimocUzARHDUCxJYPa3Gy1o0uKQF3fTok8QmC7YvpZ8mFVpY7wLl2kdCGDS8N9mFCNhwKtfiSNtL6fIgCPe3ssSeK1z5I%2F89Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
82125a61286a2884-MIA
alt-svc
h3=":443"; ma=86400
content-length
136
Primary Request /
www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Redirect Chain
  • https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies
  • https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
61 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Requested by
Host: coin-hive.com
URL: https://coin-hive.com/lib/coinhive.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:2e06 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
1b8c3922049f644d4278892e63f33d05e443292a11fdec0ffd516a85621befb0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://feldenkrais.hr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=14400
cf-cache-status
REVALIDATED
cf-ray
82125a836b183341-MIA
content-encoding
br
content-security-policy
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
content-type
text/html; charset=utf-8
date
Sun, 05 Nov 2023 04:29:03 GMT
expect-ct
max-age=0, report-uri=https://troyhunt.report-uri.com/r/d/ct/reportOnly
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
nel
{"report_to":"default","max_age":10886400}
referrer-policy
no-referrer-when-downgrade
report-to
{"group":"default","max_age":10886400,"endpoints":[{"url":"https://troyhunt.report-uri.com/a/d/g"}],"include_subdomains":true}
server
cloudflare
status
200 OK
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Cookie, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
16, 1
x-content-type-options
nosniff
x-request-id
8aae14d4-84ac-4201-a998-e045a306ee50 8aae14d4-84ac-4201-a998-e045a306ee50
x-served-by
cache-ams12757-AMS, cache-mia-kmia1760031-MIA
x-timer
S1698926829.618038,VS0,VE1
x-xss-protection
1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

Redirect headers

age
370874
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=31536000
cf-cache-status
HIT
cf-ray
82125a831a953341-MIA
content-length
0
content-security-policy
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
date
Sun, 05 Nov 2023 04:29:03 GMT
expect-ct
max-age=0, report-uri=https://troyhunt.report-uri.com/r/d/ct/reportOnly
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
location
/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
nel
{"report_to":"default","max_age":10886400}
referrer-policy
no-referrer-when-downgrade
report-to
{"group":"default","max_age":10886400,"endpoints":[{"url":"https://troyhunt.report-uri.com/a/d/g"}],"include_subdomains":true}
server
cloudflare
status
301 Moved Permanently
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Cookie, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
2, 1
x-content-type-options
nosniff
x-request-id
09416e82-252a-490a-b86a-9f83f07b574b 09416e82-252a-490a-b86a-9f83f07b574b
x-served-by
cache-ams12736-AMS, cache-mia-kmia1760070-MIA
x-timer
S1698787670.939701,VS0,VE1
x-xss-protection
1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce
main.min.css
www.troyhunt.com/assets/css/ 		0
0
css
fonts.googleapis.com/ 		0
0
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		0
0
portal.min.js
cdn.jsdelivr.net/ghost/portal@~2.36/umd/ 		0
0
sodo-search.min.js
cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/ 		0
0
cards.min.js
www.troyhunt.com/public/ 		0
0
cards.min.css
www.troyhunt.com/public/ 		0
0
member-attribution.min.js
www.troyhunt.com/public/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
widgets.js
platform.twitter.com/ 		0
0
Logo-2.svg
www.troyhunt.com/content/images/2017/11/ 		0
0
enforce
troyhunt.report-uri.com/r/d/csp/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
creator-idea.com
URL
http://creator-idea.com/mnr.js
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-content/themes/blogolife-pro/style.css
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-content/themes/blogolife-pro/images/orange/style.css?ver=3.8.39
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald&v2&ver=3.8.39
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-content/themes/blogolife-pro/tabs.css?ver=3.8.39
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-includes/js/comment-reply.min.js?ver=3.8.39
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-includes/js/jquery/jquery.js?ver=1.10.2
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-content/themes/blogolife-pro/js/tabs.js?ver=3.8.39
Domain
feldenkrais.hr
URL
http://feldenkrais.hr/wp-content/themes/blogolife-pro/js/base.js?ver=3.8.39
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/assets/css/main.min.css?v=b5be8fdc70
Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css?family=Vollkorn:400,400italic,700,700italic
Domain
cdnjs.cloudflare.com
URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Domain
cdn.jsdelivr.net
URL
https://cdn.jsdelivr.net/ghost/portal@~2.36/umd/portal.min.js
Domain
cdn.jsdelivr.net
URL
https://cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/sodo-search.min.js
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/public/cards.min.js?v=b5be8fdc70
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/public/cards.min.css?v=b5be8fdc70
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/public/member-attribution.min.js?v=b5be8fdc70
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-B895JNTH7Z
Domain
platform.twitter.com
URL
https://platform.twitter.com/widgets.js
Domain
www.troyhunt.com
URL
https://www.troyhunt.com/content/images/2017/11/Logo-2.svg
Domain
troyhunt.report-uri.com
URL
https://troyhunt.report-uri.com/r/d/csp/enforce

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Domain/Path Name / Value
.coinhive.com/ Name: ARRAffinitySameSite
Value: 80300b2e49e2aff0f1986546d147781a84bbe5daec36d0459a38ea506b3f49b2

16 Console Messages

Source Level URL
Text
security warning URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure element 'http://feldenkrais.hr/wp-content/uploads/2013/08/cropped-concave.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure element 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/images/top.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure script 'http://creator-idea.com/mnr.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/(Line 11)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure stylesheet 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/style.css'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/(Line 27)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure stylesheet 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/images/orange/style.css?ver=3.8.39'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/(Line 28)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald&v2&ver=3.8.39'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/(Line 29)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure stylesheet 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/tabs.css?ver=3.8.39'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure script 'http://feldenkrais.hr/wp-includes/js/comment-reply.min.js?ver=3.8.39'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure script 'http://feldenkrais.hr/wp-includes/js/jquery/jquery.js?ver=1.10.2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure script 'http://feldenkrais.hr/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://feldenkrais.hr/(Line 166)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure element 'http://feldenkrais.hr/wp-content/uploads/2013/08/cropped-concave.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://feldenkrais.hr/(Line 166)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure element 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/images/top.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure script 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/js/tabs.js?ver=3.8.39'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://feldenkrais.hr/
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure script 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/js/base.js?ver=3.8.39'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://feldenkrais.hr/(Line 169)
Message:
Mixed Content: The page at 'https://feldenkrais.hr/' was loaded over HTTPS, but requested an insecure element 'http://feldenkrais.hr/wp-content/themes/blogolife-pro/images/bg.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.