kienmanowar.wordpress.com Open in urlscan Pro
192.0.78.12 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Submission: On April 04 via manual (April 4th 2024, 9:36:05 am UTC) from PL — Scanned from PL

Summary HTTP 86 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 86 HTTP transactions. The main IP is 192.0.78.12, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is kienmanowar.wordpress.com.
TLS certificate: Issued by Sectigo ECC Domain Validation Secure ... on December 5th 2023. Valid for: a year.

This is the only time kienmanowar.wordpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	192.0.78.12 192.0.78.12	2635 (AUTOMATTIC) (AUTOMATTIC)
47	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.79.33 192.0.79.33	2635 (AUTOMATTIC) (AUTOMATTIC)
1	18.245.31.113 18.245.31.113	16509 (AMAZON-02) (AMAZON-02)
5	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
6	192.0.123.248 192.0.123.248	2635 (AUTOMATTIC) (AUTOMATTIC)
5	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	34.249.45.164 34.249.45.164	16509 (AMAZON-02) (AMAZON-02)
1 1	157.240.253.13 157.240.253.13	32934 (FACEBOOK) (FACEBOOK)
1	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
1	192.0.72.22 192.0.72.22	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
86	12

9 192.0.78.12 (San Francisco, United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

kienmanowar.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.79.33 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s-ssl.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.31.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-113.fra56.r.cloudfront.net

img.photobucket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.123.248 (Los Angeles, United States)

ASN2635 (AUTOMATTIC, US)
PTR: polldaddy.com

polldaddy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.45.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-45-164.eu-west-1.compute.amazonaws.com

s.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.253.13 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-fra5.facebook.com

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

platform-lookaside.fbsbx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.72.22 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

thisweekin4n6.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	wp.com s0.wp.com — Cisco Umbrella Rank: 8636 widgets.wp.com — Cisco Umbrella Rank: 11945 stats.wp.com — Cisco Umbrella Rank: 2852 fonts-api.wp.com — Cisco Umbrella Rank: 18062 fonts.wp.com — Cisco Umbrella Rank: 18805 pixel.wp.com — Cisco Umbrella Rank: 2813	840 KB
12	wordpress.com 1 redirects kienmanowar.wordpress.com s-ssl.wordpress.com — Cisco Umbrella Rank: 292908 thisweekin4n6.files.wordpress.com public-api.wordpress.com — Cisco Umbrella Rank: 10178	97 KB
6	polldaddy.com polldaddy.com — Cisco Umbrella Rank: 39979	11 KB
5	gravatar.com 0.gravatar.com — Cisco Umbrella Rank: 9309 1.gravatar.com — Cisco Umbrella Rank: 12204 2.gravatar.com — Cisco Umbrella Rank: 12398	14 KB
1	fbsbx.com platform-lookaside.fbsbx.com — Cisco Umbrella Rank: 4822	7 KB
1	facebook.com 1 redirects graph.facebook.com — Cisco Umbrella Rank: 134	107 B
1	pubmine.com s.pubmine.com — Cisco Umbrella Rank: 16263	212 B
1	photobucket.com img.photobucket.com — Cisco Umbrella Rank: 258170	2 KB
0	tuts4you.com Failed www.tuts4you.com Failed
0	unpack.cn Failed www.unpack.cn Failed
86	10

	Domain	Requested by
38	s0.wp.com	kienmanowar.wordpress.com s0.wp.com
9	kienmanowar.wordpress.com	1 redirects kienmanowar.wordpress.com s0.wp.com
6	fonts.wp.com	fonts-api.wp.com
6	polldaddy.com	kienmanowar.wordpress.com polldaddy.com
4	pixel.wp.com	kienmanowar.wordpress.com
2	1.gravatar.com	kienmanowar.wordpress.com
2	0.gravatar.com	kienmanowar.wordpress.com 0.gravatar.com
2	widgets.wp.com	kienmanowar.wordpress.com
1	public-api.wordpress.com	kienmanowar.wordpress.com
1	fonts-api.wp.com	s0.wp.com
1	thisweekin4n6.files.wordpress.com	kienmanowar.wordpress.com
1	2.gravatar.com	kienmanowar.wordpress.com
1	platform-lookaside.fbsbx.com	kienmanowar.wordpress.com
1	graph.facebook.com	1 redirects
1	s.pubmine.com	kienmanowar.wordpress.com
1	stats.wp.com	kienmanowar.wordpress.com
1	img.photobucket.com	kienmanowar.wordpress.com
1	s-ssl.wordpress.com	kienmanowar.wordpress.com
0	www.tuts4you.com Failed	kienmanowar.wordpress.com
0	www.unpack.cn Failed	kienmanowar.wordpress.com
86	20

This site contains links to these domains. Also see Links.

Domain
reaonline.net
thisweekin4n6.com
s1.wp.com
accessroot.com
rootbiez.blogspot.com
www.reversing.be
www.crackmes.de
forum.exetools.com
ltops9.wordpress.com
l4w.io
bbs.pediy.com
crackertool.tk
www.woodmann.com
www.reteam.org
minhtrietphamtran.wordpress.com
www.tuts4you.com
www.unpack.cn
0xcc.tk
blog.yeuchimse.com
github.com
bazaar.abuse.ch
akismet.com
wordpress.com
wp.me
subscribe.wordpress.com

Subject Issuer	Validity	Valid
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
photobucket.com Amazon RSA 2048 M02	`2023-07-08` - `2024-08-05`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.polldaddy.com Sectigo RSA Domain Validation Secure Server CA	`2023-11-02` - `2024-12-02`	a year	crt.sh
s.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-02` - `2024-10-02`	a year	crt.sh
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Frame ID: A83F06A0F0CB11D22BFA7EE433D6F3F2
Requests: 86 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20240404
Frame ID: 054FEDD03446F1B115884802645F104B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[QuickNote] VidarStealer Analysis | 0day in {REA_TEAM}

Page URL History Show full URLs

https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis HTTP 301
https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Page Statistics

86
Requests

88 %
HTTPS

0 %
IPv6

10
Domains

20
Subdomains

12
IPs

3
Countries

977 kB
Transfer

1954 kB
Size

2
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: http://reaonline.net/

Search URL Search Domain Scan URL

URL: http://thisweekin4n6.com/2024/01/14/week-02-2024/

Search URL Search Domain Scan URL

URL: https://s1.wp.com/i/fonts/recoleta/css/400.min.css

Search URL Search Domain Scan URL

URL: http://accessroot.com/

Search URL Search Domain Scan URL

URL: http://rootbiez.blogspot.com/
Title: Benina Blog

Search URL Search Domain Scan URL

URL: http://www.reversing.be/

Search URL Search Domain Scan URL

URL: http://www.crackmes.de/

Search URL Search Domain Scan URL

URL: http://forum.exetools.com/index.php

Search URL Search Domain Scan URL

URL: http://ltops9.wordpress.com/
Title: Levis's Bl0g

Search URL Search Domain Scan URL

URL: https://l4w.io/
Title: ML(l4w) Blog

Search URL Search Domain Scan URL

URL: http://bbs.pediy.com/

Search URL Search Domain Scan URL

URL: http://crackertool.tk/
Title: Quyle's Bl0g

Search URL Search Domain Scan URL

URL: http://www.woodmann.com/collaborative/tools/index.php/Category:RCE_Tools

Search URL Search Domain Scan URL

URL: http://www.reteam.org/
Title: RE Team

Search URL Search Domain Scan URL

URL: https://minhtrietphamtran.wordpress.com/
Title: TrietPTM's Blog

Search URL Search Domain Scan URL

URL: http://www.tuts4you.com/

Search URL Search Domain Scan URL

URL: http://www.unpack.cn/index.php?styleid=8

Search URL Search Domain Scan URL

URL: http://0xcc.tk/
Title: Vic's Bl0g

Search URL Search Domain Scan URL

URL: http://www.woodmann.com/forum/index.php

Search URL Search Domain Scan URL

URL: https://blog.yeuchimse.com/
Title: Yêu chim sẻ

Search URL Search Domain Scan URL

URL: https://github.com/m4now4r/VidarStealer#sample

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/816c4a2117b90dc75d91056ca32a36ffd32d561aa433ee3f97126ba490e6d60a/
Title: https://bazaar.abuse.ch/sample/816c4a2117b90dc75d91056ca32a36ffd32d561aa433ee3f97126ba490e6d60a/

Search URL Search Domain Scan URL

URL: https://github.com/m4now4r/VidarStealer/tree/main/some%20pseudo-code
Title: https://github.com/m4now4r/VidarStealer/tree/main/some%20pseudo-code

Search URL Search Domain Scan URL

URL: http://thisweekin4n6.com/2022/12/18/week-51-2022/
Title: Week 51 – 2022 – This Week In 4n6

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_website
Title: Create a free website or blog at WordPress.com.

Search URL Search Domain Scan URL

URL: https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fkienmanowar.wordpress.com%2F2022%2F12%2F17%2Fquicknote-vidarstealer-analysis%2F&signup_flow=account
Title: Log in now.

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://wp.me/pjKNz-1FM
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: https://wordpress.com/abuse/?report_url=https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://wordpress.com/read/blogs/4708129/posts/6434
Title: View post in Reader

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis HTTP 301
https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://graph.facebook.com/v6.0/1421319795445563/picture?type=large HTTP 302
https://platform-lookaside.fbsbx.com/platform/profilepic/?asid=1421319795445563&height=200&width=200&ext=1714815358&hash=Afr69p76qOqM0Pb4GLVVCi9Y56rqCA_VdkNoUCV_IH8qCQ

86 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Redirect Chain

https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis
https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

243 KB
52 KB

681ms
680ms

Document
text/html

192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5a13ad07a4ca549fd1f04bc8e8759fd1fabe6d887dee4e4f12624307fc37b23d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: pl-PL,pl;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 04 Apr 2024 09:35:58 GMT
host-header: WordPress.com
link: <https://wp.me/pjKNz-1FM>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 5.ams _dfw MISS
x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
x-pingback: https://kienmanowar.wordpress.com/xmlrpc.php

Redirect headers

alt-svc: h3=":443"; ma=86400
content-type: text/html; charset=UTF-8
date: Thu, 04 Apr 2024 09:35:57 GMT
host-header: WordPress.com
location: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
server: nginx
strict-transport-security: max-age=31536000
vary: accept, content-type, cookie
x-ac: 5.ams _dfw MISS
x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
x-pingback: https://kienmanowar.wordpress.com/xmlrpc.php
x-redirect-by: WordPress

GET
H2 200 /
s0.wp.com/_static/ 13 KB
3 KB 163ms
50ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyFjFsKwjAQAC9k3Poi+CGeJU2W0HaTDdmkxZ6+VkRBQX8GBoaBKSnLsWAs0BJ7laj6LgpMnJ1xAp64NbS1Ihv422a8zejUuP/qQ33VPZZk7PB0CMwrXCUUyEim3A+JpXzYryV1A77HD1vza7jsdHM6HnSjz/0CFVVXhQ==&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 72b82a9b24bd828fc03d63f91072a037882900d221dc1159e109f68840d9b97a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Tue, 16 Jan 2024 20:31:30 GMT
server: nginx
etag: W/"65a6e7a2-32d7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 15 Jan 2025 21:01:37 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/plugins/gutenberg-core/v18.0.0/build/block-library/ 110 KB
15 KB 164ms
51ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.0.0/build/block-library/style.css?m=1711565231i&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4417b5543eda6c561ebe23f9a4f7521003bdbf58743b5ce4d201848636414fb5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 2
server: nginx
etag: W/113145-1711565247264.7336
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 28 Mar 2025 18:16:09 GMT

GET
H3 200 webfont.js Show response
s0.wp.com/wp-content/plugins/custom-fonts/js/ 12 KB
5 KB 173ms
61ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 1
server: nginx
etag: W/12493-1684465162909.724
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:23:52 GMT

GET
H2 200 /
s0.wp.com/_static/ 15 KB
4 KB 151ms
52ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpoZmFkYGRuZGmQBAHPvL0Y=&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 19 May 2023 02:58:18 GMT
server: nginx
etag: W/"6466e5ca-3ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 14 Mar 2025 19:36:47 GMT

GET
H2 200 /
s0.wp.com/_static/ 144 KB
14 KB 150ms
51ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVjEEOwiAQAD/ksgGN4sH4Fko3hJYCYZea/r49mF6Nx0lmBj8VfMlCWbCmHmJmDP3AgVqAIRU/M04k1fkZkttKFwgtjsiyJVKe+YL/LJqTmAP/yH35ZkZpqzRwXGoiaLSqG46R5TTgHL2Xl75bba/GPB/TDthVT3U=&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 96fac161fd617b6d46287d9c912fc18ea72b3ab9807eafb076e04c81a8082a6f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 19 May 2023 02:59:19 GMT
server: nginx
etag: W/"6466e607-24112"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 16:48:59 GMT

GET
H2 200 /
s0.wp.com/_static/ 369 B
677 B 150ms
51ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 19 May 2023 01:49:07 GMT
server: nginx
etag: "6466d593-171"
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 369
expires: Sat, 09 Nov 2024 15:07:57 GMT

GET
H2 200 verbum-comments.css
s0.wp.com/wp-content/mu-plugins/jetpack-mu-wpcom-plugin/moon/vendor/automattic/jetpack-mu-wpcom/src/build/verbum-comments/ 26 KB
4 KB 149ms
51ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/jetpack-mu-wpcom-plugin/moon/vendor/automattic/jetpack-mu-wpcom/src/build/verbum-comments/verbum-comments.css?m=1709200696i&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cc60c52bbe83d00c65324f12508f785a48c4f0ea0855ae6891143554bb865ee5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 2
server: nginx
etag: W/26603-1709200706420.6235
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 28 Feb 2025 10:21:59 GMT

GET
H2 200 block-editor.css
widgets.wp.com/verbum-block-editor/ 328 KB
38 KB 176ms
59ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/verbum-block-editor/block-editor.css?ver=1705430309
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: ef06ea2f8c619ca5e16fb552f0a7beba09b89dfdb671b2c5f16b4347af8a658c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 2
server: nginx
etag: W/335533-1705430320242.3374
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 15 Jan 2025 18:51:15 GMT

GET
H2 200 /
s0.wp.com/_static/ 22 KB
6 KB 150ms
52ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 37da243283039c86d591d66a559f5c9501314a038b1837caac820cf5155d8930

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 26 May 2023 20:11:51 GMT
server: nginx
etag: W/"64711287-596d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Nov 2024 20:11:18 GMT

GET
H2 200 global-print.css
s0.wp.com/wp-content/mu-plugins/global-print/ 5 KB
2 KB 59ms
57ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035i&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: miss
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 2
server: nginx
etag: W/8044-1684460925815.6394
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:43 GMT

GET
H2 200 /
s0.wp.com/_static/ 31 KB
12 KB 150ms
52ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNjcEKwjAQRH/IuA1aehI/ReImJKmb3eAmFP9eW3oRL16GeTC8gaUaFG6BG5RuKvWYWWEOrTp87AxFZA3fKShocs/gnfevrWaOR1Q9wP+mW2YEFcyODEkU/YIfW0uhfH7TGSLJ3dE6uJaLneww2mkYT/MbUOlJHA==&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 177413798e91791f7a111eb76e9b154bdc8eddc8f15a24487cacf6a46c459352

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 15 Mar 2024 15:37:43 GMT
server: nginx
etag: W/"65f46b47-7b91"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 15 Mar 2025 17:03:02 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 34 KB
10 KB 222ms
124ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVjj0OwjAMhS9EcDqgigFxlCptTOU2saPEKXB7MlQI2Bi/p/cH92QmYUVWWApEGSmgqQWzm5tmiG9yXMoBPnyxmhTqTFxgQU1uWnducWEYiCcYKwUPGYNT9CZJ0fJNx0j8W9wO5KAmZXk8/xzdtWFD9pLBVZXoVGl6uzfyKCljKfu5QCOorMhmzORnbIvXeOl6a23fnc52eQHwqWpF
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3cf80ad7ac835bc0faecb90605c884ffc1cae662198e0d7743d0568f016562c0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Wed, 15 Nov 2023 18:06:41 GMT
server: nginx
etag: W/"655508b1-895c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Thu, 14 Nov 2024 18:33:02 GMT

GET
BLOB 200
OK 2a05d434-a316-42bb-9829-4f26f0e5a0b1
https://kienmanowar.wordpress.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://kienmanowar.wordpress.com/2a05d434-a316-42bb-9829-4f26f0e5a0b1
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 rss.png
s-ssl.wordpress.com/wp-includes/images/ 608 B
869 B 313ms
181ms Image
image/png 192.0.79.33
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-ssl.wordpress.com/wp-includes/images/rss.png?m=1354137473i

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.79.33 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0c6daa646e0a867e5f721b5017c98cfd2c82c26c60b614531ddae8a5d9986be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
strict-transport-security: max-age=31536000
last-modified: Fri, 19 May 2023 02:59:05 GMT
server: nginx
etag: "6466e5f9-260"
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 608
expires: Fri, 04 Apr 2025 09:35:58 GMT

GET arteam_vault_88x31.gif
www.unpack.cn/LoGo/ 0
0

GET
H2 200 biw_logo.png
img.photobucket.com/albums/v501/kienmanowar/ 1 KB
2 KB 162ms
48ms Image
image/webp 18.245.31.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.photobucket.com/albums/v501/kienmanowar/biw_logo.png

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.31.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-31-113.fra56.r.cloudfront.net

Software

photobucket /

Resource Hash

49e1aa4cf134f3f4437bb24d2f93c67984ee1366bd1fb3a2636c1cf8369e569f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 15 Sep 2023 15:29:59 GMT
content-security-policy: script-src 'none'
via: 1.1 7b85fc567b776c0d31c5ac07cc6c2ae6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
age: 17431559
x-cache: Hit from cloudfront
content-disposition: inline; filename="biw_logo.webp"
content-length: 1318
x-request-id: U_uU1G06P5B0PudRPMjL_
server: photobucket
x-amzn-trace-id: Root=1-65047876-759f3d9c68b159b07eac16f5
vary: Accept, Origin
content-type: image/webp
cache-control: max-age=31536000, public
x-amz-cf-id: p4cebUY0eiSYIoLXbFDZnKS12E9DcBje2GWJDiuG7l4GW1YmnLZjyw==
expires: Sat, 14 Sep 2024 15:29:59 GMT

GET crackmesde.png
www.tuts4you.com/tuts_plugins/links_page/link_images/ 0
0

GET eXeTools.jpeg
www.tuts4you.com/tuts_plugins/links_page/link_images/ 0
0

GET PEDiy.gif
www.tuts4you.com/tuts_plugins/links_page/link_images/ 0
0

GET wiki_crcetl.png
www.tuts4you.com/tuts_plugins/links_page/link_images/ 0
0

GET snd.gif
www.unpack.cn/LoGo/ 0
0

GET fly.gif
www.unpack.cn/LoGo/ 0
0

GET vbulletin3.png
www.tuts4you.com/tuts_plugins/links_page/link_images/ 0
0

GET
H2 200 comment_decrypted_strings_in_ida.png
kienmanowar.wordpress.com/wp-content/uploads/2022/12/ 14 KB
14 KB 320ms
318ms Image
image/webp 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kienmanowar.wordpress.com/wp-content/uploads/2022/12/comment_decrypted_strings_in_ida.png

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4fefd879dc7f24bbd78e6abe12742892be85ab6c13b6136cafa9d0e82278f947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: MISS ams 19 np
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 5.ams _dfw MISS
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Sat, 17 Dec 2022 07:59:13 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
x-wpcom-blog-id: 4708129
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 14026
expires: Mon, 06 May 2024 17:55:47 GMT

GET
H2 200 comment_api_functions_in_ida.png
kienmanowar.wordpress.com/wp-content/uploads/2022/12/ 15 KB
16 KB 396ms
394ms Image
image/webp 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kienmanowar.wordpress.com/wp-content/uploads/2022/12/comment_api_functions_in_ida.png

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

38c98ab59dca5e47005750e898063e8844f6ea2a6dd9bae7f3a51828083d341c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: MISS ams 18 np
date: Thu, 04 Apr 2024 09:35:59 GMT
x-ac: 5.ams _dfw MISS
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Sat, 17 Dec 2022 08:01:25 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
x-wpcom-blog-id: 4708129
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 15724
expires: Sun, 12 May 2024 20:49:44 GMT

GET
H2 200 hovercards.min.js Show response
0.gravatar.com/js/hovercards/ 13 KB
5 KB 472ms
54ms Script
application/javascript 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=2024144d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Mon, 01 Apr 2024 10:35:09 GMT
server: nginx
etag: W/"660a8ddd-3309"
content-type: application/javascript
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 11 Apr 2024 09:35:59 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 655 B
704 B 54ms
50ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 2
server: nginx
etag: W/1125-1684460931415.6394
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:43 GMT

GET
H2 200 cropped-master-ninjago1.png
kienmanowar.wordpress.com/wp-content/uploads/2017/10/ 5 KB
5 KB 573ms
571ms Image
image/webp 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kienmanowar.wordpress.com/wp-content/uploads/2017/10/cropped-master-ninjago1.png?w=50

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e03fd0f35cb63131cd8eb0865c7b906960751dec03067f4c91c5c868acbe82f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 18 np
date: Thu, 04 Apr 2024 09:35:59 GMT
x-ac: 5.ams _dfw MISS
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Wed, 25 Oct 2017 18:12:26 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
x-wpcom-blog-id: 4708129
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 4902
expires: Mon, 08 Apr 2024 12:56:16 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 31 KB
12 KB 184ms
180ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyClNz8wr1i+uzCtJrMjITM/IAeKS1CJMEWP94uSizIISoOIM5/yiVL2sYh19yo1yKioFmldQQE3jIhNzc4Dm2efaGpoZmpqYm1kaG2UBABVbXyc=
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 583c9b5c7463502b4217e15a22ea4e193762b4486f6e7a1c95c7d8f63d75f9de

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: MISS ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 19 May 2023 02:58:23 GMT
server: nginx
etag: W/"6466e5cf-7c40"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 04 Apr 2025 09:35:58 GMT

GET
H2 200 /
s0.wp.com/_static/ 32 KB
7 KB 54ms
50ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyljEsKgDAMBS9kDUUquhDPom0Qaz/BNHh9KdgTuBl4w2PgIWVzKpgKRFEU5DgTg8dCm72+DTHnCicBGex2Z2EMwM9JeKtdkgvYW+YOftTaqYkaXOOix8noQU+z8S9MR0BZ&cssminify=yes
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 26 May 2023 20:11:51 GMT
server: nginx
etag: W/"64711287-7e84"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 29 May 2024 16:14:06 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 55 KB
17 KB 54ms
50ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNkN1OBCEMhV9IpjuOxvHC+CiGgaqdoZSlsBvfXqKLP1mjXhEOX885BY7JOIkFYwGuJoX6RFEh0IYK+4oVn230AfOw6gX8DK9YknWbadIxOeHTA7BIhANGLxlsLcK2FHJnOGh2sFQKvsF5qdwymFuGglXFdviXaJmcCWL9eZNew8kSxG0Kl8M4D6NR4hTQZDwMV+BJC6yfUPdiiv/Y7OtCDxR7XWezVMXwwXXhD1u7kTIWMw27d7suPOY32P8y2yNOf/f92ubu+W682c3X0+04zesrayeyYg==
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 1b8e330d4b21565bcccfc6c6dfff98d28e257b3559d670da374172b7324e7d41

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Wed, 21 Feb 2024 18:12:30 GMT
server: nginx
etag: W/"65d63d0e-dd5c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Mon, 17 Mar 2025 02:42:56 GMT

GET
H2 200 rating.js Show response
polldaddy.com/js/rating/ 16 KB
5 KB 607ms
196ms Script
application/javascript 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://polldaddy.com/js/rating/rating.js?ver=13.4-a.0
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: bdb75e08b4b1eedee2847c2eafacc3089842b8735f7c6d4e99aedcb6ba828e55

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
last-modified: Thu, 14 Dec 2023 16:20:32 GMT
server: nginx
etag: W/"657b2b50-3fc5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 May 2024 09:35:59 GMT

GET
H2 200 sharing.min.js Show response
s0.wp.com/wp-content/mu-plugins/jetpack-plugin/moon/_inc/build/sharedaddy/ 9 KB
3 KB 54ms
50ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/jetpack-plugin/moon/_inc/build/sharedaddy/sharing.min.js?m=1685129444i
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 4.ams _dfw BYPASS
last-modified: Fri, 26 May 2023 19:31:02 GMT
server: nginx
etag: W/"647108f6-2259"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 31 May 2024 16:25:31 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 12 KB
5 KB 158ms
50ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?67
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 351471674cbe238abcb9fe72d025724a9c9e82f4f92cd5c2aa5f0d0f8d589bba

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
x-nc: HIT ams
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/12754-1704402356443.5398
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Wed, 15 Jan 2025 22:23:29 GMT

GET
H2 200 bilmur.min.js Show response
kienmanowar.wordpress.com/wp-content/js/ 6 KB
3 KB 180ms
178ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://kienmanowar.wordpress.com/wp-content/js/bilmur.min.js?i=11&m=202414

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:58 GMT
content-encoding: br
x-ac: 5.ams _dfw MISS
strict-transport-security: max-age=31536000
last-modified: Wed, 15 Nov 2023 17:05:24 GMT
server: nginx
etag: W/"6554fa54-161b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Fri, 04 Apr 2025 09:35:58 GMT

GET
H/1.1 200
OK conf Show response
s.pubmine.com/ 0
212 B 395ms
80ms Script
text/javascript 34.249.45.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/conf?pp.pt=1&pp.ht=0&pp.tn=greyzed&pp.amp=false&pp.siteid=8982&pp.blogid=4708129&pp.consent=0&pp.uloggedin=0&pp.flag=2&rid=393530534474&ref=https%3A%2F%2Fkienmanowar.wordpress.com%2F2022%2F12%2F17%2Fquicknote-vidarstealer-analysis%2F&vp=1600x1113&cb=callback__lul1kuyo_1
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.45.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-45-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Apr 2024 09:35:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
Content-Type: text/javascript; charset=utf-8

GET
H3 200 bg.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 131 KB
132 KB 171ms
63ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/bg.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3f42aef7e0ac290e2c024ec72efb55c944bb1fca3a1cde2a1945d28b7a979212

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-20dc7"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 134599
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 con-bg.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 8 KB
8 KB 169ms
62ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/con-bg.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 267931a2c0503b09025fd5e5c1355afd35d62ebe885aea9ff0a7ec2cb3b0f1e4

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:22 GMT
server: nginx
etag: "6466e6fa-1fd2"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8146
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 sidebar-bg.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 56 KB
57 KB 164ms
57ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/sidebar-bg.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: df019626d667c5b41da852630c504b3c10e81bd48a47fb46563a51872d4a504d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-e169"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 57705
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 sidebar-headings.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 2 KB
3 KB 162ms
56ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/sidebar-headings.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: dddb9388ebce7bb7d0ae18484cb0f89279866cc4dfb55d778d50bd045f66df7b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:22 GMT
server: nginx
etag: "6466e6fa-985"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 2437
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 search-bg.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 3 KB
3 KB 223ms
116ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/search-bg.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 76e6850f12607863de0120ebfa33d71bc7236b012c5b097f55022b7999c10c90

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-bbf"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 3007
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 search-arrow.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 768 B
1 KB 169ms
64ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/search-arrow.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9c57d2640b1de112642d5218256feae0fcb2ba2f3b36568628b21d3f1b74d3b0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:08 GMT
server: nginx
etag: "6466e6ec-300"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 768
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 bullet.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 170 B
469 B 216ms
111ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/bullet.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e33804b339aa5f0c13f9d6a6e4487f03e51a93a3c9f8ca7ff7476548aa3c5a87

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:52:08 GMT
server: nginx
etag: "6466d648-aa"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 170
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 content-bg.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 25 KB
25 KB 213ms
112ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/content-bg.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 44198bfeabac58e818f7dceef6574e928065e93c0299b213eed7d3a0da55d368

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:22 GMT
server: nginx
etag: "6466e6fa-63b8"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 25528
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 arrow.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 955 B
1 KB 160ms
59ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/arrow.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 67f00c99e77b3620dd7b70d12f039060cbbbde300e04c1520b99246d80a98763

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:52:08 GMT
server: nginx
etag: "6466d648-3bb"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 955
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 bubble.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 1004 B
1 KB 161ms
60ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/bubble.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 105fd5b2ef4816e621ac9cf9fc9d94f16d9c32c961d8e8bf1beb429901c28059

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:08 GMT
server: nginx
etag: "6466e6ec-3ec"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1004
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 comments.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 2 KB
2 KB 161ms
61ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/comments.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7f149a852ef05ff0c3d4f31fd3322aba3b12730063bcd174d4d16a44798819f5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-8cf"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 2255
expires: Sat, 09 Nov 2024 15:14:14 GMT

GET
H3 200 haveyoursay.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 48 KB
49 KB 213ms
113ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/haveyoursay.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 17baf48bbf8dc98794580a2c36675e02064b411806ee84242bc19b794b0802d8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-c11c"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 49436
expires: Sat, 09 Nov 2024 15:27:41 GMT

GET
H3 200 content-bottom.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 6 KB
6 KB 214ms
114ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/content-bottom.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: afd061535ea856997db8870aafb9ff3830de1da54267995a5e9db43e1220cf11

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:08 GMT
server: nginx
etag: "6466e6ec-17d3"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 6099
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 leftnav.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 708 B
1008 B 215ms
115ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/leftnav.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 5f7662254db8f42f427cbafddd7b68e4b4a6e9482820844d3324b2d45f5bb914

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:52:08 GMT
server: nginx
etag: "6466d648-2c4"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 708
expires: Sat, 09 Nov 2024 15:11:18 GMT

GET
H3 200 rightnav.gif
s0.wp.com/wp-content/themes/pub/greyzed/images/ 705 B
1004 B 216ms
115ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/rightnav.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7e88cc6ea9a2d789b09c0918bca72bab3768a545b781a42c024f2e0b2de389c7

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 03:03:22 GMT
server: nginx
etag: "6466e6fa-2c1"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 705
expires: Sat, 09 Nov 2024 15:11:18 GMT

GET
H3 200 bottom.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 4 KB
5 KB 217ms
117ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/bottom.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 06a6628771357bc551ced11319df79c52039cfc1c5f5ac6f386635d149005f50

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-1164"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 4452
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
H3 200 footerbar.jpg
s0.wp.com/wp-content/themes/pub/greyzed/images/ 34 KB
34 KB 218ms
118ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/pub/greyzed/images/footerbar.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4de7345fd19120381917571d30e45e3e46e6a192ffd92810fb705b87c3626e40

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://s0.wp.com/_static/??-eJyFjMEOwiAQRH9I3BBTUw/Gb6GwIhVY0l3StF8vTTxw0stkXjLzYC3KUhbMAvLChAylTuAX3HZ0wLJFPFvmE3TDVFWJ1YfMMKMUY99fhkR0hKuxidbgPAqDUFGFuLW/Oo+kIlkjoXl6UM9owvLruuAUybfqoa06PE6PdNfXcdAXPd6G+QPnxFur&cssminify=yes
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:58 GMT
x-ac: 4.ams _dfw MISS
last-modified: Fri, 19 May 2023 01:49:14 GMT
server: nginx
etag: "6466d59a-8851"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 34897
expires: Sat, 09 Nov 2024 15:10:41 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98ea495d590c298f281d8ddbe9c3a82c9d507d6c9a6bd6356fbfbb666ee037ff

Request headers

Referer
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 a96fac9903f2b852834c6b9379e9f510e0824512af2fc00acacdcd324ec3187e
1.gravatar.com/avatar/ 2 KB
2 KB 476ms
55ms Image
image/jpeg 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/a96fac9903f2b852834c6b9379e9f510e0824512af2fc00acacdcd324ec3187e?s=48&d=wavatar
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f6c034399986b26e2ea6720225482ecf9eb5467d380a705b3e74eb43fd2e413d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 3
date: Thu, 04 Apr 2024 09:35:59 GMT
last-modified: Wed, 03 Sep 2008 07:33:40 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="a96fac9903f2b852834c6b9379e9f510e0824512af2fc00acacdcd324ec3187e.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/a96fac9903f2b852834c6b9379e9f510e0824512af2fc00acacdcd324ec3187e?s=48&d=wavatar>; rel="canonical"
content-length: 1592
alt-svc: h3=":443"; ma=86400
expires: Thu, 04 Apr 2024 09:40:59 GMT

GET
H2

200

/
platform-lookaside.fbsbx.com/platform/profilepic/
Redirect Chain

https://graph.facebook.com/v6.0/1421319795445563/picture?type=large
https://platform-lookaside.fbsbx.com/platform/profilepic/?asid=1421319795445563&height=200&width=200&ext=1714815358&hash=Afr69p76qOqM0Pb4GLVVCi9Y56rqCA_VdkNoUCV_IH8qCQ

6 KB
7 KB

482ms
80ms

Image
image/jpeg

157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-lookaside.fbsbx.com/platform/profilepic/?asid=1421319795445563&height=200&width=200&ext=1714815358&hash=Afr69p76qOqM0Pb4GLVVCi9Y56rqCA_VdkNoUCV_IH8qCQ
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Server: 157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS: xx-fbcdn-shv-01-fra5.fbcdn.net
Software: /
Resource Hash: 73590eb28490b9edac3545230a68bd19aca06d8fdfd880a3a4e775566cfdb918

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://kienmanowar.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
last-modified: Wed, 09 Nov 2022 14:41:17 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=541338324
thrift_fmhk: GBBTg9rtOMLLu8DN1pLD7Sr6FfDr4Z0EvFUAAAA=
cache-control: private, no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
x-needle-checksum: 1514055776
content-disposition: attachment
accept-ranges: bytes
content-length: 6396

Redirect headers

strict-transport-security: max-age=15552000; preload
date: Thu, 04 Apr 2024 09:35:58 GMT
x-fb-rev: 1012536975
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=23, mss=1232, tbw=4287, tp=9, tpl=0, uplat=53, ullat=0
pragma: no-cache
x-fb-debug: iTrwlFg5m1/WPook/vyx1Y22xXTRclk20lWRjASR3l0L102fQlT0PUalTmboGmzZRV/wEreZdy5kpkbSwRdeVw==
x-fb-trace-id: FrPTUiMdzIH
content-type: image/jpeg
location: https://platform-lookaside.fbsbx.com/platform/profilepic/?asid=1421319795445563&height=200&width=200&ext=1714815358&hash=Afr69p76qOqM0Pb4GLVVCi9Y56rqCA_VdkNoUCV_IH8qCQ
access-control-allow-origin: *
x-fb-request-id: AS5oRQfhP3u9_N5cwVMfjkv
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v13.0
priority: u=1,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 5af7dc1b4ca0dd7ff603e98e239c84fc1c27874818e9c47e978d497230047fd9
2.gravatar.com/avatar/ 3 KB
3 KB 465ms
52ms Image
image/png 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2.gravatar.com/avatar/5af7dc1b4ca0dd7ff603e98e239c84fc1c27874818e9c47e978d497230047fd9?s=48&d=wavatar
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9af7f87d63c28a368e7f8f2806cb228deb77d92559424d311866c0cad5acc58

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:59 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
link: <https://gravatar.com/avatar/5af7dc1b4ca0dd7ff603e98e239c84fc1c27874818e9c47e978d497230047fd9?s=48&d=wavatar>; rel="canonical"
content-length: 3085
alt-svc: h3=":443"; ma=86400
expires: Thu, 04 Apr 2024 09:40:59 GMT

GET
H2 200 a24be97a26d30733945c48af7545906c522b6e5284b365e8f03fdb2368a497c4
1.gravatar.com/avatar/ 2 KB
2 KB 55ms
55ms Image
image/png 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/a24be97a26d30733945c48af7545906c522b6e5284b365e8f03fdb2368a497c4?s=48&d=wavatar
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e873d403bd6a9726ca12be531ef5630b7056d9ec826cb1b6ad61d7021d86025f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 3
date: Thu, 04 Apr 2024 09:35:59 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
link: <https://gravatar.com/avatar/a24be97a26d30733945c48af7545906c522b6e5284b365e8f03fdb2368a497c4?s=48&d=wavatar>; rel="canonical"
content-length: 2142
alt-svc: h3=":443"; ma=86400
expires: Thu, 04 Apr 2024 09:40:59 GMT

GET
H2 200 cropped-image-e1499241240995.png
thisweekin4n6.files.wordpress.com/2017/07/ 888 B
1 KB 193ms
51ms Image
image/webp 192.0.72.22
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thisweekin4n6.files.wordpress.com/2017/07/cropped-image-e1499241240995.png?w=48

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.22 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fc15605abc730779815b42fe9f5ca3cf6c1823c4776274c6b8c9cae3c8157dfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 22 np
date: Thu, 04 Apr 2024 09:35:59 GMT
x-content-type-options: nosniff, nosniff
last-modified: Wed, 05 Jul 2017 07:55:08 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://thisweekin4n6.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 888
expires: Sun, 14 Apr 2024 13:16:06 GMT

GET
H2 200 css
fonts-api.wp.com/ 11 KB
1 KB 79ms
70ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cfccca07794644a417ecfded7c2dfe830474c29c03a33a853410b44eedcbc158

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS ams 2
last-modified: Thu, 04 Apr 2024 09:35:58 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.wp.com/s/ubuntu/v20/ 34 KB
34 KB 60ms
51ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts-api.wp.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
server: nginx
age: 81498
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 34852
x-xss-protection: 0

GET
H2 200 ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf6D30.woff2
fonts.wp.com/s/notoserif/v23/ 42 KB
43 KB 60ms
51ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notoserif/v23/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf6D30.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9d3959df4ebd84904a1622b6d7c9728f487e0c4d372f9bc2f59d0c480702f9c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts-api.wp.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 00:59:26 GMT
server: nginx
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 43212
x-xss-protection: 0

GET
H2 200 ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3_ctw.woff2
fonts.wp.com/s/notoserif/v23/ 47 KB
48 KB 59ms
51ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3_ctw.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

beeb07fb8c29efbc5a8a805f860a8550e56d5eab9e6883f58db91581be08214b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts-api.wp.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 00:57:10 GMT
server: nginx
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 48428
x-xss-protection: 0

GET
H3 200 ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf1D33Esw.woff2
fonts.wp.com/s/notoserif/v23/ 16 KB
16 KB 46ms
46ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notoserif/v23/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf1D33Esw.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

378cb5a8591b843764c96539f95b2f3be26ebcbac3a9a7f6b90b7b6d147227f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts-api.wp.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 01:02:34 GMT
server: nginx
age: 1592
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 16152
x-xss-protection: 0

GET
H3 200 ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf0D33Esw.woff2
fonts.wp.com/s/notoserif/v23/ 150 KB
150 KB 46ms
46ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notoserif/v23/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf0D33Esw.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1830c828631cf134d9b4a2fa585d90de9f5754de137750ad2f2a41192a491b04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts-api.wp.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 00:51:58 GMT
server: nginx
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 153336
x-xss-protection: 0

GET
H3 200 4iCs6KVjbNBYlgoKcQ72j00.woff2
fonts.wp.com/s/ubuntu/v20/ 46 KB
46 KB 46ms
46ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKcQ72j00.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:r%7CNoto+Serif:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d9086c8c2ed7c9f988d63847cd89e81318c1e4ade2112969af26e5744a3bc7d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts-api.wp.com/
Origin: https://kienmanowar.wordpress.com
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 2
date: Thu, 04 Apr 2024 09:35:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:31:24 GMT
server: nginx
age: 428212
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 46796
x-xss-protection: 0

GET
H3 200 shCore.css
s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/ 5 KB
1 KB 51ms
50ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 93111ec228b7cde5000f4062ac113d5c56c77b2a7ccc4ab3b6ceaf97fe340e37

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 1
server: nginx
etag: W/6813-1684460918559.6392
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 09 Nov 2024 15:08:57 GMT

GET
H3 200 shThemeDefault.css
s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/ 2 KB
718 B 55ms
55ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?m=1363304414i&ver=3.0.9b
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 8f892de7bd3f42587028e9a8ddd9d01c6923f3947e657710ef40a2407e718de6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: miss
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 1
server: nginx
etag: W/2877-1684460927708.9634
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:55 GMT

GET
H2 200 rate.php Show response
polldaddy.com/ratings/ 1 KB
536 B 200ms
199ms Script
application/javascript 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://polldaddy.com/ratings/rate.php?cmd=get&id=1003814&uid=wp-post-6434&item_id=_post_6434
Requested by: Host: polldaddy.com
URL: https://polldaddy.com/js/rating/rating.js?ver=13.4-a.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: a9a322df45bca179dbc04b9627cdad0cf96f3a9f64994d9ddd546ae160743bba

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: application/javascript
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
server: nginx
alt-svc: h3=":443"; ma=86400
vary: Accept-Encoding
content-language: en

GET
H2 200 rate.php Show response
polldaddy.com/ratings/ 1 KB
535 B 198ms
198ms Script
application/javascript 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://polldaddy.com/ratings/rate.php?cmd=get&id=7046779&uid=wp-comment-6098&item_id=_comm_6098
Requested by: Host: polldaddy.com
URL: https://polldaddy.com/js/rating/rating.js?ver=13.4-a.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: 993e29ad422f7afe72c9dbe07c8869d86bbf133b1334dfd8e2c43093fa0fb93b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: application/javascript
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
server: nginx
alt-svc: h3=":443"; ma=86400
vary: Accept-Encoding
content-language: en

GET
H2 200 master.html
widgets.wp.com/likes/ Frame 054F 0
0 163ms
55ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20240404
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash

Request headers

Referer: https://kienmanowar.wordpress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: pl-PL,pl;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html
date: Thu, 04 Apr 2024 09:35:59 GMT
etag: W/"65fd56ed-b00"
last-modified: Fri, 22 Mar 2024 10:01:17 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 4.ams _dfw MISS
x-nc: HIT ams 2

GET
H2 200 g.gif
pixel.wp.com/ 50 B
178 B 63ms
50ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.15409079298683692
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 09:35:59 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
178 B 51ms
50ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=4708129&v=wpcom&tz=7&user_id=0&post=6434&subd=kienmanowar&host=kienmanowar.wordpress.com&ref=&rand=0.9137966356064531
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 09:35:59 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
178 B 52ms
51ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE0%2FbU8yQkx3RTR3RmZTSndoTltKYUtEYz9mTHN3MlJ2cWh3ZmwzZGYubUxraS83bFJ8by9SUXlTXWIrWEkxPVlEcDdMaEYxRSwtRmNMVkJscFkyPzNNMy1sL25JfF1lYWRXK1d%2BLTR8dFl6cmR%2BP1htRjJxJlB3LUE4clhrUEZdbkduQzRuRz0uODBFLCxEdEhzall1b042YVlxX1YmNkVvaVJPaEJOP2tXM1dqan5hUk8sUzlMdl8wZ0JyZmRDRURFWjNXM28mU3hYLG4rZXklUlAwYkMycXwrZEhuTnF0MXhGSH5FfkMyRWRqej9WaCtjPUwxRmRnPXdnSnFLVSY1SWtTX1BsYmRoUWdNb1tWLURTQyUweWNJLixneHwuWy8rRix6R2FudVFBUVJtREJKfk9Bek1H&v=wpcom-no-pv&rand=0.44859072393294497
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 09:35:59 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H3 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ 18 KB
5 KB 50ms
50ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5-RC3-57891
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 1
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
last-modified: Wed, 13 Mar 2024 12:49:00 GMT
server: nginx
etag: W/"65f1a0bc-4926"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 28 Mar 2025 15:24:12 GMT

GET
H3 200 / Show response
kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ 4 KB
2 KB 338ms
338ms XHR
application/json 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/?relatedposts=1

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyVjj0OwjAMhS9EcDqgigFxlCptTOU2saPEKXB7MlQI2Bi/p/cH92QmYUVWWApEGSmgqQWzm5tmiG9yXMoBPnyxmhTqTFxgQU1uWnducWEYiCcYKwUPGYNT9CZJ0fJNx0j8W9wO5KAmZXk8/xzdtWFD9pLBVZXoVGl6uzfyKCljKfu5QCOorMhmzORnbIvXeOl6a23fnc52eQHwqWpF

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f72461d654ddd9d55528c3046edfa8e0a8bbb9447f44b903bc3daabca651a9f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
x-requested-with: XMLHttpRequest
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-ac: 5.ams _dfw MISS
server: nginx
vary: Accept-Encoding, accept, content-type
x-pingback: https://kienmanowar.wordpress.com/xmlrpc.php
content-type: application/json; charset=utf-8
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
public-api.wordpress.com/geo/ 130 B
372 B 291ms
182ms XHR
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/geo/

Requested by

Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

21cf19c6578c5dc7a312d8eb0a98ed16a935e86e59623338f2815e8ada7b0612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Thu, 04 Apr 2024 09:35:59 GMT
content-encoding: br
x-ac: 2.ams _dfw BYPASS
strict-transport-security: max-age=31536000
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 4 KB
1 KB 55ms
54ms Stylesheet
text/css 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=2024144d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Requested by

Host: 0.gravatar.com
URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=2024144d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4845f9cdb0fbf13f3cf2fbb844bd4152071e338703f737c988051b154529d201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Mon, 01 Apr 2024 10:35:09 GMT
server: nginx
etag: W/"660a8ddd-e1d"
content-type: text/css
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 11 Apr 2024 09:35:59 GMT

GET
H2 200 nero-hand-sml.png
polldaddy.com/images/ratings/ 938 B
1 KB 196ms
196ms Image
image/png 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://polldaddy.com/images/ratings/nero-hand-sml.png
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: fcd979553c43747d6e8686d91f3616954c01faf7177dd5db4427856063be2956

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
last-modified: Wed, 08 Sep 2021 04:24:13 GMT
server: nginx
etag: "61383aed-3aa"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 938
expires: Sat, 04 May 2024 09:35:59 GMT

GET
H2 200 info.png
polldaddy.com/images/ratings/ 1 KB
1 KB 197ms
196ms Image
image/png 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://polldaddy.com/images/ratings/info.png
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: 8d1b51a6bcf97a173884161816c19b753e0088a0926148482d8a1f371706c774

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
last-modified: Wed, 08 Sep 2021 04:24:16 GMT
server: nginx
etag: "61383af0-4ca"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1226
expires: Sat, 04 May 2024 09:35:59 GMT

GET
H2 200 star-yellow-sml.png
polldaddy.com/images/ratings/ 3 KB
3 KB 208ms
207ms Image
image/png 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://polldaddy.com/images/ratings/star-yellow-sml.png
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: 67f5e3a1fe926d54a765050fbdae81d08d4908c38c3a2340322ec7f5086df9e3

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 09:35:59 GMT
last-modified: Fri, 12 Mar 2021 05:30:45 GMT
server: nginx
etag: "604afc85-c0d"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 3085
expires: Sat, 04 May 2024 09:35:59 GMT

GET
H3 200 actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 15 KB
4 KB 52ms
51ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20240115
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c1e62caa83381d8a3c58be2a17f28bff4176e8ddcd882bb923f3152852c06df9

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Thu, 04 Apr 2024 09:36:00 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 1
server: nginx
etag: W/18324-1705283925364.3767
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 14 Jan 2025 01:58:53 GMT

GET
H3 200 actionbar.js Show response
s0.wp.com/wp-content/mu-plugins/actionbar/ 8 KB
3 KB 53ms
52ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122
Requested by: Host: kienmanowar.wordpress.com
URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a6dc271cbdaa05e97c5144483628df9e30b68326e5b04a5fef3322af1c0f22e0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: miss
date: Thu, 04 Apr 2024 09:36:00 GMT
content-encoding: br
x-ac: 4.ams _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT ams 1
server: nginx
etag: W/15307-1700657606451.625
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 21 Nov 2024 12:53:34 GMT

GET
H3 200 cropped-master-ninjago1.png
kienmanowar.wordpress.com/wp-content/uploads/2017/10/ 2 KB
2 KB 56ms
56ms Other
image/webp 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://kienmanowar.wordpress.com/wp-content/uploads/2017/10/cropped-master-ninjago1.png?w=32

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f340f29dd04e16957af7d50073bffd308b00559f40c8ee2b87863dfe55afe609

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT ams 19 np
date: Thu, 04 Apr 2024 09:36:00 GMT
x-ac: 5.ams _dfw MISS
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Wed, 25 Oct 2017 18:12:26 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
x-wpcom-blog-id: 4708129
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 2248
expires: Sat, 06 Apr 2024 13:58:36 GMT

POST
H3 200 admin-ajax.php
kienmanowar.wordpress.com/wp-admin/ 0
0 258ms
258ms Fetch
text/html 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://kienmanowar.wordpress.com/wp-admin/admin-ajax.php

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Thu, 04 Apr 2024 09:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-ac: 5.ams _dfw BYPASS
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://kienmanowar.wordpress.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 204 boom.gif
pixel.wp.com/ 0
106 B 55ms
55ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.008&largest_contentful_paint=1686&batcache_hit=0&provider=wordpress.com&service=simple&custom_properties=%7B%22logged_in%22%3A%220%22%2C%22wptheme%22%3A%22pub%2Fgreyzed%22%2C%22wptheme_is_block%22%3A%220%22%7D&effective_connection_type=4g&rtt=100&downlink=10000&host_name=kienmanowar.wordpress.com&url_path=%2F2022%2F12%2F17%2Fquicknote-vidarstealer-analysis%2F&nt_redirectStart=0&nt_redirectEnd=387&nt_fetchStart=387&nt_domainLookupStart=387&nt_domainLookupEnd=387&nt_connectStart=387&nt_connectEnd=387&nt_secureConnectionStart=387&nt_requestStart=390&nt_responseStart=1070&nt_responseEnd=1165&nt_domLoading=1074&nt_domInteractive=1974&nt_domContentLoadedEventStart=1976&nt_domContentLoadedEventEnd=1978&nt_domComplete=2956&nt_loadEventStart=2956&nt_loadEventEnd=2984&nt_redirectCount=1&nt_nextHopProtocol=h2&nt_api_level=2&start_render=1416&first_contentful_paint=1416&resource_size=1281750&resource_transferred=535822&resource_cache_percent=0&js_size=151049&js_transferred=51809&js_cache_percent=0&blocking_size=741420&blocking_transferred=108074&blocking_cache_percent=0&last_resource_end=3292
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kienmanowar.wordpress.com/
accept-language: pl-PL,pl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 09:36:02 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.unpack.cn
URL: https://www.unpack.cn/LoGo/arteam_vault_88x31.gif

Domain: www.tuts4you.com
URL: https://www.tuts4you.com/tuts_plugins/links_page/link_images/crackmesde.png

Domain: www.tuts4you.com
URL: https://www.tuts4you.com/tuts_plugins/links_page/link_images/eXeTools.jpeg

Domain: www.tuts4you.com
URL: https://www.tuts4you.com/tuts_plugins/links_page/link_images/PEDiy.gif

Domain: www.tuts4you.com
URL: https://www.tuts4you.com/tuts_plugins/links_page/link_images/wiki_crcetl.png

Domain: www.unpack.cn
URL: https://www.unpack.cn/LoGo/snd.gif

Domain: www.unpack.cn
URL: https://www.unpack.cn/LoGo/fly.gif

Domain: www.tuts4you.com
URL: https://www.tuts4you.com/tuts_plugins/links_page/link_images/vbulletin3.png

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.wordpress.com/	1970-01-20 19:38:29	Name: ccpa_applies Value: false
			.wordpress.com/	1970-01-20 19:38:29	Name: usprivacy Value: 1---

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.unpack.cn/LoGo/arteam_vault_88x31.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://img.photobucket.com/albums/v501/kienmanowar/biw_logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/crackmesde.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/eXeTools.jpeg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/PEDiy.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/wiki_crcetl.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.unpack.cn/LoGo/snd.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.unpack.cn/LoGo/fly.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/ Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/vbulletin3.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.unpack.cn/LoGo/arteam_vault_88x31.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://img.photobucket.com/albums/v501/kienmanowar/biw_logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/crackmesde.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/eXeTools.jpeg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/PEDiy.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/wiki_crcetl.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.unpack.cn/LoGo/snd.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.unpack.cn/LoGo/fly.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/(Line 1281) Message: Mixed Content: The page at 'https://kienmanowar.wordpress.com/2022/12/17/quicknote-vidarstealer-analysis/' was loaded over HTTPS, but requested an insecure element 'http://www.tuts4you.com/tuts_plugins/links_page/link_images/vbulletin3.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://www.unpack.cn/LoGo/arteam_vault_88x31.gif Message: Failed to load resource: net::ERR_CONNECTION_REFUSED
network	error	URL: https://www.unpack.cn/LoGo/fly.gif Message: Failed to load resource: net::ERR_CONNECTION_REFUSED
network	error	URL: https://www.unpack.cn/LoGo/snd.gif Message: Failed to load resource: net::ERR_CONNECTION_REFUSED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
2.gravatar.com
fonts-api.wp.com
fonts.wp.com
graph.facebook.com
img.photobucket.com
kienmanowar.wordpress.com
pixel.wp.com
platform-lookaside.fbsbx.com
polldaddy.com
public-api.wordpress.com
s-ssl.wordpress.com
s.pubmine.com
s0.wp.com
stats.wp.com
thisweekin4n6.files.wordpress.com
widgets.wp.com
www.tuts4you.com
www.unpack.cn
www.tuts4you.com
www.unpack.cn
157.240.251.9
157.240.253.13
18.245.31.113
192.0.123.248
192.0.72.22
192.0.73.2
192.0.76.3
192.0.77.32
192.0.78.12
192.0.78.23
192.0.79.33
34.249.45.164
06a6628771357bc551ced11319df79c52039cfc1c5f5ac6f386635d149005f50
0c6daa646e0a867e5f721b5017c98cfd2c82c26c60b614531ddae8a5d9986be8
105fd5b2ef4816e621ac9cf9fc9d94f16d9c32c961d8e8bf1beb429901c28059
14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730
177413798e91791f7a111eb76e9b154bdc8eddc8f15a24487cacf6a46c459352
17baf48bbf8dc98794580a2c36675e02064b411806ee84242bc19b794b0802d8
1830c828631cf134d9b4a2fa585d90de9f5754de137750ad2f2a41192a491b04
1b8e330d4b21565bcccfc6c6dfff98d28e257b3559d670da374172b7324e7d41
216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252
21cf19c6578c5dc7a312d8eb0a98ed16a935e86e59623338f2815e8ada7b0612
25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000
267931a2c0503b09025fd5e5c1355afd35d62ebe885aea9ff0a7ec2cb3b0f1e4
2e03fd0f35cb63131cd8eb0865c7b906960751dec03067f4c91c5c868acbe82f
351471674cbe238abcb9fe72d025724a9c9e82f4f92cd5c2aa5f0d0f8d589bba
378cb5a8591b843764c96539f95b2f3be26ebcbac3a9a7f6b90b7b6d147227f9
37da243283039c86d591d66a559f5c9501314a038b1837caac820cf5155d8930
38c98ab59dca5e47005750e898063e8844f6ea2a6dd9bae7f3a51828083d341c
3cf80ad7ac835bc0faecb90605c884ffc1cae662198e0d7743d0568f016562c0
3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8
3f42aef7e0ac290e2c024ec72efb55c944bb1fca3a1cde2a1945d28b7a979212
4417b5543eda6c561ebe23f9a4f7521003bdbf58743b5ce4d201848636414fb5
44198bfeabac58e818f7dceef6574e928065e93c0299b213eed7d3a0da55d368
4845f9cdb0fbf13f3cf2fbb844bd4152071e338703f737c988051b154529d201
49e1aa4cf134f3f4437bb24d2f93c67984ee1366bd1fb3a2636c1cf8369e569f
4d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406
4de7345fd19120381917571d30e45e3e46e6a192ffd92810fb705b87c3626e40
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4fefd879dc7f24bbd78e6abe12742892be85ab6c13b6136cafa9d0e82278f947
583c9b5c7463502b4217e15a22ea4e193762b4486f6e7a1c95c7d8f63d75f9de
5a13ad07a4ca549fd1f04bc8e8759fd1fabe6d887dee4e4f12624307fc37b23d
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5f7662254db8f42f427cbafddd7b68e4b4a6e9482820844d3324b2d45f5bb914
67f00c99e77b3620dd7b70d12f039060cbbbde300e04c1520b99246d80a98763
67f5e3a1fe926d54a765050fbdae81d08d4908c38c3a2340322ec7f5086df9e3
72b82a9b24bd828fc03d63f91072a037882900d221dc1159e109f68840d9b97a
73590eb28490b9edac3545230a68bd19aca06d8fdfd880a3a4e775566cfdb918
738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30
76e6850f12607863de0120ebfa33d71bc7236b012c5b097f55022b7999c10c90
7e88cc6ea9a2d789b09c0918bca72bab3768a545b781a42c024f2e0b2de389c7
7f149a852ef05ff0c3d4f31fd3322aba3b12730063bcd174d4d16a44798819f5
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
8d1b51a6bcf97a173884161816c19b753e0088a0926148482d8a1f371706c774
8f892de7bd3f42587028e9a8ddd9d01c6923f3947e657710ef40a2407e718de6
93111ec228b7cde5000f4062ac113d5c56c77b2a7ccc4ab3b6ceaf97fe340e37
96fac161fd617b6d46287d9c912fc18ea72b3ab9807eafb076e04c81a8082a6f
98ea495d590c298f281d8ddbe9c3a82c9d507d6c9a6bd6356fbfbb666ee037ff
993e29ad422f7afe72c9dbe07c8869d86bbf133b1334dfd8e2c43093fa0fb93b
9c57d2640b1de112642d5218256feae0fcb2ba2f3b36568628b21d3f1b74d3b0
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5
9d3959df4ebd84904a1622b6d7c9728f487e0c4d372f9bc2f59d0c480702f9c5
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc
a6dc271cbdaa05e97c5144483628df9e30b68326e5b04a5fef3322af1c0f22e0
a9a322df45bca179dbc04b9627cdad0cf96f3a9f64994d9ddd546ae160743bba
afd061535ea856997db8870aafb9ff3830de1da54267995a5e9db43e1220cf11
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
bdb75e08b4b1eedee2847c2eafacc3089842b8735f7c6d4e99aedcb6ba828e55
beeb07fb8c29efbc5a8a805f860a8550e56d5eab9e6883f58db91581be08214b
c1e62caa83381d8a3c58be2a17f28bff4176e8ddcd882bb923f3152852c06df9
cc60c52bbe83d00c65324f12508f785a48c4f0ea0855ae6891143554bb865ee5
cfccca07794644a417ecfded7c2dfe830474c29c03a33a853410b44eedcbc158
d9086c8c2ed7c9f988d63847cd89e81318c1e4ade2112969af26e5744a3bc7d7
dddb9388ebce7bb7d0ae18484cb0f89279866cc4dfb55d778d50bd045f66df7b
df019626d667c5b41da852630c504b3c10e81bd48a47fb46563a51872d4a504d
e33804b339aa5f0c13f9d6a6e4487f03e51a93a3c9f8ca7ff7476548aa3c5a87
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e873d403bd6a9726ca12be531ef5630b7056d9ec826cb1b6ad61d7021d86025f
e9af7f87d63c28a368e7f8f2806cb228deb77d92559424d311866c0cad5acc58
ef06ea2f8c619ca5e16fb552f0a7beba09b89dfdb671b2c5f16b4347af8a658c
f340f29dd04e16957af7d50073bffd308b00559f40c8ee2b87863dfe55afe609
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6c034399986b26e2ea6720225482ecf9eb5467d380a705b3e74eb43fd2e413d
f72461d654ddd9d55528c3046edfa8e0a8bbb9447f44b903bc3daabca651a9f4
fc15605abc730779815b42fe9f5ca3cf6c1823c4776274c6b8c9cae3c8157dfc
fcd979553c43747d6e8686d91f3616954c01faf7177dd5db4427856063be2956

kienmanowar.wordpress.com Open in urlscan Pro 192.0.78.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

86 Requests

88 %HTTPS

0 %IPv6

10 Domains

20 Subdomains

12 IPs

3 Countries

977 kBTransfer

1954 kBSize

2 Cookies

32 Outgoing links

Page URL History

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

kienmanowar.wordpress.com Open in urlscan Pro
192.0.78.12 Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

88 %
HTTPS

0 %
IPv6

10
Domains

20
Subdomains

12
IPs

3
Countries

977 kB
Transfer

1954 kB
Size

2
Cookies

86 HTTP transactions
1 data transactions