marcoramilli.com Open in urlscan Pro
192.0.78.227 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Submission: On March 13 via api (March 13th 2024, 9:36:26 am UTC) from SA — Scanned from DE

Summary HTTP 45 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 6 domains to perform 45 HTTP transactions. The main IP is 192.0.78.227, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is marcoramilli.com.
TLS certificate: Issued by R3 on February 13th 2024. Valid for: 3 months.

This is the only time marcoramilli.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	192.0.78.227 192.0.78.227	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
3	151.101.0.176 151.101.0.176	54113 (FASTLY) (FASTLY)
7	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
5	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	52.30.212.147 52.30.212.147	16509 (AMAZON-02) (AMAZON-02)
1	54.76.197.238 54.76.197.238	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:205... 2600:9000:2057:d400:19:7d10:bd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	192.0.78.22 192.0.78.22	2635 (AUTOMATTIC) (AUTOMATTIC)
1	50.112.21.45 50.112.21.45	16509 (AMAZON-02) (AMAZON-02)
45	12

17 192.0.78.227 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

marcoramilli.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

cdn.hu-manity.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.0.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.212.147 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-212-147.eu-west-1.compute.amazonaws.com

transactional-api.hu-manity.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.197.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-197-238.eu-west-1.compute.amazonaws.com

designer-api.hu-manity.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:d400:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.22 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.112.21.45 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-50-112-21-45.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	marcoramilli.com marcoramilli.com	366 KB
15	wp.com i0.wp.com — Cisco Umbrella Rank: 3604 s0.wp.com — Cisco Umbrella Rank: 8289 stats.wp.com — Cisco Umbrella Rank: 2760 pixel.wp.com — Cisco Umbrella Rank: 2744 widgets.wp.com — Cisco Umbrella Rank: 11543	594 KB
5	hu-manity.co cdn.hu-manity.co — Cisco Umbrella Rank: 66636 transactional-api.hu-manity.co — Cisco Umbrella Rank: 71762 designer-api.hu-manity.co — Cisco Umbrella Rank: 66599	90 KB
4	stripe.com js.stripe.com — Cisco Umbrella Rank: 1155 m.stripe.com — Cisco Umbrella Rank: 1134	170 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1243	16 KB
1	wordpress.com public-api.wordpress.com — Cisco Umbrella Rank: 9681	4 KB
45	6

	Domain	Requested by
17	marcoramilli.com	marcoramilli.com
7	i0.wp.com	marcoramilli.com
4	s0.wp.com	marcoramilli.com widgets.wp.com public-api.wordpress.com
3	js.stripe.com	marcoramilli.com js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	pixel.wp.com	marcoramilli.com
2	transactional-api.hu-manity.co	cdn.hu-manity.co
2	cdn.hu-manity.co	marcoramilli.com cdn.hu-manity.co
1	m.stripe.com	m.stripe.network
1	public-api.wordpress.com	s0.wp.com
1	widgets.wp.com	marcoramilli.com
1	designer-api.hu-manity.co	cdn.hu-manity.co
1	stats.wp.com	marcoramilli.com
45	13

This site contains links to these domains. Also see Links.

Domain
marcoramilli154858538.wordpress.com
docs.microsoft.com
github.com
themeskingdom.com
twitter.com
it.linkedin.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2024-02-13` - `2024-05-13`	3 months	crt.sh
cdn.hu-manity.co R3	`2024-02-11` - `2024-05-11`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-02-07` - `2024-05-09`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
transactional-api.hu-manity.co Amazon RSA 2048 M02	`2023-04-18` - `2024-05-17`	a year	crt.sh
designer-api.hu-manity.co Amazon RSA 2048 M01	`2023-04-18` - `2024-05-17`	a year	crt.sh
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2024-05-23`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Frame ID: 7164F143BF22DE3FF04EEBADB7A95D10
Requests: 35 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20240313
Frame ID: 3106432A7EE883F1BC54CE44E346B675
Requests: 3 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: B7C8B0F48236DEE47BD3C278F7F7BB86
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: A6AA8F6103E44D7A382FC82083606582
Requests: 3 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: A3B79303E84F6ECDE7181AC8CEF3B44C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Running Shellcode Through Windows Callbacks

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

45
Requests

98 %
HTTPS

18 %
IPv6

6
Domains

13
Subdomains

12
IPs

3
Countries

1247 kB
Transfer

3098 kB
Size

3
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://marcoramilli154858538.wordpress.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/api/windef/ns-windef-rect
Title: RECT

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nc-winuser-monitorenumproc
Title: MonitorEnumProc

Search URL Search Domain Scan URL

URL: https://github.com/aahmad097/AlternativeShellcodeExec
Title: repo

Search URL Search Domain Scan URL

URL: http://themeskingdom.com/
Title: Themes Kingdom

Search URL Search Domain Scan URL

URL: https://twitter.com/marco_ramilli

Search URL Search Domain Scan URL

URL: https://it.linkedin.com/in/marcoramilli

Search URL Search Domain Scan URL

URL: https://github.com/marcoramilli

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/ 91 KB
21 KB 678ms
604ms Document
text/html 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

638b7f9ded97c4fcaaa0daa17308e432d501a002e486277dc2dcc4f890edd2a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 13 Mar 2024 09:36:20 GMT
host-header: WordPress.com
link: <https://marcoramilli.com/wp-json/>; rel="https://api.w.org/" <https://marcoramilli.com/wp-json/wp/v2/posts/11011>; rel="alternate"; type="application/json" <https://wp.me/pawnvU-2RB>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.hhn _atomic_ams BYPASS
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-pingback: https://marcoramilli.com/xmlrpc.php

GET
H2 200 hu-banner.min.js Show response
cdn.hu-manity.co/ 101 KB
32 KB 125ms
28ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hu-manity.co/hu-banner.min.js
Requested by: Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 73bbd40acb5181ac8b22bb37e19cdb362f90920a368abef22f56023d97c6b973

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:20 GMT
content-encoding: gzip
last-modified: Fri, 01 Mar 2024 12:32:09 GMT
server: keycdn
x-amz-request-id: TK55BHTH4AT7PQCW
x-edge-location: defr
etag: W/"422d12622a0359904d4584fd490dcfbd"
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
link: <http://ert-banner.s3-website-eu-west-1.amazonaws.com/hu-banner.min.js>; rel="canonical"
x-shield: active
x-amz-id-2: dcxkJlZJUwDfNUD4r20F2oJv/0YdSeGiA/QryRsRHLRziUf274HKEru1nksqCJkZ6C0lCnK8y04=
expires: Wed, 20 Mar 2024 09:36:20 GMT

GET
H2 200 /
marcoramilli.com/_jb_static/ 863 KB
128 KB 641ms
639ms Stylesheet
text/css 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/_jb_static/??-eJydUkluwzAM/E1PVVQXaXMKeinQB/QBhSwRNmNaFEQZiX9f2VnguHAS9MaRZkZDivugLPsEPulAXYVe9A5SMLbRLbuOQHQEMgmcCixphlZW5Hn/16LqMiwhVrrskJwuiW2jCMtoYq8l9QRLUjI9d0lVEd01Eb2lzuU8O9EtODRA0A7KKQhZDlERVMb2qxb9XXW+m+KpZh7N8tiHaIeSjuHU+UwV/1LBIXMF2S+O8qbceGxNyvJl9YjH88g0NTn+SW49cXz0Hy23gX1myO1PvIS+jP0TAngH3mIGX/xpnOv19+AhJ+9hrSQtOc6XkrCBOyEITNOrYPq9IdI6szSKdNCqq5u5PNV5EURDxAX/CUHZeoi+uKepRtuUfLgUj7YntYngxiENJfrqnvInv6uFLRpSxBXLFbi11meHYUCneqB+tNtiU7y8vm/Wb+snW26LX4qfmTg=

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

37ab93bf4319d2fb396a6f8cfa2c1058ee66ecaec922eb2fabbf3d6eb906c568

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Mar 2024 18:17:34 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"4d6b4066fb2568cff624068dce76d504"
vary: Accept-Encoding, Cookie
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H2 200 dashicons.min.css
marcoramilli.com/wp-includes/css/ 58 KB
35 KB 169ms
166ms Stylesheet
text/css 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-includes/css/dashicons.min.css?ver=6.4.3

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:20 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"603ffca6-e688"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 stylesheet.css
marcoramilli.com/wp-content/themes/eris-child/assets/fonts/Sk-Modernist/ 0
0 572ms
570ms Stylesheet
text/html 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-content/themes/eris-child/assets/fonts/Sk-Modernist/stylesheet.css?ver=1.0.0.1559223638

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
x-ac: 2.hhn _atomic_ams BYPASS
server: nginx
vary: Accept-Encoding, Cookie
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
host-header: WordPress.com
link: <https://marcoramilli.com/wp-json/>; rel="https://api.w.org/"
alt-svc: h3=":443"; ma=86400
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 related-posts.min.js Show response
marcoramilli.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 167ms
165ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?m=1687202188

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:20 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6490a98c-1661"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
marcoramilli.com/wp-includes/js/jquery/ 86 KB
31 KB 167ms
166ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:20 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
marcoramilli.com/wp-includes/js/jquery/ 13 KB
5 KB 164ms
163ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-includes/js/jquery/jquery-migrate.min.js?m=1686289764

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:20 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6482bd64-3509"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 605 KB
168 KB 116ms
27ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/?ver=4.21.2

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

4562ab90ec43ccae0cc2070788894ecfa6823800f3634cd2d2e400dbba6d0a27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Wed, 13 Mar 2024 09:36:20 GMT
via: 1.1 varnish
age: 58
x-cache: HIT
content-length: 171322
x-request-id: c0ca56b6-1908-4c58-899c-2c44e2cef084
x-served-by: cache-fra-eddf8230126-FRA
last-modified: Tue, 12 Mar 2024 20:44:13 GMT
server: Fastly
etag: "350a4c7358c8ba0e7e8a4f2a9733976b"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 69

GET
H2 200 /
marcoramilli.com/ 3 KB
1 KB 552ms
550ms Stylesheet
text/css 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/?custom-css=56d4b25600

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

79c8d643600bdc51146560b8e2108debf7a401aaf322cb46ff4888774f087ae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
x-ac: 2.hhn _atomic_ams BYPASS
server: nginx
vary: Accept-Encoding, Cookie
content-type: text/css;charset=utf-8
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
expires: Thu, 13 Mar 2025 09:36:21 GMT

GET
H2 200 dmpu1ofwaaa77eb.jpg
i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/ 10 KB
10 KB 95ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/dmpu1ofwaaa77eb.jpg?fit=600%2C600&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

99974ebe1d055ebcadff1914603a7ed23f646b7dd94461e0f01fb37e33ae8ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:20 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 9986
x-nc: HIT hhn 2
last-modified: Fri, 29 Apr 2022 09:08:19 GMT
server: nginx
etag: "f824657a50b102e9"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2019/01/dmpu1ofwaaa77eb.jpg>; rel="canonical"
expires: Sun, 28 Apr 2024 21:08:19 GMT

GET
H3 200 logo-.png
i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/ 260 B
634 B 31ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/logo-.png?fit=43%2C32&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8fd0274f33aba667e15fb867f4027526a5f3c82b6d754d58b0dbaf4218a1dca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 260
x-nc: HIT hhn 1
last-modified: Sat, 11 Jun 2022 17:24:47 GMT
server: nginx
etag: "1a796aa8b13c9f87"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2019/01/logo-.png>; rel="canonical"
expires: Tue, 11 Jun 2024 05:24:47 GMT

GET
H2 200 award-icon-06.png
marcoramilli.com/wp-content/uploads/2019/08/ 54 KB
55 KB 556ms
555ms Image
image/png 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://marcoramilli.com/wp-content/uploads/2019/08/award-icon-06.png

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7191824148eeadc748866a687e205dbfae408fbd4f6c715ccf0b1f1499faac5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Mon, 19 Aug 2019 10:35:58 GMT
server: nginx
etag: "5d5a7b8e-d9b4"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 55732
expires: Wed, 20 Mar 2024 09:36:20 GMT

GET
H2 200 callback_asm1.png
i0.wp.com/marcoramilli.com/wp-content/uploads/2022/06/ 317 KB
318 KB 348ms
280ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2022/06/callback_asm1.png?resize=1024%2C692&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

f0830f89ab373b6254ebfea10ef79abb0ad0a5b0592837037418f54efd939656

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 324942
x-nc: MISS hhn 4
last-modified: Wed, 13 Mar 2024 09:36:21 GMT
server: nginx
etag: "d5433e245a3b413b"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2022/06/callback_asm1.png>; rel="canonical"
expires: Fri, 13 Mar 2026 21:36:21 GMT

GET
H2 200 WindowsExec_RunShellCode.png
i0.wp.com/marcoramilli.com/wp-content/uploads/2022/06/ 230 KB
230 KB 275ms
275ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2022/06/WindowsExec_RunShellCode.png?resize=1024%2C487&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ba594411f1a6e18c149e85d4a0e6aeaa4b2bdd8229aacdb623ccfc8fbf24d2e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 235332
x-nc: MISS hhn 4
last-modified: Wed, 13 Mar 2024 09:36:21 GMT
server: nginx
etag: "d5fce88c5b795107"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2022/06/WindowsExec_RunShellCode.png>; rel="canonical"
expires: Fri, 13 Mar 2026 21:36:21 GMT

GET
H3 200 tw-.png
i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/ 172 B
545 B 28ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/tw-.png?w=1100&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

237876322ebfd7d79782d972b8f734f8ffb31367972e1c9ff682f6d2b0d16987

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 172
x-nc: HIT hhn 3
last-modified: Sat, 05 Nov 2022 22:49:14 GMT
server: nginx
etag: "4c27b646c1a5917e"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2019/01/tw-.png>; rel="canonical"
expires: Tue, 05 Nov 2024 10:49:14 GMT

GET
H3 200 lnk-.png
i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/ 142 B
516 B 32ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/lnk-.png?w=1100&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

43b29ccb89bd53bdfb5611991e2725262a7889e0c67a88d5bb0ea33e7586658f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 142
x-nc: HIT hhn 3
last-modified: Sat, 05 Nov 2022 22:49:14 GMT
server: nginx
etag: "e5ee542212fbe233"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2019/01/lnk-.png>; rel="canonical"
expires: Tue, 05 Nov 2024 10:49:14 GMT

GET
H3 200 gg-.png
i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/ 192 B
565 B 32ms
32ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/marcoramilli.com/wp-content/uploads/2019/01/gg-.png?w=1100&ssl=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c79b7b90b707dfe7f305cf302f41b979637677aa3e7ca543570c524d6f665224

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 192
x-nc: HIT hhn 3
last-modified: Sat, 05 Nov 2022 22:49:14 GMT
server: nginx
etag: "7139dc08f881737b"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://marcoramilli.com/wp-content/uploads/2019/01/gg-.png>; rel="canonical"
expires: Tue, 05 Nov 2024 10:49:14 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
3 KB 89ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202411
Requested by: Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 13 Mar 2024 09:36:21 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
last-modified: Wed, 15 Nov 2023 17:05:24 GMT
server: nginx
etag: W/"6554fa54-161b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 11 Mar 2025 00:00:01 GMT

GET
H3 200 /
marcoramilli.com/_jb_static/ 32 KB
7 KB 511ms
511ms Stylesheet
text/css 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/_jb_static/??-eJyVjFsKgCAQAG/TV7YYZP5IZ6l1CcsXreL1I6gD9DvDTMsCUywUC2RfdxcZDip5xRNCstUTA65XqkweuLlMl9hqtJ4GZO7bj/oV4gPPYAlGqnmUk9ZKd7gZeQPXWDWJ

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d4a96fc2c46cebec9d17c4e4864e8c407cbaf62ab9d8bdd05ea097dbef6285b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 27 Dec 2022 16:34:28 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"3a0c4ed1f018394cb646c865bb93cbe0"
vary: Accept-Encoding, Cookie
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
marcoramilli.com/_jb_static/ 158 KB
43 KB 435ms
435ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/_jb_static/??-eJyVktFOwzAMRf+GJ7JQIQ3xMPEpyE3czW0Sh9hdV76eboUxoJPGS5RE51xbToZsHCfFpDaHfktJbIuawXWmZhb9Or3uMXkuFnrlCKrkzhxF2KJxPllPk3A+rlq5H/7GO64Du05muv2+MJAmV4lvNueexCql0chAGcu/ix7dWTWUSAkCvV+NCQjdaDKMA4RwjInkCkf2EFaRrvX9x/pxYfZTSQ+Kt9riCmX9ResOI4rFQmJBBFWOaII9bZdGuoxLR9kESp1p2PViGjp8epRc6D2eKN2R62o+nDe3ZYcJnteFzPatxzLaniw2DTq9mOYldvpbEhg8+itIBOFUxoXnWO7LcYyn8bzETfVUPVTr9frx+c7Vm+oDoK8uWQ==

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3cde33785b085e367cf68600669ae3ad6d04c514b53cef05b7ffe34b3e41a72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 11 Mar 2024 14:17:19 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"b97cff8d1737bd7837e2323e88329620"
vary: Accept-Encoding, Cookie
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H2 200 e-202411.js Show response
stats.wp.com/ 7 KB
3 KB 90ms
28ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202411.js
Requested by: Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Wed, 13 Mar 2024 09:36:21 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14377-1704402356565.5398
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Mon, 10 Mar 2025 09:07:41 GMT

GET
H3 200 / Show response
marcoramilli.com/_jb_static/ 31 KB
10 KB 234ms
233ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/_jb_static/??-eJyNjDEOgzAMAH/DVDCRkNIMqE9BwVitgzGBxOL7Xcre9U53V25x10paIYu9WQskqjniChMrwmwsC2A8dyskt2tv0G2sXSqP66+N8EoFDiOjT9RF6Pz1r210vn8G73wYGpxH9wVlHTfQ

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d7ac19caabe2e720977d0fd68a420ad70957f78e76822d6c41f41a205b0eb7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 26 Feb 2024 18:23:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"1e477144310017fe77909b95acf6dac8"
vary: Accept-Encoding, Cookie
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H3 200 sharing.min.js Show response
marcoramilli.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/ 9 KB
3 KB 167ms
167ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=13.3-a.1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Mar 2023 19:14:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"64078d1e-2259"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

OPTIONS
H2 200 save
transactional-api.hu-manity.co/api/transactional/session/ Frame 0
0 158ms
50ms Preflight 52.30.212.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://transactional-api.hu-manity.co/api/transactional/session/save
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.212.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-212-147.eu-west-1.compute.amazonaws.com
Software: nginx / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://marcoramilli.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET,HEAD,PUT,OPTIONS,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=86400
date: Wed, 13 Mar 2024 09:36:21 GMT
server: nginx
x-powered-by: Express
x-request-id: ddc9bb43-5c66-4de4-960f-e81edd2592b6

POST
H2 200 save Show response
transactional-api.hu-manity.co/api/transactional/session/ 24 B
246 B 49ms
49ms Fetch
application/json 52.30.212.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://transactional-api.hu-manity.co/api/transactional/session/save
Requested by: Host: cdn.hu-manity.co
URL: https://cdn.hu-manity.co/hu-banner.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.212.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-212-147.eu-west-1.compute.amazonaws.com
Software: nginx / Express
Resource Hash: dd2b12be6e4c26f9b973672b032449f2a58796f070623cf81847bddc3ad7440d

Request headers

Referer: https://marcoramilli.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-api-key: hudft60djisdusdjwek
Content-Type: application/json; charset=utf-8

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
server: nginx
etag: W/"18-kY5NG7Jko01iudgM8PE11CGu07g"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 24
x-request-id: 1f45516e-7bc2-4d9e-998d-ba9e43b4f877

GET
H2 200 user-design-live Show response
designer-api.hu-manity.co/api/designer/ 51 KB
11 KB 201ms
92ms Fetch
application/json 54.76.197.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://designer-api.hu-manity.co/api/designer/user-design-live?AppID=marcoramillicom-5372f7d
Requested by: Host: cdn.hu-manity.co
URL: https://cdn.hu-manity.co/hu-banner.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.197.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-197-238.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.0 / Express
Resource Hash: 4cd3be7b77b1ebd0b498cbe03439987e1dc5266331d828a87443ee5011126cb6

Request headers

Referer: https://marcoramilli.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
content-encoding: gzip
server: nginx/1.22.0
x-powered-by: Express
etag: W/"cbe5-NXgka6aHLX+JgOGkhXQqBc8eds4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-request-id: 7814b216-6f28-463b-9e8f-16587433d497

GET
BLOB 200
OK 7a2d651a-2b5b-43e7-ab3b-5c9e79ca1446
https://marcoramilli.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://marcoramilli.com/7a2d651a-2b5b-43e7-ab3b-5c9e79ca1446
Requested by: Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H3 200 icomoon.ttf
marcoramilli.com/wp-content/themes/eris/assets/fonts/icons/ 2 KB
2 KB 164ms
164ms Font
application/font-ttf 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-content/themes/eris/assets/fonts/icons/icomoon.ttf?optfz5

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/_jb_static/??-eJydUkluwzAM/E1PVVQXaXMKeinQB/QBhSwRNmNaFEQZiX9f2VnguHAS9MaRZkZDivugLPsEPulAXYVe9A5SMLbRLbuOQHQEMgmcCixphlZW5Hn/16LqMiwhVrrskJwuiW2jCMtoYq8l9QRLUjI9d0lVEd01Eb2lzuU8O9EtODRA0A7KKQhZDlERVMb2qxb9XXW+m+KpZh7N8tiHaIeSjuHU+UwV/1LBIXMF2S+O8qbceGxNyvJl9YjH88g0NTn+SW49cXz0Hy23gX1myO1PvIS+jP0TAngH3mIGX/xpnOv19+AhJ+9hrSQtOc6XkrCBOyEITNOrYPq9IdI6szSKdNCqq5u5PNV5EURDxAX/CUHZeoi+uKepRtuUfLgUj7YntYngxiENJfrqnvInv6uFLRpSxBXLFbi11meHYUCneqB+tNtiU7y8vm/Wb+snW26LX4qfmTg=

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9fbf740e3689bebf7e94f60929d785392157c6b7ba4b1563fe1f94d7d51d245e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://marcoramilli.com/_jb_static/??-eJydUkluwzAM/E1PVVQXaXMKeinQB/QBhSwRNmNaFEQZiX9f2VnguHAS9MaRZkZDivugLPsEPulAXYVe9A5SMLbRLbuOQHQEMgmcCixphlZW5Hn/16LqMiwhVrrskJwuiW2jCMtoYq8l9QRLUjI9d0lVEd01Eb2lzuU8O9EtODRA0A7KKQhZDlERVMb2qxb9XXW+m+KpZh7N8tiHaIeSjuHU+UwV/1LBIXMF2S+O8qbceGxNyvJl9YjH88g0NTn+SW49cXz0Hy23gX1myO1PvIS+jP0TAngH3mIGX/xpnOv19+AhJ+9hrSQtOc6XkrCBOyEITNOrYPq9IdI6szSKdNCqq5u5PNV5EURDxAX/CUHZeoi+uKepRtuUfLgUj7YntYngxiENJfrqnvInv6uFLRpSxBXLFbi11meHYUCneqB+tNtiU7y8vm/Wb+snW26LX4qfmTg=
Origin: https://marcoramilli.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:21 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 07 Sep 2016 21:44:18 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"57d08a32-964"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98ea495d590c298f281d8ddbe9c3a82c9d507d6c9a6bd6356fbfbb666ee037ff

Request headers

Referer
Origin: https://marcoramilli.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 38ms
32ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=155480246&post=11011&tz=0&srv=marcoramilli.com&hp=atomic&ac=2&amp=0&j=1%3A13.3-a.1&host=marcoramilli.com&ref=&fcp=1631&rand=0.28900209075982497
Requested by: Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 13 Mar 2024 09:36:22 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame 3106 3 KB
1 KB 37ms
31ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20240313
Requested by: Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9eb2af45588ece3c174778aa61354b3ac346db8af79d7a00083c89c3e67955bd

Request headers

Referer: https://marcoramilli.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html
date: Wed, 13 Mar 2024 09:36:22 GMT
etag: W/"65cdec02-b00"
last-modified: Thu, 15 Feb 2024 10:48:34 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.hhn _dfw MISS
x-nc: HIT hhn 2

GET
H2 200 hu-display.min.js Show response
cdn.hu-manity.co/ 123 KB
46 KB 34ms
31ms Script
application/javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hu-manity.co/hu-display.min.js
Requested by: Host: cdn.hu-manity.co
URL: https://cdn.hu-manity.co/hu-banner.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 5c6b217c836fe0c5c025dd55090f37f4d8f9339d25880bf8206465c0bf65af33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:22 GMT
content-encoding: gzip
last-modified: Fri, 01 Mar 2024 12:32:10 GMT
server: keycdn
x-amz-request-id: TK50YYMJ2VGK8PSM
x-edge-location: defr
etag: W/"314a652426ddbfef1809cef3edda31bd"
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
link: <http://ert-banner.s3-website-eu-west-1.amazonaws.com/hu-display.min.js>; rel="canonical"
x-shield: active
x-amz-id-2: BxzIo/X5CClLNsiMfLQ/2xmSJ7jetpEECgE1EsSymSMwDdNFDOXnSoUy7UwzYMfb79PyEHrPE3E=
expires: Wed, 20 Mar 2024 09:36:22 GMT

GET
H3 200 wp-emoji-release.min.js Show response
marcoramilli.com/wp-includes/js/ 18 KB
5 KB 168ms
167ms Script
application/javascript 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:22 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"63db0985-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 / Show response
marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/ 3 KB
1 KB 822ms
820ms XHR
application/json 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/?relatedposts=1

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?m=1687202188

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3626cb28d76d4c1649423e372cdbfa23515a1bcf779524ccf303724b77d1d1ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Wed, 13 Mar 2024 09:36:22 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
vary: Accept-Encoding, Cookie
x-pingback: https://marcoramilli.com/xmlrpc.php
content-type: application/json; charset=utf-8
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame B7C8 200 B
840 B 33ms
33ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/?ver=4.21.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://marcoramilli.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3746302
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 13 Mar 2024 09:36:22 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 829715
x-content-type-options: nosniff
x-request-id: b64a1c1f-c649-44d7-b55c-e7d1831ef8dd
x-served-by: cache-fra-eddf8230126-FRA

GET
H3 200 loadingAnimation.gif
marcoramilli.com/wp-includes/js/thickbox/ 15 KB
15 KB 164ms
164ms Image
image/gif 192.0.78.227
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://marcoramilli.com/wp-includes/js/thickbox/loadingAnimation.gif

Requested by

Host: marcoramilli.com
URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.227 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:36:22 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams BYPASS
last-modified: Mon, 05 Nov 2012 21:00:15 GMT
server: nginx
etag: "509828df-3b86"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 15238
expires: Wed, 20 Mar 2024 09:36:22 GMT

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame B7C8 526 B
449 B 29ms
27ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Wed, 13 Mar 2024 09:36:22 GMT
via: 1.1 varnish
age: 3734211
x-cache: HIT
content-length: 315
x-request-id: 5c910c8e-2f6c-4d01-b0a0-addba2d438f4
x-served-by: cache-fra-eddf8230126-FRA
last-modified: Fri, 11 Nov 2022 20:25:36 GMT
server: Fastly
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 791120

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame 3106 3 KB
1 KB 28ms
28ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20240313
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-minify-cache: hit
date: Wed, 13 Mar 2024 09:36:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 2
server: nginx
etag: W/7325-1684465206729.7068
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 3106 91 KB
23 KB 28ms
28ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20240209
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20240313
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c974898a4319cf567a20b7c8e5d07650ad3bdd2cb38665314a54d0efd666d474

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 13 Mar 2024 09:36:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
last-modified: Thu, 15 Feb 2024 10:48:42 GMT
server: nginx
etag: W/"65cdec0a-16dd1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 14 Feb 2025 10:49:07 GMT

GET
H2 200 inner.html Show response
m.stripe.network/ Frame A6AA 930 B
2 KB 139ms
38ms Document
text/html 2600:9000:2057:d400:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 268
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 13 Mar 2024 09:31:55 GMT
etag: "06bfcd88af438673a8bf9b845a11aa6e"
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-id: 3C5Qt9_uugIDWW5fLaaRGIoC272qD9BS4QDO0jGfOnrnno5LdHLlyw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame A3B7 9 KB
4 KB 191ms
122ms Document
text/html 192.0.78.22
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20240209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.22 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a0820389e879dc79a13559536915a4ce218472d44d63a79c5e7894cd7fae31b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://widgets.wp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 13 Mar 2024 09:36:22 GMT
p3p: CP="CAO PSA OUR"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-ac: 1.hhn _dca BYPASS

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame A6AA 87 KB
14 KB 35ms
35ms Script
text/javascript 2600:9000:2057:d400:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 13 Mar 2024 09:34:16 GMT
content-encoding: br
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
age: 127
x-content-type-options: nosniff
etag: W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop: FRA6-C1
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: 92RMCBQ4JtXhLp8YbAdj_m68jR5JUiu3Zm3_lqitq2SkBqjzUX0H7A==

POST
H2 200 6 Show response
m.stripe.com/ Frame A6AA 156 B
668 B 597ms
198ms XHR
application/json 50.112.21.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.112.21.45 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-50-112-21-45.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

f0f22feafd91150e3f6a755f49bd1e2858431602aa62e853b7fade36b9a34852

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: blue
date: Wed, 13 Mar 2024 09:36:22 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1710322582780175
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 3
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1710322582779630
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H3 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame A3B7 3 KB
1 KB 27ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-minify-cache: hit
date: Wed, 13 Mar 2024 09:36:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 2
server: nginx
etag: W/7325-1684465206729.7068
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 204 boom.gif
pixel.wp.com/ 0
105 B 28ms
27ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0&largest_contentful_paint=2937&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&rtt=0&downlink=9800&host_name=marcoramilli.com&url_path=%2F2022%2F06%2F15%2Frunning-shellcode-through-windows-callbacks%2F&nt_fetchStart=0&nt_domainLookupStart=16&nt_domainLookupEnd=16&nt_connectStart=16&nt_connectEnd=74&nt_secureConnectionStart=43&nt_requestStart=74&nt_responseStart=678&nt_responseEnd=706&nt_domLoading=680&nt_domInteractive=1889&nt_domContentLoadedEventStart=1890&nt_domContentLoadedEventEnd=1893&nt_domComplete=2226&nt_loadEventStart=2227&nt_loadEventEnd=2227&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=1631&first_contentful_paint=1631&resource_size=2542190&resource_transferred=1077904&resource_cache_percent=0&js_size=934406&js_transferred=270903&js_cache_percent=0&blocking_size=1672571&blocking_transferred=379411&blocking_cache_percent=0&last_resource_end=2713
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marcoramilli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 13 Mar 2024 09:36:24 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
m.stripe.com/	1970-01-21 04:41:22	Name: m Value: 0416422b-4fbf-49aa-ae39-f58e30417eb4255eaf
.marcoramilli.com/	1970-01-21 03:50:58	Name: __stripe_mid Value: 2d947fe6-cb94-4d99-a1a3-14efe8d7ea92c5d14c
.marcoramilli.com/	1970-01-20 19:05:24	Name: __stripe_sid Value: f9ac519c-37f7-4908-9067-4ce7f45062827f80ba

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://marcoramilli.com/wp-content/themes/eris-child/assets/fonts/Sk-Modernist/stylesheet.css?ver=1.0.0.1559223638 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.hu-manity.co
designer-api.hu-manity.co
i0.wp.com
js.stripe.com
m.stripe.com
m.stripe.network
marcoramilli.com
pixel.wp.com
public-api.wordpress.com
s0.wp.com
stats.wp.com
transactional-api.hu-manity.co
widgets.wp.com
151.101.0.176
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.22
192.0.78.227
2600:9000:2057:d400:19:7d10:bd80:93a1
2a0b:4d07:102::1
50.112.21.45
52.30.212.147
54.76.197.238
1d7ac19caabe2e720977d0fd68a420ad70957f78e76822d6c41f41a205b0eb7c
216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252
237876322ebfd7d79782d972b8f734f8ffb31367972e1c9ff682f6d2b0d16987
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
3626cb28d76d4c1649423e372cdbfa23515a1bcf779524ccf303724b77d1d1ee
37ab93bf4319d2fb396a6f8cfa2c1058ee66ecaec922eb2fabbf3d6eb906c568
3cde33785b085e367cf68600669ae3ad6d04c514b53cef05b7ffe34b3e41a72d
43b29ccb89bd53bdfb5611991e2725262a7889e0c67a88d5bb0ea33e7586658f
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4562ab90ec43ccae0cc2070788894ecfa6823800f3634cd2d2e400dbba6d0a27
4cd3be7b77b1ebd0b498cbe03439987e1dc5266331d828a87443ee5011126cb6
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5c6b217c836fe0c5c025dd55090f37f4d8f9339d25880bf8206465c0bf65af33
638b7f9ded97c4fcaaa0daa17308e432d501a002e486277dc2dcc4f890edd2a9
6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
7191824148eeadc748866a687e205dbfae408fbd4f6c715ccf0b1f1499faac5f
73bbd40acb5181ac8b22bb37e19cdb362f90920a368abef22f56023d97c6b973
79c8d643600bdc51146560b8e2108debf7a401aaf322cb46ff4888774f087ae9
8fd0274f33aba667e15fb867f4027526a5f3c82b6d754d58b0dbaf4218a1dca8
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
98ea495d590c298f281d8ddbe9c3a82c9d507d6c9a6bd6356fbfbb666ee037ff
99974ebe1d055ebcadff1914603a7ed23f646b7dd94461e0f01fb37e33ae8ccb
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc
9eb2af45588ece3c174778aa61354b3ac346db8af79d7a00083c89c3e67955bd
9fbf740e3689bebf7e94f60929d785392157c6b7ba4b1563fe1f94d7d51d245e
a0820389e879dc79a13559536915a4ce218472d44d63a79c5e7894cd7fae31b4
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
ba594411f1a6e18c149e85d4a0e6aeaa4b2bdd8229aacdb623ccfc8fbf24d2e8
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c79b7b90b707dfe7f305cf302f41b979637677aa3e7ca543570c524d6f665224
c974898a4319cf567a20b7c8e5d07650ad3bdd2cb38665314a54d0efd666d474
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d4a96fc2c46cebec9d17c4e4864e8c407cbaf62ab9d8bdd05ea097dbef6285b2
dd2b12be6e4c26f9b973672b032449f2a58796f070623cf81847bddc3ad7440d
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0830f89ab373b6254ebfea10ef79abb0ad0a5b0592837037418f54efd939656
f0f22feafd91150e3f6a755f49bd1e2858431602aa62e853b7fade36b9a34852
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

marcoramilli.com Open in urlscan Pro 192.0.78.227 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

45 Requests

98 %HTTPS

18 %IPv6

6 Domains

13 Subdomains

12 IPs

3 Countries

1247 kBTransfer

3098 kBSize

3 Cookies

8 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

marcoramilli.com Open in urlscan Pro
192.0.78.227 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

98 %
HTTPS

18 %
IPv6

6
Domains

13
Subdomains

12
IPs

3
Countries

1247 kB
Transfer

3098 kB
Size

3
Cookies

45 HTTP transactions
1 data transactions