blog.erratasec.com Open in urlscan Pro
2a00:1450:4001:813::2013 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/Q1vfqkUzEc?amp=1
Effective URL:
https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html
Submission: On August 21 via manual (August 21st 2021, 7:59:50 pm UTC) from TR

Summary HTTP 56 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 14 domains to perform 56 HTTP transactions. The main IP is 2a00:1450:4001:813::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is blog.erratasec.com.
TLS certificate: Issued by GTS CA 1D4 on July 30th 2021. Valid for: 3 months.

This is the only time blog.erratasec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:4001:813::2013	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:830::2009	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
4	184.30.24.121 184.30.24.121	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	23.218.209.154 23.218.209.154	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
56	16

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

blog.erratasec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:830::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.blogger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
draft.blogger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
resources.blogblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.blogblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.209.154 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-154.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	blogspot.com 1.bp.blogspot.com 2.bp.blogspot.com 3.bp.blogspot.com 4.bp.blogspot.com	347 KB
8	blogger.com www.blogger.com draft.blogger.com	597 KB
7	blogblog.com resources.blogblog.com www.blogblog.com	2 KB
6	twitter.com platform.twitter.com syndication.twitter.com	148 KB
6	google.com apis.google.com	160 KB
3	addthis.com s7.addthis.com api-public.addthis.com	123 KB
2	facebook.net connect.facebook.net	70 KB
2	erratasec.com blog.erratasec.com	25 KB
1	facebook.com www.facebook.com	1 KB
1	gstatic.com www.gstatic.com	28 KB
1	addthisedge.com v1.addthisedge.com	207 B
1	moatads.com z.moatads.com	1 KB
1	googlesyndication.com pagead2.googlesyndication.com	595 B
1	t.co t.co	536 B
56	14

	Domain	Requested by
10	1.bp.blogspot.com	blog.erratasec.com
6	resources.blogblog.com	blog.erratasec.com draft.blogger.com
6	apis.google.com	blog.erratasec.com apis.google.com draft.blogger.com
5	www.blogger.com	blog.erratasec.com www.blogger.com
4	platform.twitter.com	s7.addthis.com platform.twitter.com
4	2.bp.blogspot.com	blog.erratasec.com
3	draft.blogger.com	blog.erratasec.com apis.google.com
2	syndication.twitter.com	platform.twitter.com blog.erratasec.com
2	connect.facebook.net	s7.addthis.com connect.facebook.net
2	s7.addthis.com	blog.erratasec.com s7.addthis.com
2	blog.erratasec.com	t.co blog.erratasec.com
1	www.facebook.com	connect.facebook.net
1	api-public.addthis.com	s7.addthis.com
1	www.gstatic.com	apis.google.com
1	v1.addthisedge.com	s7.addthis.com
1	4.bp.blogspot.com	blog.erratasec.com
1	z.moatads.com	s7.addthis.com
1	www.blogblog.com	blog.erratasec.com
1	pagead2.googlesyndication.com	blog.erratasec.com
1	3.bp.blogspot.com	blog.erratasec.com
1	t.co
56	21

This site contains links to these domains. Also see Links.

Domain
www.documentcloud.org
1.bp.blogspot.com
mmg-fna.whatsapp.net
www.google.com
www.iphonebackupextractor.com
sqlitebrowser.org
github.com
blog.filippo.io
en.wikipedia.org
tools.ietf.org
draft.blogger.com
pemapk.info
twitter.com
www.blogger.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
blog.erratasec.com GTS CA 1D4	`2021-07-30` - `2021-10-28`	3 months	crt.sh
*.blogger.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html
Frame ID: 9E7DB5D64276C1F0F57BBE941D2448E6
Requests: 49 HTTP requests in this frame

Frame: https://draft.blogger.com/navbar.g?targetBlogID=37798047&blogName=Errata+Security&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://blog.erratasec.com/search&blogLocale=en&v=2&homepageUrl=https://blog.erratasec.com/&targetPostID=3969761360561006160&blogPostOrPageUrl=https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html&vt=-7159743480124387686&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.4sn9RO63fqo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag%2Fm%3D__features__
Frame ID: FBA767FC19877775D6DF694B3C325453
Requests: 5 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fblog.erratasec.com
Frame ID: 1A0BE924C53EB32F298F4D8FDF1FC399
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html
Frame ID: 2C7797D7AC562FA26AF05E410CAEC3F0
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15199db33f463%26domain%3Dblog.erratasec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.erratasec.com%252Ff26805d496ed1dc%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fblog.erratasec.com%2F2020%2F01%2Fhow-to-decrypt-whatsapp-end-to-end.html&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: 2D4DB4C1BE8AE5CF98512E0444BD7F49
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Errata Security: How to decrypt WhatsApp end-to-end media files

Page URL History Show full URLs

https://t.co/Q1vfqkUzEc?amp=1 Page URL
https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html Page URL

Detected technologies

Blogger (Blogs) Expand

Overall confidence: 100%
Detected patterns

meta generator /^Blogger$/i

Python (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /^Blogger$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

56
Requests

100 %
HTTPS

73 %
IPv6

14
Domains

21
Subdomains

16
IPs

2
Countries

1504 kB
Transfer

2658 kB
Size

3
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://www.documentcloud.org/documents/6668313-FTI-Report-into-Jeff-Bezos-Phone-Hack.html
Title: FTI report

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-lycQDNiJRa4/Xi9Nkx033II/AAAAAAAAGGY/s7kc9-ttV9URJ0221KJ26PFMEYfszqAsQCLcBGAsYHQ/s1600/hack-video-message.png

Search URL Search Domain Scan URL

URL: https://mmg-fna.whatsapp.net/d/f/AsnGB7gNh6Yw52MScbJyTRMo3NCmzMpesUIYyFmEZ0lR.enc
Title: https://mmg-fna.whatsapp.net/d/f/AsnGB7gNh6Yw52MScbJyTRMo3NCmzMpesUIYyFmEZ0lR.enc

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-4DYX6bGh0ao/Xi9RxkqiTMI/AAAAAAAAGGk/REU6NZDDLVsWBOpBIrG5r0CEi0H9fXonQCLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-23%2Bat%2B4.39.39%2BPM.png

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-_vPwvAQVrIA/Xi9UOWFLjKI/AAAAAAAAGGw/6QhxJGNTULcjhCBawUEP8zs9nSA9NuBSACLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-27%2Bat%2B4.19.16%2BPM.png

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-wlwGO1iI4Wk/Xi9W2jks6PI/AAAAAAAAGG8/QNgoS8fVzO8kaq8Ux_1ajcIB8R6kwJlmgCLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-27%2Bat%2B4.28.44%2BPM.png

Search URL Search Domain Scan URL

URL: https://www.google.com/search?q=7c7fba66680ef796b916b067077cc246adacf01d
Title: 7c7fba66680ef796b916b067077cc246adacf01d

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-R-C6--sCVbI/Xi9aRg0ilkI/AAAAAAAAGHU/0hKT4avt5b8C8pwibdvaHbnPJHhlS-NUwCLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-27%2Bat%2B4.46.23%2BPM.png

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-xQ5V30s5QIg/Xi9YvPxvIWI/AAAAAAAAGHI/P9kbxvbJ9S8PXVnv_ZPLqJxIJ-O-FC_UQCLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-27%2Bat%2B4.38.53%2BPM.png

Search URL Search Domain Scan URL

URL: https://www.iphonebackupextractor.com/
Title: iPhone Backup Extractor

Search URL Search Domain Scan URL

URL: https://sqlitebrowser.org/
Title: sqlitebrowser

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-_bMlhtWtR3o/Xi_f8P79BdI/AAAAAAAAGIE/o41u0U0ajEEWbhyZjqI_8i8cvNf6oe7jACLcBGAsYHQ/s1600/7c-pic.png

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-oGv1MWP7qJ8/Xi_g1HUeRtI/AAAAAAAAGIQ/4UVcwVBuZNoTh8gXtsEBOwleqFemnrJQgCLcBGAsYHQ/s1600/7c-blob.png

Search URL Search Domain Scan URL

URL: https://github.com/robertdavidgraham/ecb-penguin
Title: 1

Search URL Search Domain Scan URL

URL: https://blog.filippo.io/the-ecb-penguin/
Title: 2

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Title: 3

Search URL Search Domain Scan URL

URL: https://github.com/robertdavidgraham/whats-enc/blob/master/backend/whats-enc.py
Title: https://github.com/robertdavidgraham/whats-enc/blob/master/backend/whats-enc.py

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc5869
Title: HMAC Key Derivation Function

Search URL Search Domain Scan URL

URL: https://1.bp.blogspot.com/-ybw5bw2RcdA/Xi9qklPwgaI/AAAAAAAAGH4/MgM97IUBT3wUfPEqH3KP3I5fe8fcYyKyQCLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-27%2Bat%2B5.55.57%2BPM.png

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/profile/09879238874208877740
Title: Robert Graham

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/email-post.g?blogID=37798047&postID=3969761360561006160
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/post-edit.g?blogID=37798047&postID=3969761360561006160&from=pencil
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/profile/14257138400092229495
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=5994020669382732549
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/profile/06742760452319979615
Title: <img src="//4.bp.blogspot.com/_Twv-pozU1xs/SapAsf3GFhI/AAAAAAAAAZM/Wn5yfMuMSn8/S45-s35/Zibri.jpg" width="35" height="35" class="photo" alt="">

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=5189288359184285808
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=6748411731682301357
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/profile/04608399533161957790
Title: <img src="//2.bp.blogspot.com/_yU_Us75lXjo/SorMYB9BleI/AAAAAAAAACc/n9aMa8GGZIQ/S45-s35/Cupcake_kid.png" width="35" height="35" class="photo" alt="">

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=7427255901742173333
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/profile/12435543210768517499
Title:

Search URL Search Domain Scan URL

URL: https://pemapk.info/messenger-for-whatsapp/
Title: messaging for the WhatsApp

Search URL Search Domain Scan URL

URL: https://pemapk.info/whatsapp-app/
Title: Whatsapp

Search URL Search Domain Scan URL

URL: https://pemapk.info/
Title: Whatsapp web app download

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=9022286469475130205
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/profile/04448582896725355815
Title: <img src="//2.bp.blogspot.com/-gyK_vYxjWwo/YKJqYl7LleI/AAAAAAAABJw/N-doP0C_-XoyOzEiWl4OUTPDoPOqJIYGACK4BGAYYCw/s35/WhatsApp%25252BImage%25252B2021-05-17%25252Bat%25252B3.04.19%25252BAM.jpeg" width="35" height="35" class="photo" alt="">

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=566188494129660254
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/delete-comment.g?blogID=37798047&postID=7922717214123270612
Title:

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/comment.g?blogID=37798047&postID=3969761360561006160
Title: Post a Comment

Search URL Search Domain Scan URL

URL: http://twitter.com/erratarob
Title: Robert Graham (@ErrataRob)

Search URL Search Domain Scan URL

URL: https://twitter.com/dave_maynor
Title: David Maynor (@Dave_Maynor)

Search URL Search Domain Scan URL

URL: https://draft.blogger.com/
Title: Blogger

Search URL Search Domain Scan URL

URL: https://www.blogger.com/go/blogspot-cookies
Title: Weitere Informationen

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/Q1vfqkUzEc?amp=1 Page URL
https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Q1vfqkUzEc Show response
t.co/ 379 B
536 B 170ms
130ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/Q1vfqkUzEc?amp=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c083f66f0361f68bc111581eb1d8b85e6918d35d24454d2a7c52593d4421ed72

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /Q1vfqkUzEc?amp=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:31 GMT
vary: Origin
server: tsa_o
expires: Sat, 21 Aug 2021 20:04:32 GMT
set-cookie: muc=f5e78931-4cca-40c8-b3dd-bb6d833ab249; Max-Age=63072000; Expires=Mon, 21 Aug 2023 19:59:32 GMT; Domain=t.co; Secure; SameSite=None
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 220
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-connection-hash: 3e9f7b0845397265d5c70fb621a7fe19c96ba0922663cf21f6a959b484870fd3

GET
H2 200 Primary Request how-to-decrypt-whatsapp-end-to-end.html Show response
blog.erratasec.com/2020/01/ 94 KB
23 KB 155ms
110ms Document
text/html 2a00:1450:4001:813::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Requested by

Host: t.co
URL: https://t.co/Q1vfqkUzEc?amp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

733ba8a48338ce42fe10ae5b34fed372e0c1a758b37ff7c4c3012ee39a634a68

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.erratasec.com
:scheme: https
:path: /2020/01/how-to-decrypt-whatsapp-end-to-end.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://t.co/

Response headers

content-security-policy: upgrade-insecure-requests
content-security-policy-report-only: default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport
content-type: text/html; charset=UTF-8
expires: Sat, 21 Aug 2021 19:59:32 GMT
date: Sat, 21 Aug 2021 19:59:32 GMT
cache-control: private, max-age=0
last-modified: Thu, 19 Aug 2021 20:43:22 GMT
etag: W/"e16679fd7cab34332d61d1b74cca18a0f3e14804382a0abf49c8f8a9309ee53a"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22776
server: GSE

GET
H2 200 3822632116-css_bundle_v2.css
www.blogger.com/static/v1/widgets/ 36 KB
37 KB 27ms
7ms Stylesheet
text/css 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

224d95cce08108610c46ef4134793dbdd619e43e90e9d9cf42716a08f45222f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 09:07:05 GMT
x-content-type-options: nosniff
last-modified: Fri, 20 Aug 2021 19:55:25 GMT
server: sffe
age: 39147
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36990
x-xss-protection: 0
expires: Sun, 21 Aug 2022 09:07:05 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 54 KB
22 KB 46ms
27ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f6390c8d956a7f64e65782ade728dd1c30881b91d6c155e8b00930277fd74bef

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NXEk/F0bhd3K36fyW9NjDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "d686fddac5457bf0de3b958d49856ad1"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-NXEk/F0bhd3K36fyW9NjDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Sat, 21 Aug 2021 19:59:32 GMT

GET
H2 200 hack-video-message.png
1.bp.blogspot.com/-lycQDNiJRa4/Xi9Nkx033II/AAAAAAAAGGY/s7kc9-ttV9URJ0221KJ26PFMEYfszqAsQCLcBGAsYHQ/s320/ 56 KB
56 KB 34ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-lycQDNiJRa4/Xi9Nkx033II/AAAAAAAAGGY/s7kc9-ttV9URJ0221KJ26PFMEYfszqAsQCLcBGAsYHQ/s320/hack-video-message.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

95879db129909d03d53436ba6ff3d0a52e6a947e492a77b374ed25e4bc05a28d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:50:55 GMT
x-content-type-options: nosniff
age: 517
content-disposition: inline;filename="hack-video-message.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57043
x-xss-protection: 0
server: fife
etag: "v1867"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:57:48 GMT

GET
H2 200 Screen%2BShot%2B2020-01-23%2Bat%2B4.39.39%2BPM.png
1.bp.blogspot.com/-4DYX6bGh0ao/Xi9RxkqiTMI/AAAAAAAAGGk/REU6NZDDLVsWBOpBIrG5r0CEi0H9fXonQCLcBGAsYHQ/s1600/ 77 KB
77 KB 40ms
13ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-4DYX6bGh0ao/Xi9RxkqiTMI/AAAAAAAAGGk/REU6NZDDLVsWBOpBIrG5r0CEi0H9fXonQCLcBGAsYHQ/s1600/Screen%2BShot%2B2020-01-23%2Bat%2B4.39.39%2BPM.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fe6f03d1553e38dca44df8a82dc6a53cf06079c7f4703f426b6b647cbbdabe02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:50:58 GMT
x-content-type-options: nosniff
age: 514
content-disposition: inline;filename="Screen Shot 2020-01-23 at 4.39.39 PM.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78430
x-xss-protection: 0
server: fife
etag: "v186a"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:57:47 GMT

GET
H2 200 Screen%2BShot%2B2020-01-27%2Bat%2B4.19.16%2BPM.png
1.bp.blogspot.com/-_vPwvAQVrIA/Xi9UOWFLjKI/AAAAAAAAGGw/6QhxJGNTULcjhCBawUEP8zs9nSA9NuBSACLcBGAsYHQ/s320/ 22 KB
22 KB 52ms
26ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-_vPwvAQVrIA/Xi9UOWFLjKI/AAAAAAAAGGw/6QhxJGNTULcjhCBawUEP8zs9nSA9NuBSACLcBGAsYHQ/s320/Screen%2BShot%2B2020-01-27%2Bat%2B4.19.16%2BPM.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c1453e7cbb683d93dcf4906a7d99f2875ea12fc5bfb0e8746fcedc60dca7086b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Screen Shot 2020-01-27 at 4.19.16 PM.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22848
x-xss-protection: 0
server: fife
etag: "v186d"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:57:53 GMT

GET
H2 200 Screen%2BShot%2B2020-01-27%2Bat%2B4.28.44%2BPM.png
1.bp.blogspot.com/-wlwGO1iI4Wk/Xi9W2jks6PI/AAAAAAAAGG8/QNgoS8fVzO8kaq8Ux_1ajcIB8R6kwJlmgCLcBGAsYHQ/s320/ 38 KB
38 KB 53ms
27ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-wlwGO1iI4Wk/Xi9W2jks6PI/AAAAAAAAGG8/QNgoS8fVzO8kaq8Ux_1ajcIB8R6kwJlmgCLcBGAsYHQ/s320/Screen%2BShot%2B2020-01-27%2Bat%2B4.28.44%2BPM.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

caba150f018d2e9c34bc63ecf5639126608f912927fde94968dc5e2f19a70d0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Screen Shot 2020-01-27 at 4.28.44 PM.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39101
x-xss-protection: 0
server: fife
etag: "v1870"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:57:53 GMT

GET
H2 200 Screen%2BShot%2B2020-01-27%2Bat%2B4.46.23%2BPM.png
1.bp.blogspot.com/-R-C6--sCVbI/Xi9aRg0ilkI/AAAAAAAAGHU/0hKT4avt5b8C8pwibdvaHbnPJHhlS-NUwCLcBGAsYHQ/s320/ 12 KB
12 KB 51ms
25ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-R-C6--sCVbI/Xi9aRg0ilkI/AAAAAAAAGHU/0hKT4avt5b8C8pwibdvaHbnPJHhlS-NUwCLcBGAsYHQ/s320/Screen%2BShot%2B2020-01-27%2Bat%2B4.46.23%2BPM.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ccd422f2154432047d1fb2b16575ec6e7bb42387519d67b2c3d13ea8de2a3a4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Screen Shot 2020-01-27 at 4.46.23 PM.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12355
x-xss-protection: 0
server: fife
etag: "v1876"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:57:53 GMT

GET
H2 200 Screen%2BShot%2B2020-01-27%2Bat%2B4.38.53%2BPM.png
1.bp.blogspot.com/-xQ5V30s5QIg/Xi9YvPxvIWI/AAAAAAAAGHI/P9kbxvbJ9S8PXVnv_ZPLqJxIJ-O-FC_UQCLcBGAsYHQ/s320/ 44 KB
44 KB 55ms
29ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-xQ5V30s5QIg/Xi9YvPxvIWI/AAAAAAAAGHI/P9kbxvbJ9S8PXVnv_ZPLqJxIJ-O-FC_UQCLcBGAsYHQ/s320/Screen%2BShot%2B2020-01-27%2Bat%2B4.38.53%2BPM.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ec31b6020b1d027ba51f2af32a0bf12b091f514336fc5a937dbab0ae2c69eb84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Screen Shot 2020-01-27 at 4.38.53 PM.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45073
x-xss-protection: 0
server: fife
etag: "v1873"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:58:02 GMT

GET
H3-29 200 7c-pic.png
1.bp.blogspot.com/-_bMlhtWtR3o/Xi_f8P79BdI/AAAAAAAAGIE/o41u0U0ajEEWbhyZjqI_8i8cvNf6oe7jACLcBGAsYHQ/s320/ 23 KB
23 KB 41ms
25ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-_bMlhtWtR3o/Xi_f8P79BdI/AAAAAAAAGIE/o41u0U0ajEEWbhyZjqI_8i8cvNf6oe7jACLcBGAsYHQ/s320/7c-pic.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c79202b46bff731d1952e8efbe1b6fc523359557b9c46daa0fef52a8b6fc8355

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="7c-pic.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23441
x-xss-protection: 0
server: fife
etag: "v1882"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:58:05 GMT

GET
H3-29 200 7c-blob.png
1.bp.blogspot.com/-oGv1MWP7qJ8/Xi_g1HUeRtI/AAAAAAAAGIQ/4UVcwVBuZNoTh8gXtsEBOwleqFemnrJQgCLcBGAsYHQ/s320/ 28 KB
28 KB 36ms
20ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-oGv1MWP7qJ8/Xi_g1HUeRtI/AAAAAAAAGIQ/4UVcwVBuZNoTh8gXtsEBOwleqFemnrJQgCLcBGAsYHQ/s320/7c-blob.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1c25935d13601c08b7ee1edc8f79f2330ab63b79732107f54453aba73ccf644c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="7c-blob.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28349
x-xss-protection: 0
server: fife
etag: "v1885"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:58:05 GMT

GET
H2 200 authorization.css
draft.blogger.com/dyn-css/ 1 B
688 B 564ms
560ms Stylesheet
text/css 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://draft.blogger.com/dyn-css/authorization.css?targetBlogID=37798047&zx=831f9ef9-8f22-420a-a37b-de837306d512

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' .google.com .google-analytics.com 'unsafe-inline' 'unsafe-eval' .gstatic.com .googlesyndication.com .blogger.com .googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 21 Aug 2021 19:59:33 GMT
server: GSE
date: Sat, 21 Aug 2021 19:59:33 GMT
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/css; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Screen%2BShot%2B2020-01-27%2Bat%2B5.55.57%2BPM.png
1.bp.blogspot.com/-ybw5bw2RcdA/Xi9qklPwgaI/AAAAAAAAGH4/MgM97IUBT3wUfPEqH3KP3I5fe8fcYyKyQCLcBGAsYHQ/s320/ 16 KB
16 KB 35ms
18ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-ybw5bw2RcdA/Xi9qklPwgaI/AAAAAAAAGH4/MgM97IUBT3wUfPEqH3KP3I5fe8fcYyKyQCLcBGAsYHQ/s320/Screen%2BShot%2B2020-01-27%2Bat%2B5.55.57%2BPM.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

af016138580f07176148a1ea5af6d916c6e54d5238d035dae587acf40df2ba59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Screen Shot 2020-01-27 at 5.55.57 PM.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16817
x-xss-protection: 0
server: fife
etag: "v187f"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 20 Aug 2021 19:58:07 GMT

GET
H2 200 icon18_email.gif
resources.blogblog.com/img/ 164 B
301 B 9ms
7ms Image
image/gif 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.blogblog.com/img/icon18_email.gif

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 04:30:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 Aug 2021 02:52:49 GMT
server: sffe
age: 401313
content-type: image/gif
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 164
x-xss-protection: 0
expires: Tue, 24 Aug 2021 04:30:59 GMT

GET
H2 200 icon18_edit_allbkg.gif
resources.blogblog.com/img/ 162 B
343 B 10ms
7ms Image
image/gif 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.blogblog.com/img/icon18_edit_allbkg.gif

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 11:24:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 Aug 2021 02:52:49 GMT
server: sffe
age: 376511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/blogger-tech
content-type: image/gif
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162
x-xss-protection: 0
expires: Tue, 24 Aug 2021 11:24:21 GMT

GET
H3-29 200 blogger_logo_round_35.png
www.blogger.com/img/ 2 KB
2 KB 34ms
20ms Image
image/png 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blogger.com/img/blogger_logo_round_35.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 09:50:43 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Aug 2021 11:54:09 GMT
server: sffe
age: 382129
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2531
x-xss-protection: 0
expires: Tue, 24 Aug 2021 09:50:43 GMT

GET
H2 200 icon_delete13.gif
resources.blogblog.com/img/ 140 B
251 B 10ms
7ms Image
image/gif 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.blogblog.com/img/icon_delete13.gif

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69ff07a31a102649f3e0d08a967c39b134286293b85aac0885b3102a9120f1a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 02:25:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Aug 2021 13:56:43 GMT
server: sffe
age: 236038
content-type: image/gif
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
expires: Thu, 26 Aug 2021 02:25:34 GMT

GET
H3-29 200 blank.gif
resources.blogblog.com/img/ 43 B
63 B 24ms
9ms Image
image/gif 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.blogblog.com/img/blank.gif

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 18:29:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Aug 2021 06:53:47 GMT
server: sffe
age: 437425
content-type: image/gif
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:29:07 GMT

GET
H2 200 Screenshot%2B2017-06-05%2B21.38.05.png
2.bp.blogspot.com/-M5wdjjs4Ttw/WTYIYAMuuFI/AAAAAAAAEoI/FOyktJRGWCsCT1beLGdlkPEkyWLDtCpMwCEw/w72-h72-p-k-no-nu/ 7 KB
7 KB 33ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2.bp.blogspot.com/-M5wdjjs4Ttw/WTYIYAMuuFI/AAAAAAAAEoI/FOyktJRGWCsCT1beLGdlkPEkyWLDtCpMwCEw/w72-h72-p-k-no-nu/Screenshot%2B2017-06-05%2B21.38.05.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a60f4d2c408b2196aa0546fad2891e2822ba2b72c1da4e3aca734035a380bef4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 17:17:11 GMT
x-content-type-options: nosniff
age: 9741
content-disposition: inline;filename="Screenshot 2017-06-05 21.38.05.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7014
x-xss-protection: 0
server: fife
etag: "v1283"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 06 Jul 2021 21:24:01 GMT

GET
H2 200 super-vs.png
2.bp.blogspot.com/-u0pWAsOzcrw/VOX97ThEUwI/AAAAAAAAClk/bUBwM3ukfx0/w72-h72-p-k-no-nu/ 4 KB
4 KB 34ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2.bp.blogspot.com/-u0pWAsOzcrw/VOX97ThEUwI/AAAAAAAAClk/bUBwM3ukfx0/w72-h72-p-k-no-nu/super-vs.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5bbdcb3c178f8a6a92cbac41908c8388d88161ada291edb4a5b8174ee7f92730

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 17:17:11 GMT
x-content-type-options: nosniff
age: 9741
content-disposition: inline;filename="super-vs.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3926
x-xss-protection: 0
server: fife
etag: "va5a"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 07 Jul 2021 05:31:37 GMT

GET
H2 200 Screenshot%2B2014-09-24%2B18.31.52.png
3.bp.blogspot.com/-JSBVXzY2Zck/VCNRdCT7-sI/AAAAAAAACXk/uktQQtthjz0/w72-h72-p-k-no-nu/ 6 KB
7 KB 38ms
17ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3.bp.blogspot.com/-JSBVXzY2Zck/VCNRdCT7-sI/AAAAAAAACXk/uktQQtthjz0/w72-h72-p-k-no-nu/Screenshot%2B2014-09-24%2B18.31.52.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c3d305eedb2ad56288e406360047ee0309f08026a41a0ce365242f0f14c6a9e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Screenshot 2014-09-24 18.31.52.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: fife
etag: "v97a"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 26 Jul 2021 12:56:06 GMT

GET
H3-29 200 gpu-cracking.png
1.bp.blogspot.com/-GfQqMqR-KuY/T8-11ki9tmI/AAAAAAAAAm0/xc_bgnIaU-Y/w72-h72-p-k-no-nu/ 8 KB
8 KB 38ms
22ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-GfQqMqR-KuY/T8-11ki9tmI/AAAAAAAAAm0/xc_bgnIaU-Y/w72-h72-p-k-no-nu/gpu-cracking.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5ef4d06895c88f7c27e53d0b36504cfd8b34be8ade7bedd668bdfc885c8885f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="gpu-cracking.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8032
x-xss-protection: 0
server: fife
etag: "v26d"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 21 Jul 2021 05:46:52 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 69ms
24ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
date: Sat, 21 Aug 2021 19:59:32 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 cookienotice.js Show response
blog.erratasec.com/js/ 6 KB
2 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.erratasec.com/js/cookienotice.js

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /js/cookienotice.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.erratasec.com
referer: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/blogger-tech
last-modified: Sat, 21 Aug 2021 17:53:12 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Sat, 28 Aug 2021 19:59:32 GMT

GET
H3-29 200 296009378-widgets.js Show response
www.blogger.com/static/v1/widgets/ 147 KB
147 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/296009378-widgets.js

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57e3c95ad821e333338d9e6df4c624e2755e367faba918f70e45d5c9eaab757c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 10:11:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 20 Aug 2021 06:54:38 GMT
server: sffe
age: 35310
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 150652
x-xss-protection: 0
expires: Sun, 21 Aug 2022 10:11:02 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/ 149 KB
51 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_0?le=ili,ipu

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1157556a79b9b9ed1f42f16a1b72326d21a57cf5efcef8c4d3b54264d2d4b94c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 11:54:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29097
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52298
x-xss-protection: 0
last-modified: Wed, 07 Jul 2021 13:43:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Aug 2022 11:54:35 GMT

GET
H3-29 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/ 52 KB
17 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_1?le=ili,ipu

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f95f005a92729b9f36baaf6949aa4e7de52171828afdc8b688054c91c922ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 00:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16965
x-xss-protection: 0
last-modified: Wed, 07 Jul 2021 13:43:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Aug 2022 00:10:39 GMT

GET
H2 200 google_top_exp.js Show response
pagead2.googlesyndication.com/pagead/js/ 47 B
595 B 26ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/google_top_exp.js

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 02:12:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64023
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
server: cafe
etag: 13036835877489095579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 02:12:29 GMT

GET
H2 200 tabs_gradient_light.png
www.blogblog.com/1kt/awesomeinc/ 182 B
301 B 11ms
6ms Image
image/png 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blogblog.com/1kt/awesomeinc/tabs_gradient_light.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e516df49b160c3efcb1ea09dd4c5f5b7c99a23a18a2a882acc379179bdbaacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 02:34:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Aug 2021 11:51:39 GMT
server: sffe
age: 235526
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 182
x-xss-protection: 0
expires: Thu, 26 Aug 2021 02:34:06 GMT

GET
H2 200 navbar.g Show response
draft.blogger.com/ Frame FBA7 7 KB
3 KB 519ms
518ms Document
text/html 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://draft.blogger.com/navbar.g?targetBlogID=37798047&blogName=Errata+Security&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://blog.erratasec.com/search&blogLocale=en&v=2&homepageUrl=https://blog.erratasec.com/&targetPostID=3969761360561006160&blogPostOrPageUrl=https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html&vt=-7159743480124387686&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.4sn9RO63fqo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_0?le=ili,ipu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bf0fcc267881f365755bdf06128efad8a27031b981953514abd23695f9b6d99a

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' .google.com .google-analytics.com 'unsafe-inline' 'unsafe-eval' .gstatic.com .googlesyndication.com .blogger.com .googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: draft.blogger.com
:scheme: https
:path: /navbar.g?targetBlogID=37798047&blogName=Errata+Security&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://blog.erratasec.com/search&blogLocale=en&v=2&homepageUrl=https://blog.erratasec.com/&targetPostID=3969761360561006160&blogPostOrPageUrl=https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html&vt=-7159743480124387686&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.4sn9RO63fqo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.erratasec.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.erratasec.com/

Response headers

p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 21 Aug 2021 19:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2643
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 65ms
22ms Script
application/x-javascript 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: B402EDC6F7271ED7
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=44493
accept-ranges: bytes
content-length: 948
x-amz-id-2: 3ZiQcYtRTuh4WJ4BUq+mWoVqgQk4EdHwIkUrSZre2GxPFo/4IUZsv5aBqLknQUvSl0wjR3iM+HQ=

GET
H2 200 Zibri.jpg
4.bp.blogspot.com/_Twv-pozU1xs/SapAsf3GFhI/AAAAAAAAAZM/Wn5yfMuMSn8/S45-s35/ 1 KB
2 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://4.bp.blogspot.com/_Twv-pozU1xs/SapAsf3GFhI/AAAAAAAAAZM/Wn5yfMuMSn8/S45-s35/Zibri.jpg

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0c7ccf06d2d4d60a6e274843f09bf1c28d52cee5e355d726eeacc08e089d7ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:51:30 GMT
x-content-type-options: nosniff
age: 482
content-disposition: inline;filename="Zibri.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1501
x-xss-protection: 0
server: fife
etag: "v193"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 22 Aug 2021 19:51:30 GMT

GET
H3-29 404 Cupcake_kid.png
2.bp.blogspot.com/_yU_Us75lXjo/SorMYB9BleI/AAAAAAAAACc/n9aMa8GGZIQ/S45-s35/ 690 B
708 B 159ms
145ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2.bp.blogspot.com/_yU_Us75lXjo/SorMYB9BleI/AAAAAAAAACc/n9aMa8GGZIQ/S45-s35/Cupcake_kid.png

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

165b6c045f9bbd15dc99de234b12f4c3ee00f66ce88f4866e7d7627c2fdc61a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
x-content-type-options: nosniff
server: fife
content-type: image/png
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 690
x-xss-protection: 0

GET
H3-29 200 WhatsApp%25252BImage%25252B2021-05-17%25252Bat%25252B3.04.19%25252BAM.jpeg
2.bp.blogspot.com/-gyK_vYxjWwo/YKJqYl7LleI/AAAAAAAABJw/N-doP0C_-XoyOzEiWl4OUTPDoPOqJIYGACK4BGAYYCw/s35/ 1 KB
1 KB 21ms
7ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2.bp.blogspot.com/-gyK_vYxjWwo/YKJqYl7LleI/AAAAAAAABJw/N-doP0C_-XoyOzEiWl4OUTPDoPOqJIYGACK4BGAYYCw/s35/WhatsApp%25252BImage%25252B2021-05-17%25252Bat%25252B3.04.19%25252BAM.jpeg

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e4ad2ec611e865df7a3911c2ece15e8377bd6d5aa78a7cd2cb7bdfa483194d08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:03:23 GMT
x-content-type-options: nosniff
age: 3369
content-disposition: inline;filename="WhatsApp%2BImage%2B2021-05-17%2Bat%2B3.04.19%2BAM.jpeg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: fife
etag: "v49f"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 11 Jul 2021 20:25:57 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-519a9f42435967aa/ 27 B
207 B 199ms
198ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-519a9f42435967aa/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-121.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
content-encoding: gzip
content-disposition: attachment; filename=1.txt
cache-control: public, max-age=55, s-maxage=86400
content-length: 47
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8

GET
H3-29 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/ 26 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_2?le=ili,ipu

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19f4591137c134f1b96dd0b2e2574b4c558b7a9c431ee264730b81b60753c814

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 22:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 249798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9064
x-xss-protection: 0
last-modified: Wed, 07 Jul 2021 13:43:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 22:36:14 GMT

GET
H2 200 lazy.min.js Show response
www.gstatic.com/feedback/js/help/prod/service/ 78 KB
28 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_2?le=ili,ipu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f18321d5489b77b1d0b8cb7f667c411a6c6e2965d2eaebd6d5f19b94ad6294c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:23:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2172
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28324
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 19:45:45 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Sat, 21 Aug 2021 20:13:20 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1ee20defc05629052a4dbad29199fc0ce689021b5d3b03fcc775a93a71bf26a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 3/wWpDl22WCuImRy2W+Qrg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: dDxc0vHdQRCVQgg5CLUk63GkEJKIpEf1bp/ufguvnwKr0nNoKBZCh+qdN6gROBBg+g5AfOl0pZBg/9spCsNMjQ==
x-fb-trip-id: 2050670934
x-fb-content-md5: b456b7096bdcc10c188a0919c4db3299
x-frame-options: DENY
date: Sat, 21 Aug 2021 19:59:32 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "bf0772eb0a0765893d4c77648b64e758"
timing-allow-origin: *
expires: Sat, 21 Aug 2021 20:10:04 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 25ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 21 Aug 2021 19:59:32 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Aug 2021 20:34:57 GMT
Server: ECS (frb/67BA)
Age: 790
Etag: "d405b816322f9770c70cbd10cfa87be4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28872

GET
H2 200 counter.d27508c102582d608697.js Show response
s7.addthis.com/static/ 24 KB
8 KB 27ms
27ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/counter.d27508c102582d608697.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5fd2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Sat, 21 Aug 2021 19:59:32 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 8265

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 235 KB
68 KB 13ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=3f7567cdc5928c9906772a8c73b7da7a

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e356e888e5635b7dfbd8542236e640408f88924f049a6b811b322fc9d60bf14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://blog.erratasec.com
Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 3JY3Mw3NHqystCgqyUs22g==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69728
x-fb-rlafr: 0
x-fb-debug: ZxjnJQMOi50qXBLDLDwBuujCHwFgSmEwlCydiUZ/fXa4PvTnj6vaBb4QjPEILLddT5yNinOSVhZ0H2gtDmlBhw==
x-fb-content-md5: 0dec0a2ac92e85bf678b31a9bf36f365
x-frame-options: DENY
date: Sat, 21 Aug 2021 19:59:32 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "34df35c3597c116ba321e52c36c74503"
timing-allow-origin: *
priority: u=3,i
expires: Sun, 21 Aug 2022 18:39:44 GMT

GET
H/1.1 200
OK widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html Show response
platform.twitter.com/widgets/ Frame 1A0B 319 KB
103 KB 7ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fblog.erratasec.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.erratasec.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.erratasec.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 260455
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 21 Aug 2021 19:59:32 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 02 Aug 2021 20:33:53 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6711)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 89 B
364 B 60ms
59ms Script
application/json 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fblog.erratasec.com%2F2020%2F01%2Fhow-to-decrypt-whatsapp-end-to-end.html&callback=_ate.cbs.sc_httpsblogerrataseccom202001howtodecryptwhatsappendtoendhtml0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

286deb2df43ac6be1f5433105a38541f1ecde8a0be772f2879735c293f9d1693

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html
last-modified: Sat, 21 Aug 2021 19:38:14 GMT
server: nginx/1.15.8
date: Sat, 21 Aug 2021 19:59:32 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 101

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1A0B 232 B
431 B 173ms
133ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=27831794175cb974f80911fee50e49641ff2bdae

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fblog.erratasec.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:32 GMT
content-encoding: gzip
last-modified: Sat, 21 Aug 2021 19:59:33 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: d933562c55f221aeb112e22875c9a5304e7f6984d673e74e6ea5bacfc5c6e84c
content-length: 166

GET
DATA 200
OK truncated
/ 171 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 937 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 authorization.css
draft.blogger.com/dyn-css/ 1 B
43 B 565ms
565ms Stylesheet
text/css 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://draft.blogger.com/dyn-css/authorization.css?targetBlogID=37798047&zx=831f9ef9-8f22-420a-a37b-de837306d512

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' .google.com .google-analytics.com 'unsafe-inline' 'unsafe-eval' .gstatic.com .googlesyndication.com .blogger.com .googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 21 Aug 2021 19:59:33 GMT
server: GSE
date: Sat, 21 Aug 2021 19:59:33 GMT
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/css; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK button.5d16ecc02fbaf599a24dfb57ab239320.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5d16ecc02fbaf599a24dfb57ab239320.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 3ee8351e156e2e80d99018a585c18c0dbd9098e3bea84a131d8cbad1ec72c81e

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 21 Aug 2021 19:59:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Aug 2021 20:33:39 GMT
Server: ECS (frb/67BA)
Age: 260459
Etag: "6b95f5a9a2ff4b885e2eafdf446d70d0+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2296

GET
H3-29 200 platform:gapi.iframes.style.common.js Show response
apis.google.com/js/ Frame FBA7 54 KB
21 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform:gapi.iframes.style.common.js

Requested by

Host: draft.blogger.com
URL: https://draft.blogger.com/navbar.g?targetBlogID=37798047&blogName=Errata+Security&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://blog.erratasec.com/search&blogLocale=en&v=2&homepageUrl=https://blog.erratasec.com/&targetPostID=3969761360561006160&blogPostOrPageUrl=https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html&vt=-7159743480124387686&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.4sn9RO63fqo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag%2Fm%3D__features__

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d9d5633180a7f26a2eeb150f9732519860904802b8363c269f862bdd58c2a07f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/zMZ/SYoZCSjKs32uOR5EQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://draft.blogger.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "fdb2c551de92b03dcad2e3dd2540207a"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-/zMZ/SYoZCSjKs32uOR5EQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Sat, 21 Aug 2021 19:59:33 GMT

GET
H/1.1 200
OK tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html Show response
platform.twitter.com/widgets/ Frame 2C77 32 KB
12 KB 7ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 06b34901b9ee1d57c9e0a37a7665c7aa77f6ab8b884cda5e8caad1c3f8b8c639

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.erratasec.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.erratasec.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 260459
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 21 Aug 2021 19:59:33 GMT
Etag: "909c8b457796b3e08dbae7ea22074354+gzip"
Last-Modified: Mon, 02 Aug 2021 20:33:46 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12257

GET
H3-29 200 icons_peach.png
resources.blogblog.com/img/navbar/ Frame FBA7 907 B
929 B 7ms
6ms Image
image/png 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.blogblog.com/img/navbar/icons_peach.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72be8098b87d7e2d7fbc6eb0a3eaebcf1013186d7733cd340549f9e1701a4865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://draft.blogger.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 23:20:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Aug 2021 21:55:49 GMT
server: sffe
age: 419922
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/blogger-tech
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 907
x-xss-protection: 0
expires: Mon, 23 Aug 2021 23:20:51 GMT

GET
H3-29 200 arrows-light.png
resources.blogblog.com/img/navbar/ Frame FBA7 117 B
138 B 7ms
7ms Image
image/png 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.blogblog.com/img/navbar/arrows-light.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb6685107846b4c25384202730b84ec168fecee197e5f9e3fe8ffdd5bed6749d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://draft.blogger.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 01:12:54 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Aug 2021 21:55:49 GMT
server: sffe
age: 413199
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117
x-xss-protection: 0
expires: Tue, 24 Aug 2021 01:12:54 GMT

GET
DATA 200
OK truncated
/ Frame 2C77 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/ Frame FBA7 125 KB
41 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_0?le=ili,ipu

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform:gapi.iframes.style.common.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d0d9d085dd67a5433f67110f9cec09f5a7fbb704aebc6f9b8f26247da253a5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://draft.blogger.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 17:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267485
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41988
x-xss-protection: 0
last-modified: Wed, 07 Jul 2021 13:43:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Aug 2022 17:41:28 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
352 B 127ms
127ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.erratasec.com%2F2020%2F01%2Fhow-to-decrypt-whatsapp-end-to-end.html%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1629575973278%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%221890d59c%3A1627936082797%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: blog.erratasec.com
URL: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 19:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 21 Aug 2021 19:59:33 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d933562c55f221aeb112e22875c9a5304e7f6984d673e74e6ea5bacfc5c6e84c
x-transaction: 1df7da14c37b3d7e
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 4076883957-lightbox_bundle.css
www.blogger.com/static/v1/v-css/ 35 KB
35 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/v-css/4076883957-lightbox_bundle.css

Requested by

Host: www.blogger.com
URL: https://www.blogger.com/static/v1/widgets/296009378-widgets.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b36420078eff98260683e049cf2ecc27adaa071e10ca528fc3dab786592782cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 19 Aug 2021 02:33:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:54:12 GMT
server: sffe
age: 235575
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35768
x-xss-protection: 0
expires: Fri, 19 Aug 2022 02:33:18 GMT

GET
H2 200 like.php Show response
www.facebook.com/v2.6/plugins/ Frame 2D4D 0
1 KB 122ms
109ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15199db33f463%26domain%3Dblog.erratasec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.erratasec.com%252Ff26805d496ed1dc%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fblog.erratasec.com%2F2020%2F01%2Fhow-to-decrypt-whatsapp-end-to-end.html&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=3f7567cdc5928c9906772a8c73b7da7a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15199db33f463%26domain%3Dblog.erratasec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.erratasec.com%252Ff26805d496ed1dc%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fblog.erratasec.com%2F2020%2F01%2Fhow-to-decrypt-whatsapp-end-to-end.html&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.erratasec.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.erratasec.com/

Response headers

content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info *.atdmt.com blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com fbsbx.com *.atdmt.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: iDzqKQUw5GAhKq/sZpe9RglOeTKM14w8E7dcoqtpEocUcwpXadafHKfFlLYCxlf2E2NT/9DdR4/v6mrvagyhNw==
content-length: 0
date: Sat, 21 Aug 2021 19:59:33 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 1787217527-lbx.js Show response
www.blogger.com/static/v1/jsbin/ 372 KB
373 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/jsbin/1787217527-lbx.js

Requested by

Host: www.blogger.com
URL: https://www.blogger.com/static/v1/widgets/296009378-widgets.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

964867a7d8e77f61538789ae5ffd36af190845825f209e81cbc10d1648b97cb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.erratasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 20 Aug 2021 02:05:20 GMT
x-content-type-options: nosniff
last-modified: Fri, 20 Aug 2021 01:00:39 GMT
server: sffe
age: 150853
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 381407
x-xss-protection: 0
expires: Sat, 20 Aug 2022 02:05:20 GMT

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blog.erratasec.com/	1970-01-20 06:09:50	Name: __atssc Value: twitter%3B1
blog.erratasec.com/	1970-01-19 20:39:37	Name: __atuvs Value: 61215b2401e0eebe000
blog.erratasec.com/	1970-01-20 06:09:50	Name: __atuvc Value: 1%7C33

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
2.bp.blogspot.com
3.bp.blogspot.com
4.bp.blogspot.com
api-public.addthis.com
apis.google.com
blog.erratasec.com
connect.facebook.net
draft.blogger.com
pagead2.googlesyndication.com
platform.twitter.com
resources.blogblog.com
s7.addthis.com
syndication.twitter.com
t.co
v1.addthisedge.com
www.blogblog.com
www.blogger.com
www.facebook.com
www.gstatic.com
z.moatads.com
104.244.42.133
104.244.42.200
184.30.24.121
23.218.209.154
2606:2800:234:46c:e8b:1e2f:2bd:694
2a00:1450:4001:808::2001
2a00:1450:4001:809::200e
2a00:1450:4001:810::2002
2a00:1450:4001:813::2013
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2009
2a00:1450:4001:831::2003
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
06b34901b9ee1d57c9e0a37a7665c7aa77f6ab8b884cda5e8caad1c3f8b8c639
0c7ccf06d2d4d60a6e274843f09bf1c28d52cee5e355d726eeacc08e089d7ef1
0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6
0e356e888e5635b7dfbd8542236e640408f88924f049a6b811b322fc9d60bf14
1157556a79b9b9ed1f42f16a1b72326d21a57cf5efcef8c4d3b54264d2d4b94c
1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
165b6c045f9bbd15dc99de234b12f4c3ee00f66ce88f4866e7d7627c2fdc61a7
183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a
19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836
19f4591137c134f1b96dd0b2e2574b4c558b7a9c431ee264730b81b60753c814
1c25935d13601c08b7ee1edc8f79f2330ab63b79732107f54453aba73ccf644c
1ee20defc05629052a4dbad29199fc0ce689021b5d3b03fcc775a93a71bf26a3
224d95cce08108610c46ef4134793dbdd619e43e90e9d9cf42716a08f45222f9
286deb2df43ac6be1f5433105a38541f1ecde8a0be772f2879735c293f9d1693
3ee8351e156e2e80d99018a585c18c0dbd9098e3bea84a131d8cbad1ec72c81e
57e3c95ad821e333338d9e6df4c624e2755e367faba918f70e45d5c9eaab757c
5bbdcb3c178f8a6a92cbac41908c8388d88161ada291edb4a5b8174ee7f92730
5e516df49b160c3efcb1ea09dd4c5f5b7c99a23a18a2a882acc379179bdbaacd
5ef4d06895c88f7c27e53d0b36504cfd8b34be8ade7bedd668bdfc885c8885f4
69ff07a31a102649f3e0d08a967c39b134286293b85aac0885b3102a9120f1a6
6d0d9d085dd67a5433f67110f9cec09f5a7fbb704aebc6f9b8f26247da253a5e
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
72be8098b87d7e2d7fbc6eb0a3eaebcf1013186d7733cd340549f9e1701a4865
733ba8a48338ce42fe10ae5b34fed372e0c1a758b37ff7c4c3012ee39a634a68
7f95f005a92729b9f36baaf6949aa4e7de52171828afdc8b688054c91c922ae2
8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18
95879db129909d03d53436ba6ff3d0a52e6a947e492a77b374ed25e4bc05a28d
964867a7d8e77f61538789ae5ffd36af190845825f209e81cbc10d1648b97cb6
a60f4d2c408b2196aa0546fad2891e2822ba2b72c1da4e3aca734035a380bef4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
af016138580f07176148a1ea5af6d916c6e54d5238d035dae587acf40df2ba59
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b36420078eff98260683e049cf2ecc27adaa071e10ca528fc3dab786592782cc
bb6685107846b4c25384202730b84ec168fecee197e5f9e3fe8ffdd5bed6749d
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf0fcc267881f365755bdf06128efad8a27031b981953514abd23695f9b6d99a
c083f66f0361f68bc111581eb1d8b85e6918d35d24454d2a7c52593d4421ed72
c1453e7cbb683d93dcf4906a7d99f2875ea12fc5bfb0e8746fcedc60dca7086b
c3d305eedb2ad56288e406360047ee0309f08026a41a0ce365242f0f14c6a9e7
c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c79202b46bff731d1952e8efbe1b6fc523359557b9c46daa0fef52a8b6fc8355
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
caba150f018d2e9c34bc63ecf5639126608f912927fde94968dc5e2f19a70d0c
ccd422f2154432047d1fb2b16575ec6e7bb42387519d67b2c3d13ea8de2a3a4e
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2
d9d5633180a7f26a2eeb150f9732519860904802b8363c269f862bdd58c2a07f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ad2ec611e865df7a3911c2ece15e8377bd6d5aa78a7cd2cb7bdfa483194d08
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
ec31b6020b1d027ba51f2af32a0bf12b091f514336fc5a937dbab0ae2c69eb84
f18321d5489b77b1d0b8cb7f667c411a6c6e2965d2eaebd6d5f19b94ad6294c4
f6390c8d956a7f64e65782ade728dd1c30881b91d6c155e8b00930277fd74bef
fe6f03d1553e38dca44df8a82dc6a53cf06079c7f4703f426b6b647cbbdabe02

blog.erratasec.com Open in urlscan Pro 2a00:1450:4001:813::2013 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

56 Requests

100 %HTTPS

73 %IPv6

14 Domains

21 Subdomains

16 IPs

2 Countries

1504 kBTransfer

2658 kBSize

3 Cookies

42 Outgoing links

Page URL History

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.erratasec.com Open in urlscan Pro
2a00:1450:4001:813::2013 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

100 %
HTTPS

73 %
IPv6

14
Domains

21
Subdomains

16
IPs

2
Countries

1504 kB
Transfer

2658 kB
Size

3
Cookies

56 HTTP transactions
3 data transactions