shells.systems Open in urlscan Pro
188.114.96.3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Submission: On November 21 via manual (November 21st 2024, 2:10:03 pm UTC) from US — Scanned from NL

Summary HTTP 45 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 45 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is shells.systems.
TLS certificate: Issued by WE1 on October 6th 2024. Valid for: 3 months.

This is the only time shells.systems was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
9	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
45	6

30 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

shells.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	shells.systems shells.systems	1 MB
9	gstatic.com fonts.gstatic.com	162 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36 region1.google-analytics.com — Cisco Umbrella Rank: 3353	22 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	175 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
45	5

	Domain	Requested by
30	shells.systems	shells.systems
9	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	shells.systems www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.googleapis.com	shells.systems
45	6

This site contains links to these domains. Also see Links.

Domain
x64dbg.com
github.com
wordpress.org

Subject Issuer	Validity	Valid
shells.systems WE1	`2024-10-06` - `2025-01-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Frame ID: C5F02CEF6C2B85F2235B44DAEDF1F389
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Extracting Plaintext Credentials from Palo Alto Global Protect - Shells.Systems

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

45
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1651 kB
Transfer

2381 kB
Size

5
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://x64dbg.com/
Title: x64dbg

Search URL Search Domain Scan URL

URL: https://github.com/t3hbb/PanGP_Extractor
Title: https://github.com/t3hbb/PanGP_Extractor

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Proudly powered by WordPress

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/ 29 KB
10 KB 166ms
120ms Document
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.0.32
Resource Hash: 95cb6380cda6a2e745528816b3e8219cb2ba62611a0beb9fa765a8c787cbc296

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8e6142b68f0c1c7a-AMS
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Thu, 21 Nov 2024 14:09:58 GMT
link: <https://shells.systems/wp-json/>; rel="https://api.w.org/" <https://shells.systems/?p=2486>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2BwZe%2B5q3jBg%2BmEcwHRhh3JUmNwJGH%2B8Q5VkQXdOi7wXiXE6eEOmqwZGs2Ipe99N%2B%2BkRwIf12%2BPu9hSpMuoQT0wBJ0hty4EVVcyTgzfRrDdNtqHxVQk8zTCxp2ouPA0SOA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=15194&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4137&recv_bytes=4527&delivery_rate=680&cwnd=12000&unsent_bytes=0&cid=417b8a9fe229e254&ts=129&x=1" cfHdrFlush;dur=0
x-pingback: https://shells.systems/xmlrpc.php
x-powered-by: PHP/7.0.32

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 101ms
41ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38782884-3

Requested by

Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d63d26b0572a6eb07e36aab40c7ab9713eac017a67b3d22e76c4cc760699498

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 14:09:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81582
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 style.min.css
shells.systems/wp-includes/css/dist/block-library/ 25 KB
5 KB 34ms
32ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-includes/css/dist/block-library/style.min.css?ver=5.0.2
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57a96eb1ccacae26e452d6e147fb29ca8ca20ce183970a3a4fb5febf8662fcc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"6f1-63e3-57bdedc44b600"
age: 1606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8az1UySkA2lniZzzemjEkuD2IUgwPbXBSNjeW4%2FrzwV68otqlsQK1UgEPirayH86lXFmRJW31adbPI8SXNCD5CbsNCLd3NP5yDWgNGFyWfOk9Mf1%2FmldVxntoAmfVKpVbw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b75ff41c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17602&sent=24&recv=21&lost=0&retrans=0&sent_bytes=15176&recv_bytes=6709&delivery_rate=729386&cwnd=12000&unsent_bytes=0&cid=417b8a9fe229e254&ts=177&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:58 GMT
content-type: text/css
last-modified: Fri, 30 Nov 2018 09:59:52 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 foobox.free.min.css
shells.systems/wp-content/plugins/foobox-image-lightbox/free/css/ 29 KB
5 KB 34ms
32ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/plugins/foobox-image-lightbox/free/css/foobox.free.min.css?ver=2.7.17
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f592c1248f3224a2adddaa84e9ec8c8e7ed7a7bcf0913e658534eeb1dd5fe00

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"10b7-7312-5e11b6e6a2d23"
age: 1606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t6WiPkLGb85vv%2BUUBiF1%2B1qVc51bTqhitUCTmSwElAlDAgnEgKBFQlNINITaF3n04oG%2BMl1e%2BzBn3jsyQo0X1GzNGGwMGGm3jp1KmKatJztlzVhS%2BjY9z%2F1XV5eJYTq0zA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b75ff61c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17602&sent=30&recv=21&lost=0&retrans=0&sent_bytes=20663&recv_bytes=6709&delivery_rate=729386&cwnd=12000&unsent_bytes=0&cid=417b8a9fe229e254&ts=178&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:58 GMT
content-type: text/css
last-modified: Fri, 10 Jun 2022 17:40:16 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 91ms
32ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Requested by

Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9899e531840ff63de25c165502e93d34368f0dc92a3e320bf4c3a8a2d7e028b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 14:09:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 14:09:58 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 21 Nov 2024 14:09:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 bootstrap.min.css
shells.systems/wp-content/themes/thesimplest/assets/css/ 118 KB
22 KB 53ms
52ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/assets/css/bootstrap.min.css?ver=3.3.7
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"dad-1d970-57dcbcca5cf88"
age: 1606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YLNMxwOxhACZrqG0QE5aJzKglshfJvRydae5%2BWTf6nXX14t2bTg%2FgtMh%2Bvm%2BGj4pZRPy6zjtrvh7PBm1EwwoVcFfGO0OAZjcONBbA%2B7reNbEUtYmgC3JPyZ2TfTfXi0jw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b75ff71c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17602&sent=32&recv=21&lost=0&retrans=0&sent_bytes=21973&recv_bytes=6709&delivery_rate=729386&cwnd=12000&unsent_bytes=0&cid=417b8a9fe229e254&ts=178&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:58 GMT
content-type: text/css
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 font-awesome.min.css
shells.systems/wp-content/themes/thesimplest/assets/css/ 30 KB
8 KB 33ms
32ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/assets/css/font-awesome.min.css?ver=4.7.0
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"dac-7918-57dcbcca5cf88"
age: 1606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T8Xsl1YGqJz%2BUfhA5bdZdrudMYvXZKVApo9rvbFgU0%2BsqPgy1AZaJZ75SBf4RvK%2BBo03JC71CXMOOKg6XJRas%2B5Y%2FL4NsxKI4a2A%2FwcEiQtzMf1Jyoa%2FQtPQUXkuSfaqTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b75ff81c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17602&sent=31&recv=21&lost=0&retrans=0&sent_bytes=21317&recv_bytes=6709&delivery_rate=729386&cwnd=12000&unsent_bytes=0&cid=417b8a9fe229e254&ts=178&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:58 GMT
content-type: text/css
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 style.css
shells.systems/wp-content/themes/thesimplest/ 38 KB
9 KB 64ms
63ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/style.css?ver=5.0.2
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca1dfcad1108ff8b71f22a462bf8348b6ff1335c1e0bb8de940ec067a2364bc5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"d93-975b-57dcbcca5bc00"
age: 1606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DWfp6BL7cWsGMs5gshdoOqig40pi9X%2Fpgai5XoSmG5p2S%2FhMq9SIc027dxUuoJDJ6rLwzhXCtrfRJHBCEiCiAI02H8ltFOv%2Fo0SOz59aS%2Bi7h4IPj%2F9dqip2RdyL7bAalA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b75ffa1c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17602&sent=38&recv=21&lost=0&retrans=0&sent_bytes=27176&recv_bytes=6709&delivery_rate=729386&cwnd=12000&unsent_bytes=0&cid=417b8a9fe229e254&ts=181&x=1", cfHdrFlush;dur=12
date: Thu, 21 Nov 2024 14:09:58 GMT
content-type: text/css
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 jquery.js Show response
shells.systems/wp-includes/js/jquery/ 95 KB
36 KB 87ms
85ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"97b-17ba0-5337eac0d4540"
age: 1606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hqwxS4dbpn6Mv7QT8od1m%2F8KNmLhEvgseB8SW8A6vbP6nkQfc1H6LB89XwJlBtUa2pYGymLkxHVd%2BdV3gYGCISxnxdX2d%2Fs5HadWu%2FEPxtpfGUgpnrzIoVuNZjD9wCjUg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b7a8571c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17560&sent=77&recv=40&lost=0&retrans=0&sent_bytes=66705&recv_bytes=7839&delivery_rate=1720128&cwnd=45600&unsent_bytes=0&cid=417b8a9fe229e254&ts=230&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Mon, 23 May 2016 09:00:29 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 jquery-migrate.min.js Show response
shells.systems/wp-includes/js/jquery/ 10 KB
5 KB 105ms
104ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"975-2748-5333ff613c400"
age: 1607
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DzMQa0dlT%2BVI%2B39pgp2jaR2Sr9TDDCjLbhU2M%2Fmua4%2F3oMg%2FDFLR0uQy7%2B7FPHcKTuME2Js6wu45VMKcIW2CA2k8uLLdGa4P7%2BV%2BMC7L3lFBgM9LHzuXLhi4UL4ZtjeE4g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b7c8731c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17796&sent=118&recv=43&lost=0&retrans=0&sent_bytes=112998&recv_bytes=9360&delivery_rate=72115&cwnd=45600&unsent_bytes=0&cid=417b8a9fe229e254&ts=250&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Fri, 20 May 2016 06:11:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 foobox.free.min.js Show response
shells.systems/wp-content/plugins/foobox-image-lightbox/free/js/ 98 KB
32 KB 113ms
112ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/plugins/foobox-image-lightbox/free/js/foobox.free.min.js?ver=2.7.17
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ca8a4feeb61ae9e7c5b6dc7a7918cf9c214c601be52f73231bb20cec8861c00

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"7f747-18804-5e11b6e6a2d23"
age: 1607
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=salGEdOZUCDYzsd%2F7hrSNu27gVfPAXeqyxVM4%2BcMRG48UU8h9oT3vxzzyxP3wyzLakV5Cnr2swZ17A%2BuHLZXBJrUyxNnUxb48AXUfhKJgM15F05ix7%2BGCwy0%2FULuNoBmRA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b7c8751c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16685&sent=139&recv=48&lost=0&retrans=0&sent_bytes=136998&recv_bytes=9580&delivery_rate=579917&cwnd=57600&unsent_bytes=0&cid=417b8a9fe229e254&ts=251&x=1", cfHdrFlush;dur=7
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Fri, 10 Jun 2022 17:40:16 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 image.png
shells.systems/wp-content/uploads/2024/11/ 132 KB
133 KB 104ms
103ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0099dffaf72267406eb1d9ce4262bbe16a536755ea7444ba3f05d85ebe35952

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41bcf-21137-62740c4dd2f2b"
age: 1607
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iR6LWV5FY%2BU1ZWN%2FRBeTGx%2BaGmu6bzoHRSHkxHKcKGxOWL7V%2FhSfmg45k8poSSULdwuTvy0DhqvalFD9Fr4vf5Yc3%2BXdJ8pKEV0Tfy5qF7mexwlIsRvSTh5OE7ACmBfIpw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17796&sent=110&recv=43&lost=0&retrans=0&sent_bytes=103920&recv_bytes=9360&delivery_rate=72115&cwnd=45600&unsent_bytes=0&cid=417b8a9fe229e254&ts=249&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:36:34 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b7c8771c7a-AMS
accept-ranges: bytes
content-length: 135479
server: cloudflare

GET
H3 200 image-1.png
shells.systems/wp-content/uploads/2024/11/ 67 KB
68 KB 133ms
132ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-1.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40ad885140b3795af5b48cf0dc90fbefe173af6134cce9cc4036a404194c8c9e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: "41c04-10ce4-62740c9060c9e"
age: 1607
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tcJLy9drHqaq4%2F1r8gb6%2BWrhq17GZKUkLVN23xxh5ZAFSFqvWDg4fllwgqrSRNT0HyWLmoBUzfDZDNFpr9m1ZQXc%2F8M1OouWR0cQyufjcPngYRh7mPp09WNMF5dMWjp4Cw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16685&sent=139&recv=48&lost=0&retrans=0&sent_bytes=136998&recv_bytes=9580&delivery_rate=579917&cwnd=57600&unsent_bytes=0&cid=417b8a9fe229e254&ts=254&x=1", cfHdrFlush;dur=4
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:37:44 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b7c8781c7a-AMS
accept-ranges: bytes
content-length: 68836
server: cloudflare

GET
H3 200 image-2.png
shells.systems/wp-content/uploads/2024/11/ 46 KB
46 KB 86ms
85ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-2.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d3b0ec121a3b624c37dd1d740817c7b37af528518397154e99bad261f19a15a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c05-b601-62740ccb9836d"
age: 652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqiitI5A6LOv6y17QZvKnZEu%2BJI4tre1zc3i%2B3MtqPnk7Zw6OuxlYUsVo7z7qmFarZmT6ygu3gRfkQz12H56nrKhxcD0vdmb2enkKuGe%2FKMyWpaXcILk19hftD%2FrctfYgA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17510&sent=466&recv=88&lost=0&retrans=0&sent_bytes=519342&recv_bytes=15787&delivery_rate=1656138&cwnd=225900&unsent_bytes=0&cid=417b8a9fe229e254&ts=356&x=1", cfHdrFlush;dur=3
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:38:46 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b848f71c7a-AMS
accept-ranges: bytes
content-length: 46593
server: cloudflare

GET
H3 200 image-3.png
shells.systems/wp-content/uploads/2024/11/ 56 KB
56 KB 41ms
40ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-3.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd23405a26cdb82b9043dacdb60714cb76812846fa3b546071fec3bf2f0b18a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c06-dec3-62740d071b906"
age: 652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZhzckpHDs8MeS%2Bw2nTwfn9WrkecnQ%2Fq19IVfX8%2BpBsAx9kFfj4C8SbkC3IW25j60%2F57gYBtjACL7Pb4YHXlITInh1V1s%2BZhB3DNx%2Fl5675wuXF%2FI0ca%2BqiHnEDaUkNCLug%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18159&sent=325&recv=81&lost=0&retrans=0&sent_bytes=352242&recv_bytes=14824&delivery_rate=6654545&cwnd=155100&unsent_bytes=0&cid=417b8a9fe229e254&ts=333&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:39:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b848fd1c7a-AMS
accept-ranges: bytes
content-length: 57027
server: cloudflare

GET
H3 200 image-4.png
shells.systems/wp-content/uploads/2024/11/ 141 KB
141 KB 37ms
36ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-4.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dd3128f9e3b204b45d4c9978a9690da877e5ed01f459e21724bc119bfab8675

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c07-232b0-62740d3b4f556"
age: 652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jci8S51OlpBXZTLeLCvEDCHTLFbF%2BfslICnVlYfcxCKOtPNnwSsd4QlLXMba%2BKAPkUIVBp0ZkHIYpBd4Ruv%2FlUzgEsHFfNPTvpTyEFAE6lEFxqYJOjtfEQnBep62krhywQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18159&sent=335&recv=81&lost=0&retrans=0&sent_bytes=364242&recv_bytes=14824&delivery_rate=6654545&cwnd=155100&unsent_bytes=0&cid=417b8a9fe229e254&ts=336&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:40:43 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b859101c7a-AMS
accept-ranges: bytes
content-length: 144048
server: cloudflare

GET
H3 200 image-5.png
shells.systems/wp-content/uploads/2024/11/ 147 KB
147 KB 57ms
49ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-5.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ef0275dc708eca9fabf540df8c4a1098e6e32709fcf22c2eb1965a96908615b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c08-24b16-62740db65058d"
age: 651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJLtN8SVLl2YA8dh2eugouVUZJyTarde9TCEuQg52sxLcVrzPTBlMR6dPTeKrtTvPWKrLgA5Uslqcox3zA55AFwMnb3EJiKNsLEseJYTNgv0wgJflXwlIcEfbHs9xYsqkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17510&sent=456&recv=88&lost=0&retrans=0&sent_bytes=507342&recv_bytes=15787&delivery_rate=1656138&cwnd=225900&unsent_bytes=0&cid=417b8a9fe229e254&ts=349&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:42:52 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b8593b1c7a-AMS
accept-ranges: bytes
content-length: 150294
server: cloudflare

GET
H3 200 image-6.png
shells.systems/wp-content/uploads/2024/11/ 234 KB
235 KB 79ms
71ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-6.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a0373aaefc3bca7ad940f2deb487b2e8fa7698d600b789c3a6386b3dc52dc73

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c09-3a7c9-62740e3684a8f"
age: 651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FskEfqmOX0YVMeUS%2BrSMWW3oW%2BIkAcbW28MOAL6MtA7gn8RUuF00uMmeFvQDMS1oCpJDWpyAQzP82VOd8sFKJ%2BvjjiTVVMbI%2BeBc7QukdIb5pkFVEblp0o4T8YMXpalkA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17510&sent=466&recv=88&lost=0&retrans=0&sent_bytes=519342&recv_bytes=15787&delivery_rate=1656138&cwnd=225900&unsent_bytes=0&cid=417b8a9fe229e254&ts=356&x=1", cfHdrFlush;dur=3
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:45:06 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b859401c7a-AMS
accept-ranges: bytes
content-length: 239561
server: cloudflare

GET
H3 200 image-7.png
shells.systems/wp-content/uploads/2024/11/ 204 KB
204 KB 83ms
75ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-7.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bfbf312334ef0de52fd3b309c112d7a681df41430e6b9cd0362bb82d02e9c6d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c0a-32e93-62740e7bd5c6f"
age: 651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ib2A1Zk0gH0%2Bvx6LqO7uJw3w7HG5sLvKzhaAASNTRe9VRKyTpuoQmkKKHq9KGJX4DpQCJEg4Ph2As%2F0aj0cpllZTYAyjt4prcOQhlg6omvd3%2BQ%2B0R7mPJPym11VTIqAqQA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18159&sent=456&recv=81&lost=0&retrans=0&sent_bytes=507342&recv_bytes=14824&delivery_rate=6654545&cwnd=155100&unsent_bytes=0&cid=417b8a9fe229e254&ts=346&x=1", cfHdrFlush;dur=3
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:46:19 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b859431c7a-AMS
accept-ranges: bytes
content-length: 208531
server: cloudflare

GET
H3 200 image-8.png
shells.systems/wp-content/uploads/2024/11/ 22 KB
23 KB 100ms
92ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.systems/wp-content/uploads/2024/11/image-8.png
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2369253eaeda3714e2c072c88e885fd98c306ba91969426d5e16097c7203a2c4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
etag: W/"41c0b-58b2-62740ea765e06"
age: 651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NenIYQt71IiYcC4cvOi7CXDELRTRp2zzcsKQytQYsTz7U%2FzfDuTfMj7HBGplgZV9bOrLJ6l%2F2C%2FNayydyTFRorpwwYzFGiwiqMxppM7yZ5GhRtBu2JZGg%2FfWkmi4CxlwXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26276&sent=951&recv=105&lost=0&retrans=0&sent_bytes=1089967&recv_bytes=17885&delivery_rate=4840667&cwnd=363600&unsent_bytes=0&cid=417b8a9fe229e254&ts=395&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/png
last-modified: Tue, 19 Nov 2024 09:47:05 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b8a9a21c7a-AMS
accept-ranges: bytes
content-length: 22706
server: cloudflare

GET
H3 200 email-decode.min.js Show response
shells.systems/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 57ms
54ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shells.systems/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"673dd3d6-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwLVieVoY2tlW0JjNhvt33ANpMC8fpcncI5j5xv9riVG6I1JQrcDv4JdoMrE9Vq%2FVeBQV3YeOIyNp9VUfRSBrMFklj48Dig6%2FyGRtTkpsaVVpPfwgxp4NJFSOkFEUxqsdw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8e6142b859191c7a-AMS
expires: Sat, 23 Nov 2024 14:09:59 GMT
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2024 12:19:34 GMT
server: cloudflare
vary: Accept-Encoding

GET
H3 200 skip-link-focus-fix.js Show response
shells.systems/wp-content/themes/thesimplest/assets/js/ 1 KB
1 KB 57ms
54ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/assets/js/skip-link-focus-fix.js?ver=1.0
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e73b6b648c5083d05a0fb212f636878a447987e1dc5c575dbba15c57d324fcc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"db3-500-57dcbcca5d370"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbrsccRZkXNCmwLF6Z8ozJuutSLsmGEcPN%2FZKR9WvjscPYvB%2FH30DqXqDBtu4tJD%2BTqyZ3GP4agxkCo5yy7mcfGYyjWp6K1cAgxDu5Qzg7oGCHmXs4St%2BdaxlLx6%2BvT0bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b859221c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18159&sent=456&recv=81&lost=0&retrans=0&sent_bytes=507342&recv_bytes=14824&delivery_rate=6654545&cwnd=155100&unsent_bytes=0&cid=417b8a9fe229e254&ts=345&x=1", cfHdrFlush;dur=4
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 bootstrap.min.js Show response
shells.systems/wp-content/themes/thesimplest/assets/js/ 36 KB
11 KB 61ms
58ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/assets/js/bootstrap.min.js?ver=3.3.7
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"db2-90b5-57dcbcca5d370"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BiRYPAAnrdv7xOLzpyfcBquQ0PkNF2kPZHUmjZC9WHf%2B7vX%2F24iR71BVDowVEIc7Y3%2BVA6arKsWyJriEfjhWXD%2FHc4VwgpjvZ%2FLsbKn8HD8a7tRkZk7kTuelm8cZVL0UGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b859261c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18159&sent=455&recv=81&lost=0&retrans=0&sent_bytes=507193&recv_bytes=14824&delivery_rate=6654545&cwnd=155100&unsent_bytes=0&cid=417b8a9fe229e254&ts=338&x=1", cfHdrFlush;dur=11
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 comment-reply.min.js Show response
shells.systems/wp-includes/js/ 1 KB
1 KB 63ms
59ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-includes/js/comment-reply.min.js?ver=5.0.2
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"86d-436-577d80c351540"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F7hV5hA1o0rDQdsOvmY29qrm7iCDAml29ztx9WcsUmCi2GeH4ODx%2B6UO%2FASte0KZJUpTJpzQorxCbCYgB6JVbUDv1q%2B5HNe8Vs3GRdTdUEZ%2FFFLRoJJPbvinXVAUCK960Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b8592f1c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17510&sent=456&recv=88&lost=0&retrans=0&sent_bytes=507342&recv_bytes=15787&delivery_rate=1656138&cwnd=225900&unsent_bytes=0&cid=417b8a9fe229e254&ts=349&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Wed, 10 Oct 2018 04:11:25 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 main.js Show response
shells.systems/wp-content/themes/thesimplest/assets/js/ 10 KB
4 KB 77ms
73ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/assets/js/main.js?ver=1.0
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 608c34a8a593eb8567534306f313bece8e821a39c98b48347b6eefd94c46d54d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"db1-2692-57dcbcca5d370"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pI%2FoFM4vKr0vL1BP8RTxGL%2FyAju7bFUVZYB3ml1wDnx9fHOfOGtgMKg7TR9fGrC7YdBlCAsiz5tH0Z0uCZPODWU2vM9SfyBkRKrxBeK3%2BwsmuOSM1J5tF%2BWdAoJGnHPUow%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b859371c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17510&sent=504&recv=88&lost=0&retrans=0&sent_bytes=562786&recv_bytes=15787&delivery_rate=1656138&cwnd=225900&unsent_bytes=0&cid=417b8a9fe229e254&ts=358&x=1", cfHdrFlush;dur=1
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 wp-embed.min.js Show response
shells.systems/wp-includes/js/ 1 KB
1 KB 77ms
74ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-includes/js/wp-embed.min.js?ver=5.0.2
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"95b-57b-577ec029723c0"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D4%2FylqKmflS6n1wher9EctBSJF9ogI%2Fk%2Bf0cUwU6txnZwUEO9pC5FzZ%2BDiCF%2FAFvUwAF4W0nMI%2BoHAieBunDHlUqQ9msI5bCNK3QQIw53JrNGR0HalB9EcNNkzWoyoHc2g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b889771c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17337&sent=674&recv=89&lost=0&retrans=0&sent_bytes=761442&recv_bytes=15833&delivery_rate=3620345&cwnd=254100&unsent_bytes=0&cid=417b8a9fe229e254&ts=369&x=1", cfHdrFlush;dur=2
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Thu, 11 Oct 2018 04:00:23 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 akismet-frontend.js Show response
shells.systems/wp-content/plugins/akismet/_inc/ 10 KB
4 KB 100ms
92ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1673961197
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"5f1-29ed-5f27576911bb4"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwgYtmTsNRY21QpC26OfJ4M7J%2FpqjcgVugKef3G7y4O2cgSjOfBQGZVmwTJ%2FcPjs8G%2FGycvWfY%2FN5rSwBriEO4GElz9zbKHfCvjTQR1R%2B0jM8Kdhsyk6iphfjXGQ8qc%2BYg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b8a9a91c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26276&sent=941&recv=105&lost=0&retrans=0&sent_bytes=1077967&recv_bytes=17885&delivery_rate=4840667&cwnd=363600&unsent_bytes=0&cid=417b8a9fe229e254&ts=395&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Tue, 17 Jan 2023 13:13:17 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 srs_simple_hits_counter_js.js Show response
shells.systems/wp-content/plugins/srs-simple-hits-counter/js/ 313 B
901 B 77ms
74ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/plugins/srs-simple-hits-counter/js/srs_simple_hits_counter_js.js?ver=5.0.2
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f514bb9ec363b7d4bae0f0cac25105bc85cd0af1bf9cc2ea52bfed5090bc415

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"ff9-139-5e1c34717c24b"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Elg6SlNLjm2LctoovvwXdUY7XErhYpsJb9KXInbKQYnwA7ME5mqvg96rGdg3hDZHx4gliK05VNQtrAOnhVXPHD1yhh%2BfvExAGoi0fHQ%2FdDAHtzuHW0cGJkwvpBgyjFwlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b889791c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17337&sent=674&recv=89&lost=0&retrans=0&sent_bytes=761442&recv_bytes=15833&delivery_rate=3620345&cwnd=254100&unsent_bytes=0&cid=417b8a9fe229e254&ts=368&x=1", cfHdrFlush;dur=3
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Sun, 19 Jun 2022 01:55:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 wp-emoji-release.min.js Show response
shells.systems/wp-includes/js/ 12 KB
5 KB 103ms
96ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-includes/js/wp-emoji-release.min.js?ver=5.0.2
Requested by: Host: shells.systems
URL: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"9ed-2efa-577d80c351540"
age: 743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mQP54W6kqw%2FBPax6O1fNdnPhuZuvYjgo04U1zcC0sOyKsJ5mr%2FETMa7ku9ze1Hrp2RTV0M3qwfL1ESwMG1CpyXfm%2BoZIXng4Bpukt0Nd3pggXCwTraFtGU1EMgvfdN7vkg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b8a9ad1c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26276&sent=961&recv=105&lost=0&retrans=0&sent_bytes=1101967&recv_bytes=17885&delivery_rate=4840667&cwnd=363600&unsent_bytes=0&cid=417b8a9fe229e254&ts=396&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/javascript
last-modified: Wed, 10 Oct 2018 04:11:25 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 80ms
39ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 179094
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 19 Nov 2025 12:25:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 12:25:05 GMT
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7748
x-xss-protection: 0
server: sffe

GET
H3 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 69ms
30ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 204228
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 19 Nov 2025 05:26:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 19 Nov 2024 05:26:11 GMT
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7816
x-xss-protection: 0
server: sffe

GET
H3 200 fontawesome-webfont.woff2
shells.systems/wp-content/themes/thesimplest/assets/fonts/ 75 KB
76 KB 43ms
33ms Font
application/octet-stream 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/wp-content/themes/thesimplest/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: shells.systems
URL: https://shells.systems/wp-content/themes/thesimplest/assets/css/font-awesome.min.css?ver=4.7.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://shells.systems/wp-content/themes/thesimplest/assets/css/font-awesome.min.css?ver=4.7.0

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"da6-12d68-57dcbcca5cba0"
age: 650
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GArwX3JO2aITs%2BWyjzBz6zVQup%2FEuI7ISX%2FJZ04%2B7QOonV%2FeYWSyiGoX%2FGQX0AkWjZFbPBzlN2pp0dT74c6%2FB%2BBl6%2BxMQydB4gaMgxjFSw8WkZZqRrdacCHO2VxXRzBYcg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e6142b8c9d41c7a-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21912&sent=1110&recv=110&lost=0&retrans=0&sent_bytes=1276790&recv_bytes=18116&delivery_rate=12910995&cwnd=488400&unsent_bytes=0&cid=417b8a9fe229e254&ts=409&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/plain; charset=UTF-8
last-modified: Mon, 24 Dec 2018 22:05:48 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 78ms
40ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 241986
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 18:56:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 18:56:53 GMT
last-modified: Fri, 22 Mar 2024 00:00:57 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7824
x-xss-protection: 0
server: sffe

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 64ms
27ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 225177
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 23:37:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 23:37:02 GMT
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

GET
H3 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 66ms
28ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 80009
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:56:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:56:30 GMT
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8000
x-xss-protection: 0
server: sffe

GET
H3 200 EJRVQgYoZZY2vCFuvAFWzr8.woff2
fonts.gstatic.com/s/ptserif/v18/ 32 KB
32 KB 106ms
68ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFWzr8.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 245605
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 17:56:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 17:56:34 GMT
last-modified: Tue, 02 May 2023 15:52:25 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33116
x-xss-protection: 0
server: sffe

GET
H3 200 EJRTQgYoZZY2vCFuvAFT_r21cg.woff2
fonts.gstatic.com/s/ptserif/v18/ 34 KB
34 KB 99ms
61ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRTQgYoZZY2vCFuvAFT_r21cg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

cb373bde18855c82a0ebf2946ea661ebd0be58a7fbabdf20f7744ecd9c0a9cfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 105566
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 08:50:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 08:50:33 GMT
last-modified: Tue, 02 May 2023 15:54:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34896
x-xss-protection: 0
server: sffe

GET
H3 200 EJRQQgYoZZY2vCFuvAFT9gaQZynfoA.woff2
fonts.gstatic.com/s/ptserif/v18/ 28 KB
28 KB 84ms
47ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRQQgYoZZY2vCFuvAFT9gaQZynfoA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

3cb3cfab3c562cbbb5a53accf433f65ed1cd0403ea3bdd6ceeb73bf87f23521c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 230089
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 18 Nov 2025 22:15:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 22:15:10 GMT
last-modified: Tue, 02 May 2023 15:35:09 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28516
x-xss-protection: 0
server: sffe

GET
H3 200 EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
fonts.gstatic.com/s/ptserif/v18/ 29 KB
29 KB 90ms
53ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

bf23a7a4eebedbb87d4084a69496b29815914a18e339a00f5dc73a03c9c9328f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shells.systems
Referer: https://fonts.googleapis.com/

Response headers

age: 81160
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:37:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:37:19 GMT
last-modified: Tue, 02 May 2023 15:28:35 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29588
x-xss-protection: 0
server: sffe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
94 KB 47ms
44ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F1S2RKZLFM&l=dataLayer&cx=c&gtm=457e4bk0za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38782884-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3dda14823a205e1f2c647aae118118b93589e49279774211d93244cfbf6c1ba9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 14:09:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96504
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 84ms
22ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38782884-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/

Response headers

content-encoding: gzip
age: 2393
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 15:30:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 13:30:06 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

POST
H3 200 admin-ajax.php Show response
shells.systems/wp-admin/ 1 B
812 B 90ms
88ms XHR
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shells.systems/wp-admin/admin-ajax.php?post_id=2486

Requested by

Host: shells.systems
URL: https://shells.systems/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.0.32

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-robots-tag: noindex
content-encoding: zstd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KheKX37NTEDRpi6d4QcAwSMeMEhqA%2BIYi0tDsH%2BXddZB3Cvg05t4%2BwjcG9LvNtvUZNd7ycwa2%2FJRkG7XyddIWNVJMzWo4g7fJ3q2gg%2BCOKmX2M2b0E3uli6JygScet43Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17324&sent=1179&recv=125&lost=0&retrans=0&sent_bytes=1356482&recv_bytes=19213&delivery_rate=17738974&cwnd=488400&unsent_bytes=0&cid=417b8a9fe229e254&ts=509&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, must-revalidate, max-age=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e6142b91a1b1c7a-AMS
access-control-allow-origin: https://shells.systems
x-powered-by: PHP/7.0.32
server: cloudflare

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 53ms
19ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-F1S2RKZLFM&gtm=45je4bk0v9112320269za200&_p=1732198198955&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=60133422.1732198199&ul=nl-nl&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1732198199&sct=1&seg=0&dl=https%3A%2F%2Fshells.systems%2Fextracting-plaintext-credentials-from-palo-alto-global-protect%2F&dt=Extracting%20Plaintext%20Credentials%20from%20Palo%20Alto%20Global%20Protect%20-%20Shells.Systems&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=565
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F1S2RKZLFM&l=dataLayer&cx=c&gtm=457e4bk0za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://shells.systems
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
418 B 29ms
28ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=806934037&t=pageview&_s=1&dl=https%3A%2F%2Fshells.systems%2Fextracting-plaintext-credentials-from-palo-alto-global-protect%2F&ul=nl-nl&de=UTF-8&dt=Extracting%20Plaintext%20Credentials%20from%20Palo%20Alto%20Global%20Protect%20-%20Shells.Systems&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1573430441&gjid=1514253678&cid=60133422.1732198199&tid=UA-38782884-3&_gid=997587413.1732198199&_r=1&gtm=457e4bk0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&jsscut=1&npa=1&z=1867155722

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://shells.systems/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 14:09:59 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://shells.systems
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H3 200 favicon.ico
shells.systems/ 0
644 B 34ms
34ms Other
image/vnd.microsoft.icon 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.systems/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.0.32
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shells.systems/extracting-plaintext-credentials-from-palo-alto-global-protect/

Response headers

cf-cache-status: HIT
age: 644
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXwBoHFm29ESHg7vt5wcuxmzvZ1NGWbSPQW%2F2k3Vzmmcnti0ug3cVhvw3I7EmAkwdLT95DMJPtYFvD85mQZzCjFiroHXvZA%2BcTlRsCkSA%2BFsRfBWOShnrtnOZle1Oj1Cqg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=17053&sent=1181&recv=127&lost=0&retrans=0&sent_bytes=1357343&recv_bytes=19773&delivery_rate=9163&cwnd=488400&unsent_bytes=0&cid=417b8a9fe229e254&ts=585&x=1", cfHdrFlush;dur=0
date: Thu, 21 Nov 2024 14:09:59 GMT
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 12:48:48 GMT
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e6142b9db3d1c7a-AMS
accept-ranges: bytes
content-length: 0
x-powered-by: PHP/7.0.32
server: cloudflare

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.shells.systems/	1969-12-31 23:59:59	Name: srs_unique_visitor Value: 1
.shells.systems/	1970-01-21 10:45:58	Name: _ga_F1S2RKZLFM Value: GS1.1.1732198199.1.0.1732198199.0.0.0
.shells.systems/	1970-01-21 10:45:58	Name: _ga Value: GA1.2.60133422.1732198199
.shells.systems/	1970-01-21 01:11:24	Name: _gid Value: GA1.2.997587413.1732198199
.shells.systems/	1970-01-21 01:09:58	Name: _gat_gtag_UA_38782884_3 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
shells.systems
www.google-analytics.com
www.googletagmanager.com
172.217.18.3
188.114.96.3
2001:4860:4802:32::36
2a00:1450:4001:806::200a
2a00:1450:4001:812::200e
2a00:1450:4001:81c::2008
0e73b6b648c5083d05a0fb212f636878a447987e1dc5c575dbba15c57d324fcc
1a0373aaefc3bca7ad940f2deb487b2e8fa7698d600b789c3a6386b3dc52dc73
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
1f592c1248f3224a2adddaa84e9ec8c8e7ed7a7bcf0913e658534eeb1dd5fe00
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
2369253eaeda3714e2c072c88e885fd98c306ba91969426d5e16097c7203a2c4
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3cb3cfab3c562cbbb5a53accf433f65ed1cd0403ea3bdd6ceeb73bf87f23521c
3dda14823a205e1f2c647aae118118b93589e49279774211d93244cfbf6c1ba9
3ef0275dc708eca9fabf540df8c4a1098e6e32709fcf22c2eb1965a96908615b
40ad885140b3795af5b48cf0dc90fbefe173af6134cce9cc4036a404194c8c9e
4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4d63d26b0572a6eb07e36aab40c7ab9713eac017a67b3d22e76c4cc760699498
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527
57a96eb1ccacae26e452d6e147fb29ca8ca20ce183970a3a4fb5febf8662fcc7
5f514bb9ec363b7d4bae0f0cac25105bc85cd0af1bf9cc2ea52bfed5090bc415
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
608c34a8a593eb8567534306f313bece8e821a39c98b48347b6eefd94c46d54d
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bfbf312334ef0de52fd3b309c112d7a681df41430e6b9cd0362bb82d02e9c6d
6d3b0ec121a3b624c37dd1d740817c7b37af528518397154e99bad261f19a15a
6fd23405a26cdb82b9043dacdb60714cb76812846fa3b546071fec3bf2f0b18a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8ca8a4feeb61ae9e7c5b6dc7a7918cf9c214c601be52f73231bb20cec8861c00
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
95cb6380cda6a2e745528816b3e8219cb2ba62611a0beb9fa765a8c787cbc296
9899e531840ff63de25c165502e93d34368f0dc92a3e320bf4c3a8a2d7e028b5
9dd3128f9e3b204b45d4c9978a9690da877e5ed01f459e21724bc119bfab8675
bf23a7a4eebedbb87d4084a69496b29815914a18e339a00f5dc73a03c9c9328f
ca1dfcad1108ff8b71f22a462bf8348b6ff1335c1e0bb8de940ec067a2364bc5
cb373bde18855c82a0ebf2946ea661ebd0be58a7fbabdf20f7744ecd9c0a9cfd
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0099dffaf72267406eb1d9ce4262bbe16a536755ea7444ba3f05d85ebe35952
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

shells.systems Open in urlscan Pro 188.114.96.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

6 IPs

3 Countries

1651 kBTransfer

2381 kBSize

5 Cookies

3 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

shells.systems Open in urlscan Pro
188.114.96.3 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1651 kB
Transfer

2381 kB
Size

5
Cookies

45 HTTP transactions
0 data transactions