darkwebinformer.com Open in urlscan Pro
2a04:4e42:200::775 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/0ZyuywApqa
Effective URL:
https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Submission: On November 20 via api (November 20th 2024, 11:26:14 am UTC) from IN — Scanned from CA

Summary HTTP 39 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 12 domains to perform 39 HTTP transactions. The main IP is 2a04:4e42:200::775, located in United States and belongs to FASTLY, US. The main domain is darkwebinformer.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 4th 2024. Valid for: 3 months.

This is the only time darkwebinformer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a04:4e42:200... 2a04:4e42:200::775	54113 (FASTLY) (FASTLY)
3	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	18.160.41.31 18.160.41.31	16509 (AMAZON-02) (AMAZON-02)
2	37.19.207.34 37.19.207.34	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
2	64.233.180.157 64.233.180.157	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c07::61	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c21::8b	15169 (GOOGLE) (GOOGLE)
2	172.253.115.156 172.253.115.156	15169 (GOOGLE) (GOOGLE)
6	2a04:4e42:600... 2a04:4e42:600::775	54113 (FASTLY) (FASTLY)
1	142.251.163.154 142.251.163.154	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c06::84	15169 (GOOGLE) (GOOGLE)
1	172.253.115.147 172.253.115.147	15169 (GOOGLE) (GOOGLE)
1	18.160.41.30 18.160.41.30	() ()
39	15

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a04:4e42:200::775 (United States)

ASN54113 (FASTLY, US)

darkwebinformer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-31.iad55.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.19.207.34 (Ashburn, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 37-19-207-34.bunnyinfra.net

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.180.157 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f157.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c07::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c21::8b (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.115.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42:600::775 (United States)

ASN54113 (FASTLY, US)

dark-web-informer.ghost.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.163.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f154.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::84 (Washington, United States)

ASN15169 (GOOGLE, US)

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.115.147 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.30 (None, )

ASN- ()

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	darkwebinformer.com darkwebinformer.com	1 MB
6	ghost.io dark-web-informer.ghost.io	6 KB
3	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 389 ep2.adtrafficquality.google — Cisco Umbrella Rank: 403	19 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	451 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	196 KB
2	plausible.io plausible.io — Cisco Umbrella Rank: 9011	2 KB
2	stripe.com js.stripe.com — Cisco Umbrella Rank: 1073	180 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	108 KB
1	t.co t.co — Cisco Umbrella Rank: 904	947 B
39	12

	Domain	Requested by
14	darkwebinformer.com	t.co darkwebinformer.com cdn.jsdelivr.net
6	dark-web-informer.ghost.io	cdn.jsdelivr.net
3	cdn.jsdelivr.net	darkwebinformer.com
2	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	pagead2.googlesyndication.com	darkwebinformer.com pagead2.googlesyndication.com
2	plausible.io	darkwebinformer.com plausible.io
2	js.stripe.com	darkwebinformer.com js.stripe.com
1	www.google.com	ep2.adtrafficquality.google
1	ep1.adtrafficquality.google	pagead2.googlesyndication.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	darkwebinformer.com
1	t.co
39	13

This site contains links to these domains. Also see Links.

Domain
whiteintel.io
twitter.com
www.facebook.com
pinterest.com
www.linkedin.com
github.com
zimbra.github.io
cyberveille.esante.gouv.fr
blog.projectdiscovery.io
infosec.exchange
youtube.com
www.darkwebinformer.com
x.com
medium.com
t.me

Subject Issuer	Validity	Valid
t.co E5	`2024-09-28` - `2024-12-27`	3 months	crt.sh
darkwebinformer.com ZeroSSL RSA Domain Secure Site CA	`2024-11-04` - `2025-02-02`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-10-30` - `2025-02-06`	3 months	crt.sh
plausible.io R11	`2024-10-16` - `2025-01-14`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
ghost.io R11	`2024-10-28` - `2025-01-26`	3 months	crt.sh
adtrafficquality.google WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Frame ID: C294DA8CAECF6DFAA8E26B26D7C85F82
Requests: 31 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241118/r20190131/zrt_lookup_fy2021.html
Frame ID: 8DBEE111C152D48598021F5E69335871
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6302231777718437&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1732101969&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x945_l%7C404x945_r&format=0x0&url=https%3A%2F%2Fdarkwebinformer.com%2Fpoc-cve-2024-45519-zimbra-postjournal-exploit%2F&pra=5&wgl=1&aihb=0&aiof=4&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1732101968501&bpp=4&bdt=527&idt=465&shv=r20241118&mjsv=m202411140101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=7096222080761&frm=20&pv=2&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95344188%2C95337196%2C95345966&oid=2&pvsid=1758341077109056&tmod=89693555&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Ft.co%2F&fc=1920&brdim=840%2C840%2C840%2C840%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=509
Frame ID: 2096B346F1E67EACE26F8829E23FFBC9
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: DF4BA81ACBC2885F7F23861B88A900DB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CA6E7CF898450AE5F0A37E934C627BB7
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 184798CA14C5CFEBB2FB2E7B14D2FDC5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PoC CVE-2024-45519 - Zimbra Postjournal Exploit

Page URL History Show full URLs

https://t.co/0ZyuywApqa Page URL
https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

39
Requests

97 %
HTTPS

43 %
IPv6

12
Domains

13
Subdomains

15
IPs

2
Countries

2422 kB
Transfer

6035 kB
Size

6
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://whiteintel.io/?utm_source=darkwebinformer.com&utm_medium=referral&utm_campaign=whiteintel

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=PoC%20CVE-2024-45519%20-%20Zimbra%20Postjournal%20Exploit&url=https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Title: 𝕏

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/&media=https://darkwebinformer.com/content/images/2024/10/9932982.png&description=PoC%20CVE-2024-45519%20-%20Zimbra%20Postjournal%20Exploit
Title: Share on Pinterest

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/&title=PoC%20CVE-2024-45519%20-%20Zimbra%20Postjournal%20Exploit
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519
Title: https://github.com/Chocapikk/CVE-2024-45519

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#cve-2024-45519---zimbra-postjournal-exploit-setup-%EF%B8%8F

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#description-%EF%B8%8F

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#affected-versions-

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#lab-setup-%EF%B8%8F

Search URL Search Domain Scan URL

URL: https://zimbra.github.io/installguides/latest/single.html#Installing_Zimbra_Collaboration_Software
Title: Zimbra Installation Guide

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#exploit-usage-

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#steps

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#references-

Search URL Search Domain Scan URL

URL: https://cyberveille.esante.gouv.fr/alertes/zimbra-cve-2024-45519-2024-10-02
Title: Zimbra CVE-2024-45519 - Cyberveille eSante

Search URL Search Domain Scan URL

URL: https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Title: Zimbra Remote Code Execution Blog - ProjectDiscovery

Search URL Search Domain Scan URL

URL: https://github.com/Chocapikk/CVE-2024-45519#disclaimer-%EF%B8%8F

Search URL Search Domain Scan URL

URL: https://twitter.com/DarkWebInformer
Title: 𝕏

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@DarkWebInformer
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://youtube.com/@DarkWebInformer
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/darkwebinformer/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.darkwebinformer.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.darkwebinformer.com/terms-of-service/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.darkwebinformer.com/transparency/
Title: Transparency Report

Search URL Search Domain Scan URL

URL: https://x.com/DarkWebInformer
Title: Twitter

Search URL Search Domain Scan URL

URL: https://medium.com/@DarkWebInformer
Title: Medium

Search URL Search Domain Scan URL

URL: https://t.me/TheDarkWebInformer
Title: Telegram

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/0ZyuywApqa Page URL
https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 0ZyuywApqa
t.co/ 378 B
947 B 185ms
88ms Document
text/html 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/0ZyuywApqa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: private,max-age=300
cf-cache-status: DYNAMIC
cf-ray: 8e58154a38d7369c-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 20 Nov 2024 11:26:06 GMT
expires: Wed, 20 Nov 2024 11:31:06 GMT
perf: 7402827104
server: cloudflare tsa_b
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 436ef86414045062c3952c19cf0a4ea2f7d70f13541d895c0e90bbf7638d2b26
x-response-time: 19
x-transaction-id: f43bd8b41bdb2278
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/ 127 KB
24 KB 455ms
101ms Document
text/html 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Requested by: Host: t.co
URL: https://t.co/0ZyuywApqa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: b1c21972dd6cc69dcad428bbe0a7111d163bc2f8102fc74505f0ad5ed377eb08

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 48
alt-svc: clear
cache-control: public, max-age=0
content-encoding: gzip
content-length: 23971
content-type: text/html; charset=utf-8
date: Wed, 20 Nov 2024 11:26:07 GMT
etag: W/"1fbd6-z5n+VWJN2T8fXv5ni/nyWI2vfNI"
ghost-fastly: true
server: openresty
status: 200 OK
vary: Cookie, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 4, 0
x-request-id: 12293349-7e2d-4a12-8b6c-030cdf83514f
x-served-by: cache-ams21051-AMS, cache-ams21051-AMS, cache-yul1970063-YUL
x-timer: S1732101968.874426,VS0,VE82

GET
H2 200 9932982.png
darkwebinformer.com/content/images/size/w1304/format/webp/2024/10/ 112 KB
112 KB 104ms
99ms Image
image/webp 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://darkwebinformer.com/content/images/size/w1304/format/webp/2024/10/9932982.png
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: bea8b0f38811ab16c5abcd35077aa8469341bc907f77fc072377b67775505772

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 4f099ef6-93c5-43f2-a32f-8a2a195439bf
etag: W/"1c07a-1925d78125d"
age: 13624
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: image/webp
last-modified: Sat, 05 Oct 2024 16:16:43 GMT
x-cache-hits: 0, 8, 0
x-served-by: cache-ams21026-AMS, cache-ams21026-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101968.990855,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 114810
server: openresty

GET
H2 200 portal.min.js Show response
cdn.jsdelivr.net/ghost/portal@~2.46/umd/ 2 MB
324 KB 238ms
14ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/portal@~2.46/umd/portal.min.js

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0729bfe52c76c10d20099e6ceff036ec74740b810136b6876c4737fb43ea58ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://darkwebinformer.com
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"19946f-EDa0PSj7m9sEd0Cm4DN+0vzjLjQ"
age: 39237
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220035-FRA, cache-yul1970036-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 331194
x-jsd-version: 2.46.1

GET
H2 200 / Show response
js.stripe.com/v3/ 690 KB
180 KB 359ms
40ms Script
text/javascript 18.160.41.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-41-31.iad55.r.cloudfront.net

Software

Cloudfront /

Resource Hash

00e54978e8b1cdbcaf05e1fc4dbef55f835f06127f497ff97434d9629a0035a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-encoding: br
etag: W/"548779efa78bd85503acaeeb4778b6a8"
age: 27
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Wn5-VfyEVaKe69RWf4PusZr77-DZfS3qLv3TW-FOFDX88V-p6SuwsQ==
date: Wed, 20 Nov 2024 11:25:41 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 19 Nov 2024 21:40:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: max-age=60
timing-allow-origin: *
via: 1.1 aef197034a978e986954f2826c90b090.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: IAD55-P1
server: Cloudfront

GET
H2 200 sodo-search.min.js Show response
cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/ 263 KB
83 KB 164ms
11ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/sodo-search.min.js

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5457a83229acb39e1625c8e08964a52c5fbd5e604182ca19416cabc2ebb41169

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://darkwebinformer.com
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"41bb3-TlcqTJJfU4QXEfOqOvmN0FRqtPI"
age: 9177
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230094-FRA, cache-yul1970036-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 84199
x-jsd-version: 1.5.1

GET
H2 200 announcement-bar.min.js Show response
cdn.jsdelivr.net/ghost/announcement-bar@~1.1/umd/ 133 KB
45 KB 239ms
87ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/announcement-bar@~1.1/umd/announcement-bar.min.js

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9bbb29383e6b6b083e0d43954969879f85ccb598ba9d3e5e8f401ea0f5a311c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://darkwebinformer.com
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"21503-KWHfMOfsFaxOHrsJKAryB4KsSAE"
age: 24384
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230124-FRA, cache-yul1970036-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45805
x-jsd-version: 1.1.8

GET
H2 200 cards.min.js Show response
darkwebinformer.com/public/ 6 KB
2 KB 102ms
98ms Script
application/javascript 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/public/cards.min.js?v=a44b8dbef6
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 0d06a9f1-3a7d-40ae-ac03-330d2f56fa7a
content-encoding: gzip
etag: W/"143954965104cf254bf1a498449c6855"
age: 14570
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript
x-served-by: cache-ams2100142-AMS, cache-ams2100142-AMS, cache-yul1970063-YUL
x-cache-hits: 0, 67, 0
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-timer: S1732101968.064261,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1490
server: openresty

GET
H2 200 cards.min.css
darkwebinformer.com/public/ 36 KB
6 KB 102ms
99ms Stylesheet
text/css 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/public/cards.min.css?v=a44b8dbef6
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 895504da7dfe0d1c1d9e43e0d5c3cd07a8b87d8527c73f53e3851a565f55fa3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 0981e3cf-e62a-4ada-9d24-f9a0d6fb7cb5
content-encoding: gzip
etag: W/"906950d25851d4225db427f403965d37"
age: 14570
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: text/css
x-served-by: cache-ams2100098-AMS, cache-ams2100098-AMS, cache-yul1970063-YUL
x-cache-hits: 0, 68, 0
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-timer: S1732101968.990492,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 5965
server: openresty

GET
H2 200 member-attribution.min.js Show response
darkwebinformer.com/public/ 2 KB
971 B 103ms
99ms Script
application/javascript 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/public/member-attribution.min.js?v=a44b8dbef6
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: dbfe9b021eb47cc7899ef34e5d48983563b0fff331e9740bacdc614e21ffd1f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: d233e30a-8ad9-4fd6-ae48-8afcf76b6466
content-encoding: gzip
etag: W/"d3835a893b20615fbdbecc7c556ae8dc"
age: 14570
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript
x-served-by: cache-ams2100105-AMS, cache-ams2100105-AMS, cache-yul1970063-YUL
x-cache-hits: 0, 66, 0
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-timer: S1732101968.064405,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 780
server: openresty

GET
H2 200 script.tagged-events.js Show response
plausible.io/js/ 3 KB
2 KB 242ms
83ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/script.tagged-events.js

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

37-19-207-34.bunnyinfra.net

Software

BunnyCDN-ASB1-925 /

Resource Hash

408eae2e77f4c4fd2c59f449c7b5e49f2e65a3a40b905defe8f18b3dbf51f621

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

cdn-status: 200
content-encoding: br
x-content-type-options: nosniff
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cachedat: 11/20/2024 10:09:02
cdn-cache: HIT
cdn-requestpullcode: 200
cache-control: public, must-revalidate, max-age=86400
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestid: 387adff75b7062eebb196a5245f4b5ae
cross-origin-resource-policy: cross-origin
cdn-pullzone: 682664
cdn-proxyver: 1.06
application: 127.0.0.1
permissions-policy: interest-cohort=()
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: CA

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
52 KB 240ms
98ms Script
text/javascript 64.233.180.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6302231777718437

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f157.1e100.net

Software

cafe /

Resource Hash

2f329a63cd59b8f191968c9e0f96e385e53319be7503b20a5e69a44db26e4967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://darkwebinformer.com
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-encoding: br
etag: 6367197567189216964
x-content-type-options: nosniff
expires: Wed, 20 Nov 2024 11:26:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53384
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 323 KB
108 KB 241ms
82ms Script
application/javascript 2607:f8b0:4004:c07::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-M7VMJ5P1QP

Requested by

Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0b756e4d9d3d7231e55bd90e6a184bdcff9dad038863a2a165c0745f39d01ac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 20 Nov 2024 11:26:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109661
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 Dark-Web-4.png
darkwebinformer.com/content/images/2024/07/ 8 KB
9 KB 101ms
98ms Image
image/png 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://darkwebinformer.com/content/images/2024/07/Dark-Web-4.png
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 43f9b4267de5395bd877b4577a724988018011f9366d18f659c5fe3063a981bc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: e64fe91c-f266-4b65-9ed4-4022a2bf311a
etag: W/"21fa-1909339ed75"
age: 14521
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: image/png
last-modified: Mon, 08 Jul 2024 16:42:45 GMT
x-cache-hits: 0, 61, 0
x-served-by: cache-ams2100118-AMS, cache-ams2100118-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101968.990820,VS0,VE81
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8698
server: openresty

GET
H2 200 app.min.js Show response
darkwebinformer.com/assets/js/ 180 KB
60 KB 102ms
99ms Script
application/javascript 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/assets/js/app.min.js?v=a44b8dbef6
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: f41771c2c8bab4e0ec25a5e0fa9b3aa0852dee29abb167cfe1517cf9655ccb9f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: c21bcd1a-ce0c-4b62-8001-535b73dbedf4
content-encoding: gzip
etag: W/"2ceb4-192cbbc7309"
age: 14570
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-cache-hits: 0, 67, 0
last-modified: Sun, 27 Oct 2024 02:09:38 GMT
x-served-by: cache-ams2100129-AMS, cache-ams2100129-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101968.992088,VS0,VE81
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 61011
server: openresty

GET
H2 200 InterVariable.woff2
darkwebinformer.com/assets/fonts/Inter/ 337 KB
338 KB 143ms
101ms Font
font/woff2 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/assets/fonts/Inter/InterVariable.woff2
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 8af7bd5b545567adffb3dfceb5bedb353a522d7bf1b3a2b8af7b6064156babc0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://darkwebinformer.com
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 43f93950-5c26-464b-8060-86fba364e106
etag: W/"545f4-192cbbc764b"
age: 14522
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: font/woff2
last-modified: Sun, 27 Oct 2024 02:09:38 GMT
x-cache-hits: 0, 61, 0
x-served-by: cache-ams2100105-AMS, cache-ams2100105-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101968.304575,VS0,VE83
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 345588
server: openresty

GET
H2 200 SourceSerif4-VariableFont_opsz,wght.ttf
darkwebinformer.com/assets/fonts/source-serif-4/ 1 MB
538 KB 161ms
119ms Font
font/ttf 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/assets/fonts/source-serif-4/SourceSerif4-VariableFont_opsz,wght.ttf
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 16cadc05a06830fc591a68565d9aaf3cd7e10657743a05f74f290cbc278de727

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://darkwebinformer.com
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 3445a9e2-ece3-4211-9018-5d74e355cce7
content-encoding: gzip
etag: W/"1242b0-192cbbc7655"
age: 14522
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: font/ttf
vary: Accept-Encoding
x-cache-hits: 0, 62, 0
last-modified: Sun, 27 Oct 2024 02:09:38 GMT
x-served-by: cache-ams2100101-AMS, cache-ams2100101-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101968.304564,VS0,VE84
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 549984
server: openresty

GET
H2 200 9932982-2.png
darkwebinformer.com/content/images/size/w1000/2024/10/ 178 KB
178 KB 130ms
99ms Image
image/png 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://darkwebinformer.com/content/images/size/w1000/2024/10/9932982-2.png
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 840317d0cacf3289baf625b70dac95ddff34c9aad42fef66a28456cea9f8b422

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 70ad54d9-5238-4e3e-a841-2122bd3fb90e
etag: W/"2c832-1925d78453f"
age: 48
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: image/png
last-modified: Sat, 05 Oct 2024 16:16:56 GMT
x-cache-hits: 0, 2, 0
x-served-by: cache-ams21072-AMS, cache-ams21072-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101968.304658,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 182322
server: openresty

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/ 434 KB
144 KB 78ms
75ms Script
text/javascript 64.233.180.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6302231777718437

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f157.1e100.net

Software

cafe /

Resource Hash

cfc250d26f35da469a53aaac5d6cc0dc36cce981c0228f6d93b101bdffbbea17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-encoding: br
etag: 3789476990834027916
x-content-type-options: nosniff
expires: Wed, 20 Nov 2024 11:26:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147630
x-xss-protection: 0
server: cafe

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 167ms
39ms Fetch
text/plain 2607:f8b0:4004:c21::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-M7VMJ5P1QP&gtm=45je4bj0v9192326294za200&_p=1732101968085&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1615380691.1732101969&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732101968&sct=1&seg=0&dl=https%3A%2F%2Fdarkwebinformer.com%2Fpoc-cve-2024-45519-zimbra-postjournal-exploit%2F&dr=https%3A%2F%2Ft.co%2F&dt=PoC%20CVE-2024-45519%20-%20Zimbra%20Postjournal%20Exploit&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1204
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M7VMJ5P1QP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c21::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://darkwebinformer.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: text/plain
server: Golfe2

GET
H2 204 /
darkwebinformer.com/members/api/member/ 0
0 104ms
103ms Fetch 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/members/api/member/
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.46/umd/portal.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 909b1a32-5f00-4cad-b3c4-d617c3361239
age: 14522
ghost-fastly: true
status: 204 No Content
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
x-served-by: cache-ams21067-AMS, cache-ams21067-AMS, cache-yul1970063-YUL
x-cache-hits: 0, 68, 0
vary: Cookie
cache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
x-timer: S1732101969.773889,VS0,VE86
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
server: openresty

POST
H2 202 event Show response
plausible.io/api/ 2 B
510 B 191ms
131ms XHR
text/plain 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/script.tagged-events.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: GAmpkEyt4tTdleEDeGeK
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: text/plain; charset=utf-8
cdn-cachedat: 11/20/2024 11:26:08
cdn-requestpullcode: 202
cache-control: must-revalidate, max-age=0, private
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestid: 43f7c930cac0df4ffdd97b99260243c0
access-control-allow-credentials: true
cdn-pullzone: 682664
cdn-proxyver: 1.06
application: 127.0.0.1
permissions-policy: interest-cohort=()
x-plausible-dropped: 1
access-control-allow-origin: *
content-length: 2
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: CA

GET
H2 200 whiteintelio.jpg
darkwebinformer.com/content/images/2024/08/ 21 KB
21 KB 100ms
99ms Image
image/jpeg 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://darkwebinformer.com/content/images/2024/08/whiteintelio.jpg
Requested by: Host: darkwebinformer.com
URL: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 3b5264d99db72e6e95479a41be7209f203eb24a7a4737206e5270d8df5c56298

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: 594a5a07-1188-4752-a789-cdfdaffd232a
etag: W/"5451-1912979a8c4"
age: 14522
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:08 GMT
content-type: image/jpeg
last-modified: Tue, 06 Aug 2024 20:55:24 GMT
x-cache-hits: 0, 60, 0
x-served-by: cache-ams2100116-AMS, cache-ams21020-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101969.815333,VS0,VE81
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21585
server: openresty

GET
H2 200 / Show response
darkwebinformer.com/members/api/announcement/ 348 B
493 B 108ms
100ms Fetch
application/json 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/members/api/announcement/
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/announcement-bar@~1.1/umd/announcement-bar.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 7cfbbfc95237772560764b0bf0279185321400d89594d2d812f1aa20588fda44

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: e1096a59-6c7d-4b95-a9ad-1e8ac52af17b
content-encoding: gzip
etag: W/"15c-hRqQxYvRZqrUJaI959HDEbDgjWA"
age: 14522
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:09 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-ams2100085-AMS, cache-ams2100085-AMS, cache-yul1970063-YUL
x-cache-hits: 0, 74, 0
vary: Cookie, Accept-Encoding
cache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
x-timer: S1732101969.967507,VS0,VE81
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 234
server: openresty

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241118/r20190131/ Frame 8DBE 0
0 121ms
32ms Document
text/html 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20241118/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 60258
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4128
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Nov 2024 18:41:51 GMT
etag: 17661348622971093804
expires: Tue, 03 Dec 2024 18:41:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 403 ads
googleads.g.doubleclick.net/pagead/ Frame 2096 0
0 93ms
59ms Document
text/html 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6302231777718437&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1732101969&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x945_l%7C404x945_r&format=0x0&url=https%3A%2F%2Fdarkwebinformer.com%2Fpoc-cve-2024-45519-zimbra-postjournal-exploit%2F&pra=5&wgl=1&aihb=0&aiof=4&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1732101968501&bpp=4&bdt=527&idt=465&shv=r20241118&mjsv=m202411140101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=7096222080761&frm=20&pv=2&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95344188%2C95337196%2C95345966&oid=2&pvsid=1758341077109056&tmod=89693555&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Ft.co%2F&fc=1920&brdim=840%2C840%2C840%2C840%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=509

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 20 Nov 2024 11:26:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
dark-web-informer.ghost.io/ghost/api/content/settings/ 13 KB
5 KB 103ms
102ms Fetch
application/json 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://dark-web-informer.ghost.io/ghost/api/content/settings/?key=0820bc7140f1158c924ef135e9&limit=all
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.46/umd/portal.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 4b831ff3c4538b29d432d8f44e2350d546faaa5bccab4197ec04a1684d521a6d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-version: v5.101
x-request-id: 61583a5d-260b-481b-b39f-cd145ef6675d
content-encoding: gzip
etag: W/"35af-FvBYJsFPMBJzDp0Kca39aGrS8AY"
age: 14569
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:09 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-ams21065-AMS, cache-ams21065-AMS, cache-yul1970040-YUL
x-cache-hits: 0, 78, 0
vary: Accept-Version, Cookie, Accept-Encoding
cache-control: public, max-age=0
x-timer: S1732101969.359172,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4408
server: openresty

GET
H2 200 / Show response
dark-web-informer.ghost.io/ghost/api/content/tiers/ 3 KB
1 KB 100ms
99ms Fetch
application/json 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://dark-web-informer.ghost.io/ghost/api/content/tiers/?key=0820bc7140f1158c924ef135e9&limit=all&include=monthly_price,yearly_price,benefits
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.46/umd/portal.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: c195b007f76fe12aa8f3b337d7242f13b40f7dd9c6d8958ad9c09004f68cb69f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-version: v5.101
x-request-id: 4b7f9a3c-bbbb-4b73-bfd3-028b74df3fd1
content-encoding: gzip
etag: W/"bbe-suvAsHDK1LmhFfAx/HnOeCCaseE"
age: 14569
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:09 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-ams2100084-AMS, cache-ams2100084-AMS, cache-yul1970040-YUL
x-cache-hits: 0, 74, 0
vary: Accept-Version, Cookie, Accept-Encoding
cache-control: public, max-age=0
x-timer: S1732101969.357457,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1092
server: openresty

GET
H2 200 / Show response
dark-web-informer.ghost.io/ghost/api/content/newsletters/ 480 B
659 B 102ms
102ms Fetch
application/json 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://dark-web-informer.ghost.io/ghost/api/content/newsletters/?key=0820bc7140f1158c924ef135e9&limit=all
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.46/umd/portal.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 020095ee03c005f5ee0fdb95df20132588b0f72d5eea8ac13a99bb1c98f2e60b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-version: v5.101
x-request-id: 2b5a172f-070e-4b0a-bec5-7d2def5886ee
content-encoding: gzip
etag: W/"1e0-O+VSvyQEYo1MLz/qifC9TlrZ57U"
age: 14569
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:09 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-ams2100122-AMS, cache-ams21023-AMS, cache-yul1970040-YUL
x-cache-hits: 0, 119, 0
vary: Accept-Version, Cookie, Accept-Encoding
cache-control: public, max-age=0
x-timer: S1732101969.359388,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 350
server: openresty

OPTIONS
H2 204 /
dark-web-informer.ghost.io/ghost/api/content/settings/ Frame 0
0 304ms
100ms Preflight 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://dark-web-informer.ghost.io/ghost/api/content/settings/?key=0820bc7140f1158c924ef135e9&limit=all
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://darkwebinformer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
age: 14522
alt-svc: clear
cache-control: public, max-age=0
content-version: v5.101
date: Wed, 20 Nov 2024 11:26:09 GMT
ghost-fastly: true
server: openresty
status: 204 No Content
vary: Accept-Version, Access-Control-Request-Headers, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 63, 0
x-request-id: 92ad4216-f283-491b-9613-5ff4249ca467
x-served-by: cache-ams21022-AMS, cache-ams21022-AMS, cache-yul1970040-YUL
x-timer: S1732101969.257734,VS0,VE82

OPTIONS
H2 204 /
dark-web-informer.ghost.io/ghost/api/content/tiers/ Frame 0
0 300ms
98ms Preflight 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://dark-web-informer.ghost.io/ghost/api/content/tiers/?key=0820bc7140f1158c924ef135e9&limit=all&include=monthly_price,yearly_price,benefits
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://darkwebinformer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
age: 14522
alt-svc: clear
cache-control: public, max-age=0
content-version: v5.101
date: Wed, 20 Nov 2024 11:26:09 GMT
ghost-fastly: true
server: openresty
status: 204 No Content
vary: Accept-Version, Access-Control-Request-Headers, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 63, 0
x-request-id: 948ec554-80a7-46c7-9a8b-6c4f4f935fae
x-served-by: cache-ams2100097-AMS, cache-ams2100097-AMS, cache-yul1970040-YUL
x-timer: S1732101969.257788,VS0,VE81

OPTIONS
H2 204 /
dark-web-informer.ghost.io/ghost/api/content/newsletters/ Frame 0
0 303ms
101ms Preflight 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://dark-web-informer.ghost.io/ghost/api/content/newsletters/?key=0820bc7140f1158c924ef135e9&limit=all
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://darkwebinformer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
age: 14522
alt-svc: clear
cache-control: public, max-age=0
content-version: v5.101
date: Wed, 20 Nov 2024 11:26:09 GMT
ghost-fastly: true
server: openresty
status: 204 No Content
vary: Accept-Version, Access-Control-Request-Headers, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT, MISS
x-cache-hits: 0, 63, 0
x-request-id: 3db742e2-f7f0-4d8e-9a49-ab410f02b4ea
x-served-by: cache-ams21026-AMS, cache-ams21026-AMS, cache-yul1970040-YUL
x-timer: S1732101969.257748,VS0,VE82

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 131ms
55ms XHR
application/json 142.251.163.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241118&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f154.1e100.net

Software

cafe /

Resource Hash

b3755c29404b23c40c20a6fbebf59976678ed1f31064d600528031062fe9a531

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13039
date: Wed, 20 Nov 2024 11:26:09 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 7458211-1.png
darkwebinformer.com/content/images/size/w256h256/2024/07/ 167 KB
168 KB 106ms
106ms Other
image/png 2a04:4e42:200::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://darkwebinformer.com/content/images/size/w256h256/2024/07/7458211-1.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: c5de53f058e28bfb87642fb245c249218e58843b2d9c9356051cb2248911a2dc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

x-request-id: b36e5d6e-489f-45e4-a7f8-26d6cbf910ce
etag: W/"29cd3-19089be3ef8"
age: 14592
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, MISS
date: Wed, 20 Nov 2024 11:26:09 GMT
content-type: image/png
last-modified: Sat, 06 Jul 2024 20:31:04 GMT
x-cache-hits: 0, 67, 0
x-served-by: cache-ams21056-AMS, cache-ams21056-AMS, cache-yul1970063-YUL
cache-control: public, max-age=31536000
x-timer: S1732101969.182786,VS0,VE82
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 171219
server: openresty

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 18 KB
7 KB 225ms
44ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Wed, 20 Nov 2024 11:26:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 11:26:09 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame DF4B 0
0 91ms
30ms Document
text/html 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2657
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Nov 2024 10:41:52 GMT
expires: Wed, 20 Nov 2024 11:31:52 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame CA6E 0
0 244ms
46ms Document
text/html 172.253.115.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f147.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-w5sYBdJ9107aSMmt6HOS-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-w5sYBdJ9107aSMmt6HOS-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Nov 2024 11:26:09 GMT
expires: Wed, 20 Nov 2024 11:26:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
ep1.adtrafficquality.google/pagead/ 0
0

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 1847 0
0 89ms
32ms Document
text/html 18.160.41.30

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.30 -, , ASN (),

Reverse DNS

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://darkwebinformer.com/poc-cve-2024-45519-zimbra-postjournal-exploit/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3131
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 20 Nov 2024 10:34:03 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 15 Nov 2024 21:14:25 GMT
origin-agent-cluster: ?1
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 511745193044dd821565d8b363201e08.cloudfront.net (CloudFront)
x-amz-cf-id: _nIdpidpMKGVShEDgh7Fqsenf9d-qauKmYnHb_dKWsKXPUM0Bg5hcg==
x-amz-cf-pop: IAD55-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241118&jk=1758341077109056&bg=!5eal5qnNAAY7_TBtG_07ADQBe5WfOMIVxxcvBtX5u6BbPvNu2NDIJ1vo7Ut3WXr9aajgdlcZpDQONRQ3m2waFMoz9H9tAgAAAONSAAAAA2gBB34ANiNEY8JpfTpzlsXrqviIzfcfeQNiV1aCxvITBJSF-SIzB6V5O5ZJlQvABTGsF5diF354icPT55kCmFlLMxvNzmW7a3kMNuts2FJlCuKdH1Zex5Gcvp6_Qkaz5F_3BChdXjY158B1oFN-7ld8m6Ec8NUZyTH8LlAPGWAOtRKURTYWkpkRB3Y7sIqXw_7obI-dh7q5xoLZLpd3B3piFdGnR0AiywAZhQqikjNQ9LMTirnjOhdb5C5NtduLNxqkctIAqRgQYPNliz0Gr6Q4JMhEqMS67R8JpSa0x41P0ztnwmYL8ThAipzi-GJqtVir8MxUT9RtPrCYwGEU857EgkLSHuB_Ju9zPddDy-t2ibeG84SofKqf54xKljYQ4jUqSCxYD2m6HJxCHInudVIskCstwy8I8kazBWexa8wC01HoVwJJeIsXP6BvWXatPdsn7XuQDgUDtK8WYB_rm_j7lh_K7a3mAGoxsP4-kHyGpBvCKnhfXVux8TIv3ZgsZm-UgSFzBWNEX7jW3OJ0B994wEtgrsYs-32vNx-gY_4rLQnK_8M8oicOsWksU7ufWPqDNcZiPH-bn2csBHdgNsKqzE4zXtfJqbVlPgNDjXYMvSxVnYhHsik9u0eLbQw5brm7KHWc3uFAxA4RlCGZ2bAOPteBkEmP1TJoYIwT0J-rMH8gSNBBWt-wpSPlKcAb9nurnZVm49XYqiv_yYc21EzrP-_K8kmJOMrXdiaDvD7a75VGwG9HC_VY6Knbc5igOOx_5yauseBW5FjCTphgy0p_nA9Gz-OV_NL2QF4pW7dtzFryby37_pxL9jscxGof7ysPpDCYs9xIaY8ugza_1YorfeahTHXC5J1qzMbsVYisu4awjf7TVRegKAn6nmZf0Nkq-97Bg6PULWqS2OzKtb-LCVnMJ2m4qPCjY0D8dFE1buLXGJeHyWhQLgLLHN60APUDz3YQVLs

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 10:44:21	Name: muc Value: 0a15b083-9d0d-4600-8d12-0376ff89a3e6
.t.co/	1970-01-21 10:44:21	Name: muc_ads Value: 0a15b083-9d0d-4600-8d12-0376ff89a3e6
.t.co/	1970-01-21 01:08:23	Name: __cf_bm Value: yo_lC8LF4dgDgNUk2k52BA.4zrIkSaWLv8bbEdq3LE4-1732101966-1.0.1.1-GUSO2sZPPFkKRrVWh2orU0EDmTz9wyKu3IKaBONdRmGiiIE7fFlPPcazI6OUIiTPJG77UzLru5OyB0B8FiipUw
.darkwebinformer.com/	1970-01-21 10:44:21	Name: _ga_M7VMJ5P1QP Value: GS1.1.1732101968.1.0.1732101968.0.0.0
.darkwebinformer.com/	1970-01-21 10:44:21	Name: _ga Value: GA1.1.1615380691.1732101969
.doubleclick.net/	1970-01-21 01:08:22	Name: test_cookie Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
dark-web-informer.ghost.io
darkwebinformer.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
googleads.g.doubleclick.net
js.stripe.com
pagead2.googlesyndication.com
plausible.io
t.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
ep1.adtrafficquality.google
142.251.163.154
162.159.140.229
172.253.115.147
172.253.115.156
18.160.41.30
18.160.41.31
2607:f8b0:4004:c06::84
2607:f8b0:4004:c07::61
2607:f8b0:4004:c21::8b
2a04:4e42:200::775
2a04:4e42:600::485
2a04:4e42:600::775
37.19.207.34
64.233.180.157
00e54978e8b1cdbcaf05e1fc4dbef55f835f06127f497ff97434d9629a0035a4
020095ee03c005f5ee0fdb95df20132588b0f72d5eea8ac13a99bb1c98f2e60b
0729bfe52c76c10d20099e6ceff036ec74740b810136b6876c4737fb43ea58ff
0b756e4d9d3d7231e55bd90e6a184bdcff9dad038863a2a165c0745f39d01ac0
16cadc05a06830fc591a68565d9aaf3cd7e10657743a05f74f290cbc278de727
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2f329a63cd59b8f191968c9e0f96e385e53319be7503b20a5e69a44db26e4967
3b5264d99db72e6e95479a41be7209f203eb24a7a4737206e5270d8df5c56298
408eae2e77f4c4fd2c59f449c7b5e49f2e65a3a40b905defe8f18b3dbf51f621
43f9b4267de5395bd877b4577a724988018011f9366d18f659c5fe3063a981bc
4b831ff3c4538b29d432d8f44e2350d546faaa5bccab4197ec04a1684d521a6d
5457a83229acb39e1625c8e08964a52c5fbd5e604182ca19416cabc2ebb41169
7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b
7cfbbfc95237772560764b0bf0279185321400d89594d2d812f1aa20588fda44
840317d0cacf3289baf625b70dac95ddff34c9aad42fef66a28456cea9f8b422
895504da7dfe0d1c1d9e43e0d5c3cd07a8b87d8527c73f53e3851a565f55fa3d
8af7bd5b545567adffb3dfceb5bedb353a522d7bf1b3a2b8af7b6064156babc0
9bbb29383e6b6b083e0d43954969879f85ccb598ba9d3e5e8f401ea0f5a311c1
b1c21972dd6cc69dcad428bbe0a7111d163bc2f8102fc74505f0ad5ed377eb08
b3755c29404b23c40c20a6fbebf59976678ed1f31064d600528031062fe9a531
bea8b0f38811ab16c5abcd35077aa8469341bc907f77fc072377b67775505772
c195b007f76fe12aa8f3b337d7242f13b40f7dd9c6d8958ad9c09004f68cb69f
c5de53f058e28bfb87642fb245c249218e58843b2d9c9356051cb2248911a2dc
cfc250d26f35da469a53aaac5d6cc0dc36cce981c0228f6d93b101bdffbbea17
dbfe9b021eb47cc7899ef34e5d48983563b0fff331e9740bacdc614e21ffd1f2
f41771c2c8bab4e0ec25a5e0fa9b3aa0852dee29abb167cfe1517cf9655ccb9f
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

darkwebinformer.com Open in urlscan Pro 2a04:4e42:200::775 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

39 Requests

97 %HTTPS

43 %IPv6

12 Domains

13 Subdomains

15 IPs

2 Countries

2422 kBTransfer

6035 kBSize

6 Cookies

27 Outgoing links

Page URL History

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

darkwebinformer.com Open in urlscan Pro
2a04:4e42:200::775 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

97 %
HTTPS

43 %
IPv6

12
Domains

13
Subdomains

15
IPs

2
Countries

2422 kB
Transfer

6035 kB
Size

6
Cookies

39 HTTP transactions
0 data transactions