urlscan.io logo urlscan.io
SecurityTrails logo

blog.extremehacking.org Open in urlscan Pro
43.225.55.205  Public Scan

Go To Rescan Add Verdict Report
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Submission: On April 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 11 domains to perform 59 HTTP transactions. The main IP is 43.225.55.205, located in United Arab Emirates and belongs to PUBLIC-DOMAIN-REGISTRY, US. The main domain is blog.extremehacking.org.
This is the only time blog.extremehacking.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

20    43.225.55.205 (United Arab Emirates)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cp-in-6.webhostbox.net
blog.extremehacking.org
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
11    2600:9000:2182:8400:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
w.sharethis.com
ws.sharethis.com
1    141.94.130.128 (France)

ASN16276 (OVH, FR)
PTR: ns31442138.ip-141-94-130.eu
i.postimg.cc
8    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
apis.google.com
2    35.156.233.6 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-233-6.eu-central-1.compute.amazonaws.com
l.sharethis.com
5    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
ssl.gstatic.com
5    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
static.xx.fbcdn.net
1    2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:82a::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
3    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
20 extremehacking.org
blog.extremehacking.org
585 KB
13 sharethis.com
w.sharethis.com — Cisco Umbrella Rank: 17486
ws.sharethis.com — Cisco Umbrella Rank: 7491
l.sharethis.com — Cisco Umbrella Rank: 4215
94 KB
9 google.com
apis.google.com — Cisco Umbrella Rank: 91
www.google.com — Cisco Umbrella Rank: 2
accounts.google.com — Cisco Umbrella Rank: 70
135 KB
5 gstatic.com
fonts.gstatic.com
ssl.gstatic.com
151 KB
3 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 652
142 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
24 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 131
85 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
1 postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 20172
42 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 53
38 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 39
1 KB
59 11
Domain Requested by
20 blog.extremehacking.org blog.extremehacking.org
9 ws.sharethis.com w.sharethis.com
ws.sharethis.com
blog.extremehacking.org
6 apis.google.com ws.sharethis.com
apis.google.com
accounts.google.com
4 fonts.gstatic.com fonts.googleapis.com
3 static.xx.fbcdn.net www.facebook.com
3 www.facebook.com connect.facebook.net
blog.extremehacking.org
2 accounts.google.com apis.google.com
blog.extremehacking.org
2 connect.facebook.net blog.extremehacking.org
connect.facebook.net
2 l.sharethis.com w.sharethis.com
blog.extremehacking.org
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 w.sharethis.com 1 redirects blog.extremehacking.org
1 ssl.gstatic.com accounts.google.com
1 www.google.com apis.google.com
1 i.postimg.cc blog.extremehacking.org
1 www.googletagmanager.com blog.extremehacking.org
1 fonts.googleapis.com blog.extremehacking.org
59 16
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
postimg.cc
R3		 2022-04-07 -
2022-07-06		 3 months crt.sh
sharethis.com
Amazon		 2021-07-19 -
2022-08-17		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-02-04 -
2022-05-05		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh

This page contains 6 frames:

Primary Page: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Frame ID: EFB5D1F0DEE8C50E6CEB9520DE2309BA
Requests: 43 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&count=false&origin=http%3A%2F%2Fblog.extremehacking.org&url=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Frame ID: E951208CA5E723EF8597FCD4776B0B65
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fblog.extremehacking.org&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Frame ID: 4E7355F386825EC4690A1C2057E9EC76
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/like.php?action=&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c44c89bf67638%26domain%3Dblog.extremehacking.org%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fblog.extremehacking.org%252Ff3bfa9d54c6e07c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false
Frame ID: 22F1C6018F7FB5303117E859C489F03F
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&connections=
Frame ID: 6649073CC7C88BF3A4053873FBDCE74F
Requests: 2 HTTP requests in this frame

Frame: https://ws.sharethis.com/secure5x/index.html
Frame ID: 083AB428E0E3FD6630B6E14C0F333D7F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Powershell, the Gandcrab infection and the long-forgotten server -

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /revslider/[/\w-]+/js
Overall confidence: 100%
Detected patterns
  • w\.sharethis\.com/
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

59
Requests

54 %
HTTPS

75 %
IPv6

11
Domains

16
Subdomains

12
IPs

4
Countries

1319 kB
Transfer

3776 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • http://w.sharethis.com/button/buttons.js HTTP 301
  • https://w.sharethis.com/button/buttons.js
Request Chain 32
  • http://connect.facebook.net/en_US/sdk.js HTTP 307
  • https://connect.facebook.net/en_US/sdk.js
Request Chain 52
  • http://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&connections= HTTP 307
  • https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&connections=

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/ 		216 KB
58 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
nginx/1.17.6 /
Resource Hash
7b5c11bae820e9775ee778937cced456125ea6df362accbc5b55b538b51952c8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 27 Apr 2022 19:21:35 GMT
Link
<http://blog.extremehacking.org/wp-json/>; rel="https://api.w.org/", <http://blog.extremehacking.org/wp-json/wp/v2/posts/7404>; rel="alternate"; type="application/json", <http://blog.extremehacking.org/?p=7404>; rel=shortlink
Server
nginx/1.17.6
Transfer-Encoding
chunked
Vary
Accept-Encoding,User-Agent
X-Pingback
http://blog.extremehacking.org/xmlrpc.php
X-Server-Cache
false
style.min.css
blog.extremehacking.org/wp-includes/css/dist/block-library/ 		81 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:35 GMT
Content-Encoding
gzip
Last-Modified
Sun, 24 Apr 2022 15:26:49 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
16047
style.css
blog.extremehacking.org/wp-content/plugins/share-this/css/ 		264 B
457 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/plugins/share-this/css/style.css?ver=5.9.3
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
918af567de57ab7349f6c8978d908f66ac0dd756b044330778ce1e0cdef6b9a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:35 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Oct 2016 05:09:27 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
176
settings.css
blog.extremehacking.org/wp-content/plugins/revslider/rs-plugin/css/ 		54 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/plugins/revslider/rs-plugin/css/settings.css?ver=4.6.92
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
8cf272f71df4c1da72cc6cac3e29e1099160a69a96825a6491783b41ed68e217

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:35 GMT
Content-Encoding
gzip
Last-Modified
Thu, 18 Jun 2015 17:37:56 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
14182
public.css
blog.extremehacking.org/wp-content/plugins/popups/public/assets/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/plugins/popups/public/assets/css/public.css?ver=1.9.3.8
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
37c558263ba695539d83e2b57c33595763d1b7b36e27e4d2b0a654ef00027690

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jan 2022 14:55:19 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Connection
Upgrade
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
1662
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=PT+Sans%3A400%2C400italic%2C700%2C700italic%7CAntic+Slab%3A400%2C400italic%2C700%2C700italic&subset=latin&ver=5.9.3
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3be5e97353bb264fd4053ece052b1174a389019313da2875dae7cab29ee28d5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
X-XSS-Protection
0
Last-Modified
Wed, 27 Apr 2022 19:21:35 GMT
Server
ESF
Cross-Origin-Opener-Policy
same-origin-allow-popups
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin
*
Link
<http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires
Wed, 27 Apr 2022 19:21:35 GMT
style.css
blog.extremehacking.org/wp-content/themes/Avada/ 		343 KB
68 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/style.css?ver=3.8.4
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
23fd88de60babaa196600564578f87d76d3e86831360892c48bb281c7c7243e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Thu, 18 Jun 2015 17:29:55 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Transfer-Encoding
chunked
Connection
Upgrade
Accept-Ranges
bytes
Content-Type
text/css
font-awesome.css
blog.extremehacking.org/wp-content/themes/Avada/assets/fonts/fontawesome/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/assets/fonts/fontawesome/font-awesome.css?ver=3.8.4
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 May 2015 02:15:12 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
5460
ilightbox.css
blog.extremehacking.org/wp-content/themes/Avada/ 		59 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/ilightbox.css?ver=3.8.4
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
ffa024b7d27f26f77b9d5d0935a4a488f40a2b6c4929f8941ef2f516a2fb08c4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 May 2015 02:15:12 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
13241
animations.css
blog.extremehacking.org/wp-content/themes/Avada/ 		48 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/animations.css?ver=3.8.4
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
6798098b268879f96180736f0f3eb58f416d2735bf76eab193e4bc5c1cd48e07

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 May 2015 02:15:12 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
3871
jquery.min.js
blog.extremehacking.org/wp-includes/js/jquery/ 		87 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jan 2022 14:47:33 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
jquery-migrate.min.js
blog.extremehacking.org/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jan 2022 14:47:33 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
4618
jquery.themepunch.tools.min.js
blog.extremehacking.org/wp-content/plugins/revslider/rs-plugin/js/ 		98 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?ver=4.6.92
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
366649c6c2d9f225b735a5ff4fdacdcf330ef4641061f219d8d39bd262b35e67

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Thu, 18 Jun 2015 17:37:56 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
jquery.themepunch.revolution.min.js
blog.extremehacking.org/wp-content/plugins/revslider/rs-plugin/js/ 		107 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.6.92
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
7e5efee0efab67664f43a04820573d1631e792052aeeedb3163b6d0579ec3e34

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Content-Encoding
gzip
Last-Modified
Thu, 18 Jun 2015 17:37:56 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
js
www.googletagmanager.com/gtag/ 		98 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-90768654-1&ver=5.9.3
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7f30d4650a79d9ec3bbfd904f25cb2c62ff44eb0b36b7e302265dfcfb2606489
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 19:21:35 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38808
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 27 Apr 2022 19:21:35 GMT
buttons.js
w.sharethis.com/button/
Redirect Chain
  • http://w.sharethis.com/button/buttons.js
  • https://w.sharethis.com/button/buttons.js
59 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://w.sharethis.com/button/buttons.js
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
7ba38c636940db54018406db91e3a02040d14fd6ce7dabf8bdb011067ba8eb41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 24 Apr 2022 20:22:36 GMT
content-encoding
gzip
vary
Accept-Encoding
age
255539
x-cache
Hit from cloudfront
content-length
16739
server
nginx/1.20.1
etag
W/"61e1c3a2-ea95"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
DUS51-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
W_L-N-LHieYoBr2F6ZDewiEreu7OQdbFutvTPLBa4r-YJs-bVbx-cg==
expires
Wed, 27 Apr 2022 20:22:36 GMT

Redirect headers

Date
Wed, 27 Apr 2022 19:21:35 GMT
Via
1.1 2395e6175733260a159a0b484ed8febc.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
DUS51-C1
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://w.sharethis.com/button/buttons.js
Connection
keep-alive
Content-Length
183
X-Amz-Cf-Id
w2HX942u8Ilw2KSMdfpBilmUWjslEVyWsXAD5Zqcd1E3R_Iltv4TfA==
wp-emoji-release.min.js
blog.extremehacking.org/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jan 2022 14:47:33 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
5243
logo16.png
blog.extremehacking.org/wp-content/uploads/2017/10/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://blog.extremehacking.org/wp-content/uploads/2017/10/logo16.png
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
c9b5f0ee3a85b6f6344c29ad0d80dd9c58a267db1e85161d14e9421486322808

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Last-Modified
Fri, 13 Oct 2017 08:15:59 GMT
Server
Apache
Accept-Ranges
bytes
Content-Length
8403
Content-Type
image/png
shutterstock-keyboard-pain.jpg
i.postimg.cc/2yxmW3VT/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.postimg.cc/2yxmW3VT/shutterstock-keyboard-pain.jpg
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.94.130.128 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31442138.ip-141-94-130.eu
Software
nginx /
Resource Hash
9be8d74d3f3106bd50242173a00ba7a7eac4a3a152cd77b9c221bdc0449fb697

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 19:21:37 GMT
last-modified
Tue, 30 Apr 2019 09:49:06 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
43062
expires
Thu, 31 Dec 2037 23:55:55 GMT
public.js
blog.extremehacking.org/wp-content/plugins/popups/public/assets/js/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/plugins/popups/public/assets/js/public.js?ver=1.9.3.8
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
5881b4f2ae1a4f45ae43f7b68d1fde8de01885d0c05ba9e35d135bf21c6d3e8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jan 2022 14:55:19 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
10486
comment-reply.min.js
blog.extremehacking.org/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-includes/js/comment-reply.min.js?ver=5.9.3
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Content-Encoding
gzip
Last-Modified
Sun, 24 Apr 2022 15:26:49 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
1472
main.min.js
blog.extremehacking.org/wp-content/themes/Avada/assets/js/ 		564 KB
200 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/assets/js/main.min.js?ver=3.8.4
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
4f0bf60ccd1fa3e1c3f789342c2d28aeba8bf72e58a3f3bc05165a21a3d7b6a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 May 2015 02:15:12 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-90768654-1&ver=5.9.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
6406
date
Wed, 27 Apr 2022 17:34:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 27 Apr 2022 19:34:50 GMT
async-buttons.js
ws.sharethis.com/button/ 		89 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/async-buttons.js
Requested by
Host: w.sharethis.com
URL: http://w.sharethis.com/button/buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
38bdaa6ffa7c071fd9af7eb4fc6e34125cbac8965ad71fb0e93a0d2140dd2842
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:34:58 GMT
content-encoding
gzip
vary
Accept-Encoding
age
99998
x-cache
Hit from cloudfront
content-length
18813
server
nginx/1.20.1
etag
W/"61e1c3fb-16245"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
DUS51-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
yAvWEtUDFEv0fi08m83QdaTGvdkwpr-aQFRsxMhENLvYPnEoBBSh9w==
expires
Fri, 29 Apr 2022 15:34:58 GMT
pview
l.sharethis.com/ 		0
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1651087296874.12601&hostname=blog.extremehacking.org&location=%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&product=widget&fcmp=false&fcmpv2=false&publisher=ur.00000000-0000-0000-0000-000000000000&url=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&title=Powershell%2C%20the%20Gandcrab%20infection%20and%20the%20long-forgotten%20server%20-&sop=false&description=Institute%20For%20Ethical%20Hacking%20Course%C2%A0and%C2%A0Ethical%20Hacking%20Training%20in%20Pune%20%E2%80%93%20India%20Extreme%20Hacking%C2%A0%7C%C2%A0Sadik%20Shaikh%C2%A0%7C%C2%A0Cyber%20Suraksha%20Abhiyan%20Credits%3A%20The%20Register%20CyberUK%202019%C2%A0If%20your%20hair%20isn%E2%80%99t%20already%20grey%20enough%2C%20GCHQ%20staff%20have%20revealed%20a%20handful%20of%20infosec%20incidents%20that%2C%20in%20their%20words%2C%20%E2%80%9Csurprised%20us%E2%80%9D.%20During%20a%20talk%20at%20CyberUK%202019%2C%20the%20annual%20shindig%20of%20the%20spy%20agency%E2%80%99s%20%5B%E2%80%A6%5D
Requested by
Host: w.sharethis.com
URL: http://w.sharethis.com/button/buttons.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.233.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-233-6.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
http://blog.extremehacking.org
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
page_title_bg.png
blog.extremehacking.org/wp-content/themes/Avada/assets/images/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/assets/images/page_title_bg.png
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
6490da8fa414a3ee09c42b4b0557ee396bd60c3dd7654c9df31c50f35a3fa122

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Last-Modified
Tue, 05 May 2015 02:15:12 GMT
Server
Apache
Accept-Ranges
bytes
Content-Length
50495
Content-Type
image/png
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExQ.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=PT+Sans%3A400%2C400italic%2C700%2C700italic%7CAntic+Slab%3A400%2C400italic%2C700%2C700italic&subset=latin&ver=5.9.3
Protocol
HTTP/1.1
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://blog.extremehacking.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 20:25:39 GMT
X-Content-Type-Options
nosniff
Age
600957
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
45300
X-XSS-Protection
0
Last-Modified
Wed, 26 Jan 2022 18:57:55 GMT
Server
sffe
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="apps-themes"
Expires
Thu, 20 Apr 2023 20:25:39 GMT
icomoon.woff
blog.extremehacking.org/wp-content/themes/Avada/assets/fonts/icomoon/ 		13 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://blog.extremehacking.org/wp-content/themes/Avada/assets/fonts/icomoon/icomoon.woff
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/wp-content/themes/Avada/style.css?ver=3.8.4
Protocol
HTTP/1.1
Server
43.225.55.205 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-in-6.webhostbox.net
Software
Apache /
Resource Hash
e51758d5e703f432f96cab57225430c9a58f63a40e383d9485566bc9de5c40df

Request headers

Referer
http://blog.extremehacking.org/wp-content/themes/Avada/style.css?ver=3.8.4
Origin
http://blog.extremehacking.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:37 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 May 2015 02:15:12 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
font/woff
Accept-Ranges
bytes
Content-Length
8296
bWt97fPFfRzkCa9Jlp6IacVcXA.woff2
fonts.gstatic.com/s/anticslab/v16/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/anticslab/v16/bWt97fPFfRzkCa9Jlp6IacVcXA.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=PT+Sans%3A400%2C400italic%2C700%2C700italic%7CAntic+Slab%3A400%2C400italic%2C700%2C700italic&subset=latin&ver=5.9.3
Protocol
HTTP/1.1
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c478d59cd9c14ded18169933a9703a61220b737631fa08035f626f45867c134
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://blog.extremehacking.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 19:29:40 GMT
X-Content-Type-Options
nosniff
Age
604316
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
12136
X-XSS-Protection
0
Last-Modified
Tue, 19 Apr 2022 18:27:59 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Thu, 20 Apr 2023 19:29:40 GMT
jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v16/ 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/ptsans/v16/jizfRExUiTo99u79B_mh0O6tLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=PT+Sans%3A400%2C400italic%2C700%2C700italic%7CAntic+Slab%3A400%2C400italic%2C700%2C700italic&subset=latin&ver=5.9.3
Protocol
HTTP/1.1
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://blog.extremehacking.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 20:15:02 GMT
X-Content-Type-Options
nosniff
Age
601594
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
47048
X-XSS-Protection
0
Last-Modified
Wed, 26 Jan 2022 18:57:46 GMT
Server
sffe
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="apps-themes"
Expires
Thu, 20 Apr 2023 20:15:02 GMT
jizYRExUiTo99u79D0e0x8mI.woff2
fonts.gstatic.com/s/ptsans/v16/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/ptsans/v16/jizYRExUiTo99u79D0e0x8mI.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=PT+Sans%3A400%2C400italic%2C700%2C700italic%7CAntic+Slab%3A400%2C400italic%2C700%2C700italic&subset=latin&ver=5.9.3
Protocol
HTTP/1.1
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
595c14bd7589b069e4570ba658cfab8850611639e8a077ca84ef263bfa4671f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://blog.extremehacking.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 21:23:22 GMT
X-Content-Type-Options
nosniff
Age
597494
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
42500
X-XSS-Protection
0
Last-Modified
Wed, 26 Jan 2022 18:57:45 GMT
Server
sffe
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="apps-themes"
Expires
Thu, 20 Apr 2023 21:23:22 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1651087296874.12601&hostname=blog.extremehacking.org&location=%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&product=widget&fcmp=false&fcmpv2=false&publisher=ur.00000000-0000-0000-0000-000000000000&url=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&title=Powershell%2C%20the%20Gandcrab%20infection%20and%20the%20long-forgotten%20server%20-&sop=false&description=Institute%20For%20Ethical%20Hacking%20Course%C2%A0and%C2%A0Ethical%20Hacking%20Training%20in%20Pune%20%E2%80%93%20India%20Extreme%20Hacking%C2%A0%7C%C2%A0Sadik%20Shaikh%C2%A0%7C%C2%A0Cyber%20Suraksha%20Abhiyan%20Credits%3A%20The%20Register%20CyberUK%202019%C2%A0If%20your%20hair%20isn%E2%80%99t%20already%20grey%20enough%2C%20GCHQ%20staff%20have%20revealed%20a%20handful%20of%20infosec%20incidents%20that%2C%20in%20their%20words%2C%20%E2%80%9Csurprised%20us%E2%80%9D.%20During%20a%20talk%20at%20CyberUK%202019%2C%20the%20annual%20shindig%20of%20the%20spy%20agency%E2%80%99s%20%5B%E2%80%A6%5D&description=Institute%20For%20Ethical%20Hacking%20Course%C2%A0and%C2%A0Ethical%20Hacking%20Training%20in%20Pune%20%E2%80%93%20India%20Extreme%20Hacking%C2%A0%7C%C2%A0Sadik%20Shaikh%C2%A0%7C%C2%A0Cyber%20Suraksha%20Abhiyan%20Credits%3A%20The%20Register%20CyberUK%202019%C2%A0If%20your%20hair%20isn%E2%80%99t%20already%20grey%20enough%2C%20GCHQ%20staff%20have%20revealed%20a%20handful%20of%20infosec%20incidents%20that%2C%20in%20their%20words%2C%20%E2%80%9Csurprised%20us%E2%80%9D.%20During%20a%20talk%20at%20CyberUK%202019%2C%20the%20annual%20shindig%20of%20the%20spy%20agency%E2%80%99s%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.233.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-233-6.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 27 Apr 2022 19:21:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
buttons-secure.css
ws.sharethis.com/button/css/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/css/buttons-secure.css
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 03:10:18 GMT
content-encoding
gzip
last-modified
Fri, 14 Jan 2022 18:42:03 GMT
server
nginx/1.20.1
age
58278
etag
W/"61e1c3fb-5a76"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex, nofollow
content-length
3851
x-amz-cf-id
oKA6kPRY6yqiC8AQp7rZaL-k39OPqLo3kkt-yW6_0F9bnuSeUK95NQ==
sdk.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/sdk.js
  • https://connect.facebook.net/en_US/sdk.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
96ee78409d549a312cbe8bdaa865861731721bb023be758151621b939b6d6cef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
gOWbuzPB26vWjPQth0NLgA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1688
x-fb-rlafr
0
x-fb-debug
4dOy4ePA7725GQrib1/DAfM0HHrX2jKHpjfbHv4AyrxYBxpg+TaZaD2vL32ACd/J+n+DGR7Y+JX8Vkejwuf/Mg==
x-fb-trip-id
917726464
x-fb-content-md5
828858bd6f732d62e46cd56c8182f040
x-frame-options
DENY
date
Wed, 27 Apr 2022 19:21:36 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"6d5a8f12b610cba659f699caf76e08e3"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 27 Apr 2022 19:31:19 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/sdk.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
plusone.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a46e721738fe773283959d5c78be8e4b74f398ef65efddcc2bc8b2c87f6b02b
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20362
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
date
Wed, 27 Apr 2022 19:21:37 GMT
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"63dec9bbc38e8ea1"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Apr 2022 19:21:37 GMT
facebook_counter.png
ws.sharethis.com/images/2017/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ws.sharethis.com/images/2017/facebook_counter.png
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
3488c49147b809d1e457c14a37bf3a79b0455fd159c121325e8f737eea45eb75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 22:06:35 GMT
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
server
nginx/1.20.1
age
5260500
etag
"61e1c39c-977"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
2423
x-amz-cf-id
kvUh1T72nPferT5a93m4tfiuQBxgDy9ruZ2uxraaNSLWkefLzOXmLw==
expires
Sat, 25 Feb 2023 22:06:35 GMT
twitter_counter.png
ws.sharethis.com/images/2017/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ws.sharethis.com/images/2017/twitter_counter.png
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
aeae37bae2130513ef8b5ea4fde8fd776b32ff8969b848b59399a63d9455e29a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sat, 12 Mar 2022 00:45:40 GMT
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
server
nginx/1.20.1
age
4041356
etag
"61e1c39c-9ae"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
2478
x-amz-cf-id
22AfpDe87bS6rnJ8CpKB1HQNdUmSjcqBuomAS-RaG_Q9v6mlaNmi7Q==
expires
Sun, 12 Mar 2023 00:45:40 GMT
email_counter.png
ws.sharethis.com/images/2017/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ws.sharethis.com/images/2017/email_counter.png
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
af6c4b21f7b4a51cf290db1dc17ff613cd7db54e14574587bebb6b9cf2a2082d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 05:51:38 GMT
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
server
nginx/1.20.1
age
20438998
etag
"612ef1b8-741"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
1857
x-amz-cf-id
R1PjPmT86Trv3fQvUlOwdMfV7FidDuoXryKBnb0z4UvhvY9tMoKNEg==
expires
Sat, 03 Sep 2022 05:51:38 GMT
sharethis_counter.png
ws.sharethis.com/images/2017/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ws.sharethis.com/images/2017/sharethis_counter.png
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
4e2b38b4f0180fd5671604c482ae7b38eaa7d3b008099314bd261206045b0413
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 03:47:34 GMT
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
server
nginx/1.20.1
age
20619242
etag
"612ef1b8-a58"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
2648
x-amz-cf-id
REM0Q5X9auPe0ZWuxPHk5T4LZ__XY728pp1KPWI71dtjVAWneSfoIw==
expires
Thu, 01 Sep 2022 03:47:34 GMT
collect
www.google-analytics.com/j/ 		1 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1680872888&t=pageview&_s=1&dl=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&ul=en-us&de=UTF-8&dt=Powershell%2C%20the%20Gandcrab%20infection%20and%20the%20long-forgotten%20server%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1517968364&gjid=391861074&cid=2019318571.1651087297&tid=UA-90768654-1&_gid=1077593117.1651087297&_r=1&gtm=2ou4p0&z=886941656
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://blog.extremehacking.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 19:21:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://blog.extremehacking.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
sdk.js
connect.facebook.net/en_US/ 		288 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=934e3cb22f813be514b77133710848b0
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b5364fe09208cea0f54ed9bf163057d91aba6eb804091a423346b004cfe50c0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://blog.extremehacking.org/
Origin
http://blog.extremehacking.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
AIxuUNg21+PAUfphLc5fLg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
84335
x-fb-rlafr
0
x-fb-debug
dqqU9XUynbaTzLCMHe3t2N+glkiebH2HaXm9ofpt58HFyKFtwpmXNPwoAaS1RDJWCkV7/3oUBgKoGlR0u55HrA==
x-fb-content-md5
03001fa18a1601c62decc19388c55c55
x-frame-options
DENY
date
Wed, 27 Apr 2022 19:21:37 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"2e6132b1e328419de7f1502f3e444c64"
timing-allow-origin
*
priority
u=3,i
expires
Thu, 27 Apr 2023 18:02:29 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/ 		149 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a667c3feb68929a9fa9a024d1631d6f97d3629bfa86a076efb5268ad11f5bc1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 10:49:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30702
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52038
x-xss-protection
0
last-modified
Mon, 21 Mar 2022 15:20:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 27 Apr 2023 10:49:55 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/ 		98 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/cb=gapi.loaded_1?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5573c75ba09af6215502057f622c7801a05fff748277edb53960ad4cfd77346
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://blog.extremehacking.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 10:49:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30702
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34612
x-xss-protection
0
last-modified
Mon, 21 Mar 2022 15:20:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 27 Apr 2023 10:49:55 GMT
fastbutton
apis.google.com/u/0/se/0/_/+1/ Frame E951 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&count=false&origin=http%3A%2F%2Fblog.extremehacking.org&url=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

Referer
http://blog.extremehacking.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1585
content-type
text/html; charset=UTF-8
date
Wed, 27 Apr 2022 19:21:37 GMT
referrer-policy
no-referrer
googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame E951 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
Requested by
Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&count=false&origin=http%3A%2F%2Fblog.extremehacking.org&url=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://apis.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 19:21:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:30:00 GMT
server
sffe
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
private, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3170
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 27 Apr 2022 19:21:37 GMT
postmessageRelay
accounts.google.com/o/oauth2/ Frame 4E73 		564 B
901 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fblog.extremehacking.org&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/cb=gapi.loaded_1?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab4156b45bc88cd7f1a22b9a49c47df03dbd400e465b3fe9eb05fbfd13ef18ae
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /o/cspreport script-src 'report-sample' 'nonce-HB1Wsp7UR9CvdYIN6Z1Eew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://blog.extremehacking.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /o/cspreport script-src 'report-sample' 'nonce-HB1Wsp7UR9CvdYIN6Z1Eew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-type
text/html; charset=utf-8
date
Wed, 27 Apr 2022 19:21:37 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
cspreport
accounts.google.com/o/ Frame 4E73 		0
20 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/cspreport
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/blog/2019/04/30/powershell-the-gandcrab-infection-and-the-long-forgotten-server/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'report-sample' 'nonce-NPSksUFIOXmbh7NY0FVqpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fblog.extremehacking.org&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Wed, 27 Apr 2022 19:21:37 GMT
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'report-sample' 'nonce-NPSksUFIOXmbh7NY0FVqpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
23066399-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame 4E73 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/23066399-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fblog.extremehacking.org&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
57dbe899a2b5c804f6e667838d56d9467d692e449dce19c7f9e48e84776c0ccd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 19:54:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
516427
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4281
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 18:12:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 21 Apr 2023 19:54:30 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame 4E73 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fblog.extremehacking.org&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c6eb301ab64cae9e40b6dcfef395f12adcc34f52002d9ea7b1c58a095d7f68fe
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5549
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
date
Wed, 27 Apr 2022 19:21:37 GMT
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"62fcadf59d7cc19f"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Apr 2022 19:21:37 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/ Frame 4E73 		54 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f98ac46a12e4c95f28120081d1c243b7b900fcf72ff77b00350fc0758d6c0d2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 10:49:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30701
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19088
x-xss-protection
0
last-modified
Mon, 21 Mar 2022 15:20:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 27 Apr 2023 10:49:56 GMT
like.php
www.facebook.com/v2.0/plugins/ Frame 22F1 		49 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.0/plugins/like.php?action=&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c44c89bf67638%26domain%3Dblog.extremehacking.org%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fblog.extremehacking.org%252Ff3bfa9d54c6e07c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=934e3cb22f813be514b77133710848b0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ba2fd80321a08c682096b8d206a9f67bff05258bc9d67daf1282e34fb2efc7ef
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://blog.extremehacking.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Wed, 27 Apr 2022 19:21:39 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version
v6.0
pragma
no-cache
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
WlQ+DTunGGQdTkpu8YydHmaTn20XCPa9jz0pU8cSbnwFXs3TlJfTfePUTTPcg+wLSEGPn5NNvSHktIooTNPMiQ==
x-fb-rlafr
0
x-xss-protection
0
OqOE21UvWe3.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 22F1 		400 B
646 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/like.php?action=&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c44c89bf67638%26domain%3Dblog.extremehacking.org%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fblog.extremehacking.org%252Ff3bfa9d54c6e07c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 19:21:39 GMT
x-content-type-options
nosniff
content-md5
uF0RL4E+h23ClLQmPOTTMw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
400
x-fb-rlafr
0
x-fb-debug
/cxbcCfP0K8C05VfC0kUnbFYOQjVP6vX8c4usQIgqqBMM6rg/RJC1pZKrwISPjMnxPhyRI457c/asfzBk+HOLA==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 27 Apr 2023 03:02:10 GMT
6Rz1iU08g12.js
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yn/l/en_US/ Frame 22F1 		524 KB
137 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yn/l/en_US/6Rz1iU08g12.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/like.php?action=&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c44c89bf67638%26domain%3Dblog.extremehacking.org%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fblog.extremehacking.org%252Ff3bfa9d54c6e07c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1867a5e1a00219ec55bd82c290e2758be2588a294f9530a3c8cab8a15feec875
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 19:21:39 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
un9zVMI5taB7AX/vyR9fiw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
139706
x-fb-rlafr
0
x-fb-debug
nve5iXnFKJMihHkUWDh06T0gcsApDxBn+FYfqVE/oJZ26szQEp+IU7T9ARxqwJypAL9240juug0RjV1gIbHp+Q==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 26 Apr 2023 20:27:16 GMT
likebox.php
www.facebook.com/plugins/ Frame 6649
Redirect Chain
  • http://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&c...
  • https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&...
15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&connections=
Requested by
Host: blog.extremehacking.org
URL: http://blog.extremehacking.org/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
df54a7787a4043f2b7ac9dc3b444ba0e38afdbcee5b41503f72211589c115c8f
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://blog.extremehacking.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Wed, 27 Apr 2022 19:21:39 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=0
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
qX5Vpo7CRkfvOksQqfVSRxDu7uwJHFaHSKVQ7fQs0mBD/+PKDJ7MQgA4P5bq+zujmJmDyuBBDf46ki+Mxk60GA==
x-fb-rlafr
0
x-xss-protection
0

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&connections=
Non-Authoritative-Reason
HSTS
cavalry_endpoint.php
www.facebook.com/common/ Frame 22F1 		67 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1651087299062&t_start=1651087299063&t_domcontent=1651087299073&t_layout=1651087299102&t_onload=1651087299102&t_paint=1651087299102&t_creport=1651087299102&t_tti=1651087299073&lid=7091365948780021143-0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/like.php?action=&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c44c89bf67638%26domain%3Dblog.extremehacking.org%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fblog.extremehacking.org%252Ff3bfa9d54c6e07c%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
pragma
no-cache
x-fb-debug
KXwwWaoboRKcy8Z4JIF4H26NHcC8btELxbXfO5GlrJT8RswDTyRBQjeA1NNr57L052xunhMPTmmQg8LFcoylUQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 27 Apr 2022 19:21:39 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
RwXN2PoG7Ii.css
static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/ Frame 6649 		18 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/RwXN2PoG7Ii.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fextremehacking.org&width=231&colorscheme=light&show_faces=true&stream=true&header=true&height=570&force_wall=true&connections=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cd12dd695fefd532396b9788fc6caf3ba4230accd5d0a25db9593b6043c533f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 27 Apr 2022 19:21:39 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
8e+BTTQgtCy9qJnFLOwDQg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
4681
x-fb-rlafr
0
x-fb-debug
Ok7QydHPni9wwUPCcvHw1KN+1z6F8V7op7NLfQ/xPLusPqyT6VEAo4uTjZ+KG7c6rzNy/Rj00s66MVgIdnjwCQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 27 Apr 2023 17:07:57 GMT
index.html
ws.sharethis.com/secure5x/ Frame 083A 		14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/secure5x/index.html
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
40279417deb789df672f0165a0817b4c84893685d47a4fd8e20770e838ef4367
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://blog.extremehacking.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
85176
content-encoding
gzip
content-length
4082
content-type
text/html
date
Tue, 26 Apr 2022 19:42:03 GMT
etag
W/"61e1c3fb-390f"
last-modified
Fri, 14 Jan 2022 18:42:03 GMT
server
nginx/1.20.1
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
x-amz-cf-id
1GHlQB7lTgRoBcXPKGHEuoX8rH2eBOAUdAOj5gawc4ZCpENlmnW0bw==
x-amz-cf-pop
DUS51-C1
x-cache
Hit from cloudfront
x-robots-tag
noindex, nofollow
stcommon.1f60705adac788a51a8240cf535237b0.js
ws.sharethis.com/secure5x/js/ Frame 083A 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/secure5x/js/stcommon.1f60705adac788a51a8240cf535237b0.js
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/secure5x/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
2d200d90966b8380a648972d71130785371751cf24bb7398f2854be23afb4a65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ws.sharethis.com/secure5x/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 03:47:33 GMT
content-encoding
gzip
vary
Accept-Encoding
age
20619246
x-cache
Hit from cloudfront
content-length
5630
server
nginx/1.20.1
etag
W/"612ef1fe-40f6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
wZG_jC5HM-PFEToJUSvnKRwCLGSFbP0wOX7g-hr8jpvsLtMseVEJ8g==
expires
Thu, 01 Sep 2022 03:47:33 GMT
st.31cb6fcb48e558d491ec5da1e80ebf3d.js
ws.sharethis.com/secure5x/js/ Frame 083A 		132 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/secure5x/js/st.31cb6fcb48e558d491ec5da1e80ebf3d.js
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/secure5x/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:8400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
ffd7d8f21205b5a8c3d1e2fd124fd554edbc9ab1ef756b679fcf276bb00a229f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ws.sharethis.com/secure5x/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 00:33:12 GMT
content-encoding
gzip
server
nginx/1.20.1
age
3782907
etag
W/"61e1c3fb-20e82"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex, nofollow
x-amz-cf-id
5iWHMsFyF7ge_q5qprC-tMpfByHqSYCy0g_7ZXEqseEwsARPGMW8cg==
expires
Wed, 15 Mar 2023 00:33:12 GMT

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| _wpemojiSettings undefined| $ function| jQuery undefined| oldgs object| punchgs object| _gsScope undefined| oldgs_queue undefined| GreenSockGlobals undefined| _gsQueue function| revslider_showDoubleJqueryError object| google_tag_manager object| dataLayer function| shouldTrack function| hasWKGoogleAnalyticsCookie function| gtag object| google_tag_data string| GoogleAnalyticsObject function| ga boolean| switchTo5x object| stlib function| _$d function| _$d0 function| _$d_ function| _$d1 function| _$d2 function| _$de function| _$dt object| _all_services boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus string| customProduct string| stWidgetVersion object| stButtons object| stWidget boolean| sop_pview_logged object| ShareThisEvent object| stLight boolean| st_showing string| st_type object| doc number| container_width_current string| __bp_session_timeout number| __bp_session_freezing object| bizpanda object| spuvar object| spuvar_social function| init_hash boolean| showHoverbarReskinned boolean| isEsiLoaded boolean| stShowNewMobileWidget boolean| isMobileButtonLoaded boolean| stRecentServices boolean| iswhatsappCustomButton boolean| isKikCustomButton boolean| stIsLoggedIn object| servicesLoggedIn object| stFastShareObj boolean| useFastShare object| stButtonsLib function| Shareable function| shareLog string| __stPubGA object| async_buttons function| foursquareCallback function| __stgetPubGA function| plusoneCallback boolean| openWidget object| iedocmode object| gaplugins object| gaGlobal object| gaData object| FB object| gapi object| ___jsl object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow function| EventEmitter object| eventie function| imagesLoaded object| SPU object| addComment object| js_local_vars object| twemoji object| wp function| calc_select_arrow_dimensions function| _fusionRefreshScroll function| _fusionParallaxAll function| _fusionRefreshWindow function| _fbRowGetAllElementsWithAttribute function| _fbRowOnPlayerReady function| _fbRowOnPlayerStateChange function| resizeVideo function| onYouTubeIframeAPIReady function| onPlayerStateChange function| onPlayerReady function| insertParam function| ytVidId function| onYouTubePlayerAPIReady object| cssua function| Froogaloop object| $avada_lightbox object| $il_instances object| _fusionImageParallaxImages number| _fusionScrollTop number| _fusionWindowHeight number| _fusionScrollLeft number| _fusionWindowWidth object| $youtubeBGVideos function| generate_carousel function| calcTabsLayout function| fusion_reanimate_slider function| fusion_calculate_responsive_type_values function| YT_ready undefined| orig_logo_height string| orig_logo_container_margin_top string| orig_logo_container_margin_bottom undefined| orig_menu_height number| wrapper_position boolean| is_parallax_tfs_slider function| $f function| docReady function| getStyleProperty function| getSize function| matchesSelector function| Outlayer function| Isotope function| Masonry object| NiceScroll object| Modernizr function| yepnope object| browserPrefixes string| baseURL object| php_js number| sharebox_h4_width undefined| sharebox_ul number| $header_parent_height number| $header_height number| $scrolled_header_height object| $sticky_trigger number| $sticky_trigger_position number| $wp_adminbar_height number| $sticky_header_type number| $slider_offset number| $site_width boolean| $media_query_test_1 boolean| $media_query_test_2 boolean| $media_query_test_3 boolean| $media_query_test_4 number| original_logo_height number| $original_sticky_trigger_height string| $container boolean| page_smoothHeight boolean| flex_smoothHeight string| messageSet

6 Cookies

Domain/Path Name / Value
blog.extremehacking.org/ Name: bp_user-role
Value: guest
blog.extremehacking.org/ Name: bp_user-registered
Value: 0
blog.extremehacking.org/ Name: bp_ut_session
Value: %7B-q-pageviews-q-%3A1-c--q-referrer-q-%3A-q--q--c--q-landingPage-q-%3A-q-http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F-q--c--q-started-q-%3A1651087296935%7D
.extremehacking.org/ Name: _ga
Value: GA1.2.2019318571.1651087297
.extremehacking.org/ Name: _gid
Value: GA1.2.1077593117.1651087297
.extremehacking.org/ Name: _gat_gtag_UA_90768654_1
Value: 1

2 Console Messages

Source Level URL
Text
network error URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&count=false&origin=http%3A%2F%2Fblog.extremehacking.org&url=http%3A%2F%2Fblog.extremehacking.org%2Fblog%2F2019%2F04%2F30%2Fpowershell-the-gandcrab-infection-and-the-long-forgotten-server%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.xpRpP2dSg9Q.O%2Fd%3D1%2Frs%3DAHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA%2Fm%3D__features__#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh&id=I0_1651087297034&_gfid=I0_1651087297034&parent=http%3A%2F%2Fblog.extremehacking.org&pfname=&rpctoken=34419248
Message:
Failed to load resource: the server responded with a status of 404 ()
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
blog.extremehacking.org
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
i.postimg.cc
l.sharethis.com
ssl.gstatic.com
static.xx.fbcdn.net
w.sharethis.com
ws.sharethis.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
141.94.130.128
2600:9000:2182:8400:3:c04e:c780:93a1
2a00:1450:4001:802::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:810::200a
2a00:1450:4001:827::2003
2a00:1450:4001:82a::200d
2a00:1450:4001:831::2008
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
35.156.233.6
43.225.55.205
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
1867a5e1a00219ec55bd82c290e2758be2588a294f9530a3c8cab8a15feec875
23fd88de60babaa196600564578f87d76d3e86831360892c48bb281c7c7243e4
2d200d90966b8380a648972d71130785371751cf24bb7398f2854be23afb4a65
3488c49147b809d1e457c14a37bf3a79b0455fd159c121325e8f737eea45eb75
366649c6c2d9f225b735a5ff4fdacdcf330ef4641061f219d8d39bd262b35e67
37c558263ba695539d83e2b57c33595763d1b7b36e27e4d2b0a654ef00027690
38bdaa6ffa7c071fd9af7eb4fc6e34125cbac8965ad71fb0e93a0d2140dd2842
3be5e97353bb264fd4053ece052b1174a389019313da2875dae7cab29ee28d5d
3c478d59cd9c14ded18169933a9703a61220b737631fa08035f626f45867c134
40279417deb789df672f0165a0817b4c84893685d47a4fd8e20770e838ef4367
4e2b38b4f0180fd5671604c482ae7b38eaa7d3b008099314bd261206045b0413
4f0bf60ccd1fa3e1c3f789342c2d28aeba8bf72e58a3f3bc05165a21a3d7b6a4
57dbe899a2b5c804f6e667838d56d9467d692e449dce19c7f9e48e84776c0ccd
5881b4f2ae1a4f45ae43f7b68d1fde8de01885d0c05ba9e35d135bf21c6d3e8a
595c14bd7589b069e4570ba658cfab8850611639e8a077ca84ef263bfa4671f9
6490da8fa414a3ee09c42b4b0557ee396bd60c3dd7654c9df31c50f35a3fa122
6798098b268879f96180736f0f3eb58f416d2735bf76eab193e4bc5c1cd48e07
6a46e721738fe773283959d5c78be8e4b74f398ef65efddcc2bc8b2c87f6b02b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7b5c11bae820e9775ee778937cced456125ea6df362accbc5b55b538b51952c8
7ba38c636940db54018406db91e3a02040d14fd6ce7dabf8bdb011067ba8eb41
7e5efee0efab67664f43a04820573d1631e792052aeeedb3163b6d0579ec3e34
7f30d4650a79d9ec3bbfd904f25cb2c62ff44eb0b36b7e302265dfcfb2606489
8cf272f71df4c1da72cc6cac3e29e1099160a69a96825a6491783b41ed68e217
918af567de57ab7349f6c8978d908f66ac0dd756b044330778ce1e0cdef6b9a6
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
96ee78409d549a312cbe8bdaa865861731721bb023be758151621b939b6d6cef
9be8d74d3f3106bd50242173a00ba7a7eac4a3a152cd77b9c221bdc0449fb697
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a667c3feb68929a9fa9a024d1631d6f97d3629bfa86a076efb5268ad11f5bc1f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab4156b45bc88cd7f1a22b9a49c47df03dbd400e465b3fe9eb05fbfd13ef18ae
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8
aeae37bae2130513ef8b5ea4fde8fd776b32ff8969b848b59399a63d9455e29a
af6c4b21f7b4a51cf290db1dc17ff613cd7db54e14574587bebb6b9cf2a2082d
b5364fe09208cea0f54ed9bf163057d91aba6eb804091a423346b004cfe50c0b
ba2fd80321a08c682096b8d206a9f67bff05258bc9d67daf1282e34fb2efc7ef
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c6eb301ab64cae9e40b6dcfef395f12adcc34f52002d9ea7b1c58a095d7f68fe
c86f7b62a894d5799f1aa0a535efb34ed6f914447f901f1da50c837dee13fa72
c9b5f0ee3a85b6f6344c29ad0d80dd9c58a267db1e85161d14e9421486322808
cd12dd695fefd532396b9788fc6caf3ba4230accd5d0a25db9593b6043c533f6
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df54a7787a4043f2b7ac9dc3b444ba0e38afdbcee5b41503f72211589c115c8f
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51758d5e703f432f96cab57225430c9a58f63a40e383d9485566bc9de5c40df
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
f5573c75ba09af6215502057f622c7801a05fff748277edb53960ad4cfd77346
f98ac46a12e4c95f28120081d1c243b7b900fcf72ff77b00350fc0758d6c0d2b
ffa024b7d27f26f77b9d5d0935a4a488f40a2b6c4929f8941ef2f516a2fb08c4
ffd7d8f21205b5a8c3d1e2fd124fd554edbc9ab1ef756b679fcf276bb00a229f