labs.nettitude.com Open in urlscan Pro
45.33.69.168 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/|
Effective URL:
https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Submission: On October 09 via api (October 9th 2019, 2:20:02 pm UTC) from US

Summary HTTP 71 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 10 domains to perform 71 HTTP transactions. The main IP is 45.33.69.168, located in Newark, United States and belongs to LINODE-AP Linode, LLC, US. The main domain is labs.nettitude.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 24th 2019. Valid for: 3 months.

This is the only time labs.nettitude.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	45.33.69.168 45.33.69.168	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY - Fastly)
8	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
11	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2 3	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER - Twitter Inc.)
71	13

38 45.33.69.168 (Newark, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: labs.nettitude.com

labs.nettitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

nettitude-labs.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.8 (United States) 2 redirects

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	nettitude.com labs.nettitude.com	386 KB
11	twimg.com cdn.syndication.twimg.com pbs.twimg.com abs.twimg.com ton.twimg.com	116 KB
11	twitter.com 2 redirects platform.twitter.com syndication.twitter.com	110 KB
4	gravatar.com secure.gravatar.com	8 KB
3	wp.com s0.wp.com stats.wp.com pixel.wp.com	6 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	disqus.com nettitude-labs.disqus.com	1 KB
1	gstatic.com fonts.gstatic.com	11 KB
1	google.com www.google.com
1	googleapis.com fonts.googleapis.com	448 B
71	10

	Domain	Requested by
38	labs.nettitude.com	labs.nettitude.com
8	platform.twitter.com	labs.nettitude.com platform.twitter.com
6	pbs.twimg.com	labs.nettitude.com platform.twitter.com
4	secure.gravatar.com	labs.nettitude.com
3	syndication.twitter.com	2 redirects labs.nettitude.com
2	ton.twimg.com	platform.twitter.com
2	abs.twimg.com	labs.nettitude.com platform.twitter.com
2	www.google-analytics.com	labs.nettitude.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	pixel.wp.com	labs.nettitude.com
1	nettitude-labs.disqus.com	labs.nettitude.com
1	fonts.gstatic.com	labs.nettitude.com
1	www.google.com	labs.nettitude.com
1	stats.wp.com	labs.nettitude.com
1	s0.wp.com	labs.nettitude.com
1	fonts.googleapis.com	labs.nettitude.com
71	16

This site contains links to these domains. Also see Links.

Domain
www.nettitude.com
twitter.com
www.youtube.com
github.com

Subject Issuer	Validity	Valid
labs.nettitude.com Let's Encrypt Authority X3	`2019-08-24` - `2019-11-22`	3 months	crt.sh
*.googleapis.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
*.gravatar.com COMODO RSA Domain Validation Secure Server CA	`2018-09-06` - `2020-09-05`	2 years	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2018-11-19` - `2019-11-27`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Frame ID: DA001BD2F51E3A8187954BEBBDAE7696
Requests: 57 HTTP requests in this frame

Frame: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d725.7801545511153!2d-1.5370488293586466!3d52.27564027471216!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x487734a314a980a1%3A0xa3a645e6538630bd!2sNettitude!5e0!3m2!1sen!2suk!4v1467731668145
Frame ID: 6B750B0D96B9DB9E329A824AB36743DD
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.e3a0e1b01ae601b6c9cf798a93ab7e69.html?origin=https%3A%2F%2Flabs.nettitude.com
Frame ID: E6FDC7FE3050C77DFCB3CE113259ABE6
Requests: 1 HTTP requests in this frame

Frame: https://pbs.twimg.com/card_img/1181929599736762368/hQBTrV-O?format=png&name=144x144_2
Frame ID: 984A6975D1238932A130B40330D55BDD
Requests: 14 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 2B0420B9399F90743BA1BF4F52ACE169
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 5490BCBBAEE3A612CB45044CF335C36D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

71
Requests

100 %
HTTPS

58 %
IPv6

10
Domains

16
Subdomains

13
IPs

3
Countries

657 kB
Transfer

1782 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nettitude.com/
Title: Nettitude.com

Search URL Search Domain Scan URL

URL: https://twitter.com/nettitude_labs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCrGjkGFt-hGgfUKZfuVO2vA
Title: Youtube

Search URL Search Domain Scan URL

URL: https://github.com/nettitude
Title: https://github.com/nettitude

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

Request Chain 73

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

71 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request Cookie set %7C Show response
labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/ 54 KB
54 KB 655ms
402ms Document
text/html 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

labs.nettitude.com

Software

Apache /

Resource Hash

e82f9edde7fce8c003d5174af35fc4f4eeeb9f9ad9ede3d2b6585ccfffaec848

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Host: labs.nettitude.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Server: Apache
Set-Cookie: aIYJdjhE-QMo=Pvix03.gInGh; expires=Thu, 10-Oct-2019 14:19:39 GMT; Max-Age=86400; path=/ wfepEjgq_NkJW=%2At7sPyNROnL4X; expires=Thu, 10-Oct-2019 14:19:39 GMT; Max-Age=86400; path=/ PHPSESSID=lblpqkicn9incf0dfd8ej89250; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Link: <https://labs.nettitude.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ 879 B
448 B 16ms
13ms Stylesheet
text/css 2a00:1450:4001:806::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Droid+Serif%7CDroid+Sans

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

8ada18d6362235d19c8823985b2e537060d347ec9a481813058855a690e6b2a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 09 Oct 2019 14:19:39 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Wed, 09 Oct 2019 14:19:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Wed, 09 Oct 2019 14:19:39 GMT

GET
H/1.1 200
OK crayon.min.css
labs.nettitude.com/wp-content/plugins/crayon-syntax-highlighter/css/min/ 20 KB
4 KB 246ms
82ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2016 21:32:18 GMT
Server: Apache
ETag: "4ecc-53aec21e2e6d2-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3959

GET
H/1.1 200
OK style.min.css
labs.nettitude.com/wp-includes/css/dist/block-library/ 29 KB
5 KB 246ms
83ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/css/dist/block-library/style.min.css?ver=8808f1d8c6d250653b54d2da3fc1ddaa
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 May 2019 22:12:00 GMT
Server: Apache
ETag: "726f-588679f6743d7-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4767

GET
H/1.1 200
OK grid.css
labs.nettitude.com/wp-content/themes/enfold/css/ 9 KB
2 KB 245ms
82ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/css/grid.css?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: d9e3f45179711015aa2dcac0689784ad76fd2055a3b13da58a88a1590057b719

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "2368-539b50024b9f0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2054

GET
H/1.1 200
OK base.css
labs.nettitude.com/wp-content/themes/enfold/css/ 13 KB
4 KB 245ms
83ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/css/base.css?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: f71f3cef7c1ddf2365f5c3b37ddd8028b657259eb8117b6b5d0cea670736046a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "34e5-539b50024b9f0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3996

GET
H/1.1 200
OK layout.css
labs.nettitude.com/wp-content/themes/enfold/css/ 99 KB
20 KB 249ms
87ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/css/layout.css?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 07cb4c563ebc17800cb56fa01852c8cd5e376b734be7efe6d79a25584c1c2e9b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "18d42-539b50024b9f0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 19936

GET
H/1.1 200
OK shortcodes.css
labs.nettitude.com/wp-content/themes/enfold/css/ 168 KB
30 KB 273ms
88ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/css/shortcodes.css?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 895b8579924e8e34887fe894f95f7b3277d98f269e62a02ba19ea8c32cac1418

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "2a134-539b50024b9f0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 30497

GET
H/1.1 200
OK magnific-popup.css
labs.nettitude.com/wp-content/themes/enfold/js/aviapopup/ 7 KB
2 KB 327ms
82ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=1
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 89fa5089c37a32c5be8938c9ab9fb7aad4345b2c7cc4dcd1055e07cf8c9f0581

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "1dd8-539b5002478d5-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1914

GET
H/1.1 200
OK mediaelementplayer.css
labs.nettitude.com/wp-content/themes/enfold/js/mediaelement/skin-1/ 18 KB
4 KB 328ms
82ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/js/mediaelement/skin-1/mediaelementplayer.css?ver=1
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 611969fcccd89efd6c58a4e957ed5811d4f48efe3c1c1f04bcdafb8d04adfa91

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "4747-539b5002485db-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3274

GET
H/1.1 200
OK enfold.css
labs.nettitude.com/wp-content/uploads/dynamic_avia/ 147 KB
18 KB 331ms
86ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cb6fe4225ddb
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: f3894b22d098b6e645c3b22b83449e25132e8ff698bbc5fb3254ab4a5aaaff16

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Apr 2019 10:21:54 GMT
Server: Apache
ETag: "24b41-586b7412cdd9d-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18131

GET
H/1.1 200
OK custom.css
labs.nettitude.com/wp-content/themes/enfold/css/ 707 B
644 B 327ms
82ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/css/custom.css?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: cb04c84b625847684f6b428b2acc5772b549e12d18acf8ca9b6a356cdb661fbc

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "2c3-539b50024b9f0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 325

GET
H/1.1 200
OK jetpack.css
labs.nettitude.com/wp-content/plugins/jetpack/css/ 70 KB
13 KB 357ms
84ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/plugins/jetpack/css/jetpack.css?ver=7.8
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: b42989a0f2a1fb6d69e72c4f548ef2e73c4d3089d53649f5ed75e45c7b91cffb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 13:06:48 GMT
Server: Apache
ETag: "117db-59479f52d4220-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 12564

GET
H/1.1 200
OK jquery.js Show response
labs.nettitude.com/wp-includes/js/jquery/ 95 KB
33 KB 418ms
90ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 21 May 2019 21:53:48 GMT
Server: Apache
ETag: "17a69-5896ce23bcf6b-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 33776

GET
H/1.1 200
OK jquery-migrate.min.js Show response
labs.nettitude.com/wp-includes/js/jquery/ 10 KB
4 KB 413ms
85ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 21 Jun 2016 18:51:01 GMT
Server: Apache
ETag: "2748-535ce4d6988d1-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4014

GET
H/1.1 200
OK crayon.min.js Show response
labs.nettitude.com/wp-content/plugins/crayon-syntax-highlighter/js/min/ 22 KB
7 KB 413ms
85ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2016 21:32:18 GMT
Server: Apache
ETag: "5741-53aec21e2649c-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 6790

GET
H/1.1 200
OK avia-compat.js Show response
labs.nettitude.com/wp-content/themes/enfold/js/ 2 KB
1 KB 413ms
84ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/js/avia-compat.js?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: efdd464e865bd091ac6944b9d999124c8e19fa28a23f25f55651bbdea9a4bda9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "83a-539b5002478d5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 960

GET
H/1.1 200
OK mediaelement-and-player.min.js Show response
labs.nettitude.com/wp-includes/js/mediaelement/ 153 KB
38 KB 446ms
88ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 69aff18e54732eae1bb02c82d045c33f45675b017ba6dfdade80ab63a8e26bc5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Nov 2017 10:41:46 GMT
Server: Apache
ETag: "2638f-55e174447d121-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 38128

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
labs.nettitude.com/wp-includes/js/ 14 KB
5 KB 83ms
82ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/wp-emoji-release.min.js?ver=8808f1d8c6d250653b54d2da3fc1ddaa
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 May 2019 22:12:00 GMT
Server: Apache
ETag: "3610-588679f65e447-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4622

GET
H/1.1 200
OK print.css
labs.nettitude.com/wp-content/themes/enfold/css/ 5 KB
2 KB 82ms
81ms Stylesheet
text/css 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/css/print.css?ver=1
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: d5daa676d70996f49eb40dcf62fae0e28abeee0eb16539ef9a597855a28e09ec

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "12fa-539b50024b9f0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1643

GET
H/1.1 200
OK mediaelement-migrate.min.js Show response
labs.nettitude.com/wp-includes/js/mediaelement/ 1 KB
884 B 418ms
82ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=8808f1d8c6d250653b54d2da3fc1ddaa
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: d6a8bf1f2a5d494feca74153daf9a45952a3258b43a93d94f059fc6134650d84

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Nov 2017 10:41:46 GMT
Server: Apache
ETag: "4a9-55e174447d121-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 551

GET
H/1.1 200
OK NETT_LABS_LOGO-300x139.png
labs.nettitude.com/wp-content/uploads/2016/07/ 12 KB
12 KB 226ms
81ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2016/07/NETT_LABS_LOGO-300x139.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: d706014e1a8a48a0ac08c7c175377f61030fa4e10575319e8a29db0d68a33823

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Wed, 06 Jul 2016 09:06:22 GMT
Server: Apache
ETag: "2fff-536f3e2215953"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 12287

GET
H/1.1 200
OK challenge-coin-e1475018656654-36x36.jpg
labs.nettitude.com/wp-content/uploads/2016/09/ 1 KB
1 KB 225ms
81ms Image
image/jpeg 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2016/09/challenge-coin-e1475018656654-36x36.jpg
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 101a606604e8a1470a4d6e66c3e8593f04766763f66048880da64651a8511bc0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Tue, 27 Sep 2016 23:24:17 GMT
Server: Apache
ETag: "484-53d858b1d8a4f"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1156

GET
H/1.1 200
OK exploits-36x36.jpg
labs.nettitude.com/wp-content/uploads/2017/04/ 1 KB
1 KB 225ms
82ms Image
image/jpeg 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2017/04/exploits-36x36.jpg
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: c590b201ff5fbb2f0eac90917c603f4bed3ac6fc82cbd3d8096bc53c0fab0023

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Mon, 17 Apr 2017 15:15:54 GMT
Server: Apache
ETag: "44c-54d5e447e1c34"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1100

GET
H/1.1 200
OK 2016-12-18-14_22_42-Qnotes-Exports-1.jpg-475%C3%97477-3-36x36.png
labs.nettitude.com/wp-content/uploads/2016/06/ 3 KB
3 KB 143ms
82ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2016/06/2016-12-18-14_22_42-Qnotes-Exports-1.jpg-475%C3%97477-3-36x36.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 9c06faeb4bfff52deca18af4fd68fa51f4889b9906f616d2a00440ef0c5a2e6e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Sun, 18 Dec 2016 14:26:17 GMT
Server: Apache
ETag: "c11-543ef960bdcb1"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 3089

GET
H/1.1 200
OK word-image-12-36x36.png
labs.nettitude.com/wp-content/uploads/2019/08/ 1 KB
1 KB 225ms
82ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2019/08/word-image-12-36x36.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 892d6751dd34f7c40179c609d479bac76b4466bd3a5b8b632072ebc8e4008de5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Mon, 12 Aug 2019 20:43:34 GMT
Server: Apache
ETag: "4a9-58ff193dc0f9b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1193

GET
H/1.1 200
OK word-image-75-36x36.png
labs.nettitude.com/wp-content/uploads/2019/09/ 1 KB
1 KB 143ms
81ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2019/09/word-image-75-36x36.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: d1f2fd9e13350cacc647fab88ee8c967a6be292b9464199e75238df9e47cbca7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Thu, 19 Sep 2019 18:11:34 GMT
Server: Apache
ETag: "44b-592ebe23d496c"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1099

GET
H/1.1 200
OK scoreboard-e1568812026967-36x36.png
labs.nettitude.com/wp-content/uploads/2019/09/ 2 KB
2 KB 226ms
82ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2019/09/scoreboard-e1568812026967-36x36.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: ee1209a5518f491f2829f6c669d0ba9840dc491cdaa3d6817eb15e732d347704

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Wed, 18 Sep 2019 13:07:06 GMT
Server: Apache
ETag: "839-592d383964b2b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 2105

GET
H/1.1 200
OK c-users-coakley-desktop-download-3-png-36x36.png
labs.nettitude.com/wp-content/uploads/2019/07/ 2 KB
2 KB 143ms
82ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2019/07/c-users-coakley-desktop-download-3-png-36x36.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 4a640134b19da1aed2a4a4c2a498409d9a511ba48b7d85746fe4bb18a653b680

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Mon, 15 Jul 2019 16:42:18 GMT
Server: Apache
ETag: "69c-58dbaf184b08e"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1692

GET
H2 200 0eea63117b2e5ac6968537905e3440dc
secure.gravatar.com/avatar/ 1021 B
1 KB 40ms
13ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/0eea63117b2e5ac6968537905e3440dc?s=48&d=mm&r=g
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 3e3e6358df951436d7c4e597f61f7bb0dcbfa9b99385c14a7016bd5475cd7d07

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT vie 4
date: Wed, 09 Oct 2019 14:19:40 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 6494257
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="0eea63117b2e5ac6968537905e3440dc.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/0eea63117b2e5ac6968537905e3440dc?s=48&d=mm&r=g>; rel="canonical"
content-length: 1021
expires: Wed, 09 Oct 2019 14:24:40 GMT

GET
H2 200 79082c22d49ed5d836e3eae8da00dada
secure.gravatar.com/avatar/ 4 KB
4 KB 39ms
12ms Image
image/png 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/79082c22d49ed5d836e3eae8da00dada?s=48&d=mm&r=g
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 984084f9f6b355c07d113d00c1e49e774f0ff50e42e07273146a6ca1d6eec146

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT vie 1
date: Wed, 09 Oct 2019 14:19:40 GMT
last-modified: Mon, 21 Jan 2013 05:05:09 GMT
server: nginx
source-age: 674155
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="79082c22d49ed5d836e3eae8da00dada.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/79082c22d49ed5d836e3eae8da00dada?s=48&d=mm&r=g>; rel="canonical"
content-length: 4212
expires: Wed, 09 Oct 2019 14:24:40 GMT

GET
H2 200 c854fd175fb4c84cd5864562e589af41
secure.gravatar.com/avatar/ 1021 B
1 KB 39ms
12ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/c854fd175fb4c84cd5864562e589af41?s=48&d=mm&r=g
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 37a3bd7bc7328f0ead2c0f6f635dddf60615e676e6b4ddf964144012e529de45

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT vie 1
date: Wed, 09 Oct 2019 14:19:40 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 6494257
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="c854fd175fb4c84cd5864562e589af41.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/c854fd175fb4c84cd5864562e589af41?s=48&d=mm&r=g>; rel="canonical"
content-length: 1021
expires: Wed, 09 Oct 2019 14:24:40 GMT

GET
H2 200 d19f5b4797ad61643984012c9fc89ce1
secure.gravatar.com/avatar/ 1021 B
1 KB 39ms
13ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/d19f5b4797ad61643984012c9fc89ce1?s=48&d=mm&r=g
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 37a3bd7bc7328f0ead2c0f6f635dddf60615e676e6b4ddf964144012e529de45

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT vie 3
date: Wed, 09 Oct 2019 14:19:40 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 6494257
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="d19f5b4797ad61643984012c9fc89ce1.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/d19f5b4797ad61643984012c9fc89ce1?s=48&d=mm&r=g>; rel="canonical"
content-length: 1021
expires: Wed, 09 Oct 2019 14:24:40 GMT

GET
H/1.1 200
OK github-e1466539795501.png
labs.nettitude.com/wp-content/uploads/2016/06/ 1 KB
1 KB 274ms
81ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2016/06/github-e1466539795501.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 96fd459c33aa7f9e9da5521ee32bbee9d48fa0b9a714226449880b2e616301ca

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Tue, 21 Jun 2016 20:09:55 GMT
Server: Apache
ETag: "404-535cf67907f1d"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1028

GET
H/1.1 200
OK comment_count.js Show response
labs.nettitude.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
773 B 82ms
82ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Mar 2019 10:35:24 GMT
Server: Apache
ETag: "379-583566e527e34-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 440

GET
H2 200 devicepx-jetpack.js Show response
s0.wp.com/wp-content/js/ 10 KB
3 KB 18ms
5ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201941
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT fra 1
date: Wed, 09 Oct 2019 14:19:40 GMT
content-encoding: gzip
server: nginx
etag: W/"5c32dc59-52b6"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Sat, 03 Oct 2020 07:44:01 GMT

GET
H/1.1 200
OK avia.js Show response
labs.nettitude.com/wp-content/themes/enfold/js/ 109 KB
30 KB 87ms
87ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/js/avia.js?ver=3
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 82d2c0ce1e851e63f9e3d1bb250fa2660bfd997c0f96f66c7887a15544b7a28f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "1b5c3-539b5002492e0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 30391

GET
H/1.1 200
OK shortcodes.js Show response
labs.nettitude.com/wp-content/themes/enfold/js/ 140 KB
33 KB 89ms
89ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/js/shortcodes.js?ver=3
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 5e02d27104dc976f4b3848f5edfd97d35b6b904ca85c56fb873a9177c70f18dd

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "23019-539b5002492e0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 33744

GET
H/1.1 200
OK jquery.magnific-popup.min.js Show response
labs.nettitude.com/wp-content/themes/enfold/js/aviapopup/ 20 KB
8 KB 84ms
84ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=2
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 4ef35581d56516af9c0a792f09316bda2494a5f497edf5de30e6ab74052bc380

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "51d3-539b5002478d5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 7594

GET
H/1.1 200
OK wp-mediaelement.min.js Show response
labs.nettitude.com/wp-includes/js/mediaelement/ 914 B
814 B 85ms
82ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=8808f1d8c6d250653b54d2da3fc1ddaa
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 632af363989d420500a3fc1546178648f5aaa4f9aabb98666e62c3035fa423d1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Feb 2018 21:07:19 GMT
Server: Apache
ETag: "392-5647d7293fcd0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 481

GET
H/1.1 200
OK twitter-timeline.min.js Show response
labs.nettitude.com/wp-content/plugins/jetpack/_inc/build/ 331 B
594 B 85ms
83ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 13:06:48 GMT
Server: Apache
ETag: "14b-59479f52c64c6-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 261

GET
H/1.1 200
OK wp-embed.min.js Show response
labs.nettitude.com/wp-includes/js/ 1 KB
1 KB 156ms
82ms Script
application/javascript 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-includes/js/wp-embed.min.js?ver=8808f1d8c6d250653b54d2da3fc1ddaa
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Dec 2018 03:05:24 GMT
Server: Apache
ETag: "57b-57cde95f5dbc1-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 753

GET
H2 200 e-201941.js Show response
stats.wp.com/ 9 KB
3 KB 36ms
11ms Script
application/x-javascript 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-201941.js
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:40 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
expires: Mon, 05 Oct 2020 07:51:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6502
date: Wed, 09 Oct 2019 12:31:18 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 09 Oct 2019 14:31:18 GMT

GET
H2 200 embed
www.google.com/maps/ Frame 6B75 0
0 179ms
179ms Document
text/html 2a00:1450:4001:820::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d725.7801545511153!2d-1.5370488293586466!3d52.27564027471216!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x487734a314a980a1%3A0xa3a645e6538630bd!2sNettitude!5e0!3m2!1sen!2suk!4v1467731668145

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

mafe /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /maps/embed?pb=!1m18!1m12!1m3!1d725.7801545511153!2d-1.5370488293586466!3d52.27564027471216!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x487734a314a980a1%3A0xa3a645e6538630bd!2sNettitude!5e0!3m2!1sen!2suk!4v1467731668145
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Response headers

status: 200
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2019 14:19:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
vary: Accept-Language
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: gzip
server: mafe
content-length: 1262
x-xss-protection: 0
server-timing: gfet4t7; dur=165
set-cookie: NID=188=elBKfO7nIxkRuIJ6YD5tXHYe_yaUQ-Cmh2eB0xK0L_uDDVWEEw6_qPyGR59ePq9HbPoj3CCWH-Hwmkl_Wgnm0xD7G6EKCheLu6_B_8Ec0uu22Q_pwpR2JtJHcnulx_K2U6L1N-4xEoxWQ84Q2rks8VsZRUziZT6B_kpcW0vcAdY; expires=Thu, 09-Apr-2020 14:19:40 GMT; path=/; domain=.google.com; HttpOnly
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK header_background.png
labs.nettitude.com/wp-content/uploads/2016/06/ 7 KB
7 KB 143ms
81ms Image
image/png 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.nettitude.com/wp-content/uploads/2016/06/header_background.png
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 67090904ad5e9979f69bcc2eddeb32cb298bec3fd6bf46b7ac36a69841dae58f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cb6fe4225ddb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Thu, 30 Jun 2016 13:32:33 GMT
Server: Apache
ETag: "1bd1-5367ee707540b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 7121

GET
H/1.1 200
OK entypo-fontello.woff
labs.nettitude.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/ 30 KB
30 KB 128ms
83ms Font
application/font-woff 45.33.69.168
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.nettitude.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=3
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.33.69.168 Newark, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: labs.nettitude.com
Software: Apache /
Resource Hash: 75e801b453bd677c68d4af036055b3036b8fc0390a76bf4661ab50e22b1137ee

Request headers

Sec-Fetch-Mode: cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Origin: https://labs.nettitude.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Last-Modified: Wed, 10 Aug 2016 10:20:37 GMT
Server: Apache
ETag: "7854-539b500214485"
Content-Type: application/font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 30804

GET
H2 200 SlGVmQWMvZQIdix7AFxXkHNSbRYXags.woff2
fonts.gstatic.com/s/droidsans/v10/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsans/v10/SlGVmQWMvZQIdix7AFxXkHNSbRYXags.woff2

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c8cb742dbb60decab090cf738bfef2d8a780141573e9a2a3854bf3f78919faed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Droid+Serif%7CDroid+Sans
Origin: https://labs.nettitude.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 08 Oct 2019 17:46:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:29 GMT
server: sffe
age: 73997
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 11236
x-xss-protection: 0
expires: Wed, 07 Oct 2020 17:46:23 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 14ms
13ms Image
image/gif 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=303227718&t=pageview&_s=1&dl=https%3A%2F%2Flabs.nettitude.com%2Fblog%2Fhow-to-exfiltrate-aws-ec2-data%2F%257C&ul=en-us&de=UTF-8&dt=Page%20not%20found%20%E2%80%94%20Nettitude%20Labs&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=866886597&gjid=1618797955&cid=2119561754.1570630780&tid=UA-83632400-1&_gid=1331452097.1570630780&_r=1&z=1640697719

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Oct 2019 14:19:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK count.js Show response
nettitude-labs.disqus.com/ 1 KB
1 KB 6259ms
6238ms Script
application/javascript 151.101.12.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://nettitude-labs.disqus.com/count.js

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 78272
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 01 Oct 2019 21:53:32 GMT
Server: nginx
ETag: "5d93cadc-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40E5) /
Resource Hash: 90476f48e0b8a9f9c5c11fd16f13fc6a8772fe281d12c8e63153a6f948cdd348

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 20:25:42 GMT
Server: ECS (fcn/40E5)
Etag: "1d8d0709ed691e2bc0472dbfc17c8abd+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28700

GET
H/1.1 200
OK widget_iframe.e3a0e1b01ae601b6c9cf798a93ab7e69.html
platform.twitter.com/widgets/ Frame E6FD 0
0 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.e3a0e1b01ae601b6c9cf798a93ab7e69.html?origin=https%3A%2F%2Flabs.nettitude.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41D8) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 09 Oct 2019 14:19:40 GMT
Etag: "7d3f6ed140174a20e7c8be261a70a863+gzip"
Last-Modified: Wed, 02 Oct 2019 20:21:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41D8)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5816

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 12ms
11ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A7.8&blog=113094253&post=0&tz=0&srv=labs.nettitude.com&host=labs.nettitude.com&ref=&fcp=1217&rand=0.2033799868113677
Requested by: Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 09 Oct 2019 14:19:40 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK moment~timeline~tweet.ec04a6cb5ba879d0e0db41f211639fdf.js Show response
platform.twitter.com/js/ 24 KB
8 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.ec04a6cb5ba879d0e0db41f211639fdf.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A5) /
Resource Hash: 57811344d04a892ddcd3623c551ce97f268cdf0b300e2396cac5168dbc49d425

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 20:21:39 GMT
Server: ECS (fcn/41A5)
Etag: "193d41dde5636e7f143422dcf5051b6d+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7914

GET
H/1.1 200
OK timeline.0a7b4db67eacd23e35c5ce02e6ea3470.js Show response
platform.twitter.com/js/ 23 KB
7 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.0a7b4db67eacd23e35c5ce02e6ea3470.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4193) /
Resource Hash: f452b1e5c1cae40dc81a9da7605dd6b98d0a06253d9b363e11c99ec4081ace4c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 20:21:39 GMT
Server: ECS (fcn/4193)
Etag: "37399cf03250c85f4a77916c06810b4c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7038

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 31 KB
5 KB 3174ms
3174ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_nettitude_labs_old&dnt=false&domain=labs.nettitude.com&lang=en&screen_name=nettitude_labs&suppress_response_codes=true&t=1745145&tweet_limit=4&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

tsa_f /

Resource Hash

5a941056f3913326f2c6a76b3bbb6abc44d5753c1230fec6c9013229d2782305

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
content-length: 4552
x-xss-protection: 0
x-response-time: 133
last-modified: Wed, 09 Oct 2019 14:19:43 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=300
x-connection-hash: 848df3d0612f54c3c728e0a3ae50f664
timing-allow-origin: *
x-transaction: 00b6886600d33473
expires: Wed, 09 Oct 2019 14:24:43 GMT

GET
H2 200 syndication
syndication.twitter.com/i/jot/ 43 B
123 B 133ms
133ms Image
image/gif 104.244.42.8
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1570630780724%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 126
pragma: no-cache
last-modified: Wed, 09 Oct 2019 14:19:40 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 295a78c5968300371797f7165e284c82
x-transaction: 0069477d0041c71a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 hQBTrV-O
pbs.twimg.com/card_img/1181929599736762368/ Frame 984A 13 KB
14 KB 47ms
46ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1181929599736762368/hQBTrV-O?format=png&name=144x144_2

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40FB) /

Resource Hash

7fa9238520010de3e0d350196759351df751378d4dca3bacd9d1082a619e4285

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:43 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 13809
x-response-time: 137
surrogate-key: card_img card_img/bucket/0 card_img/1181929599736762368
last-modified: Wed, 09 Oct 2019 13:47:10 GMT
server: ECS (fcn/40FB)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: eeabd518dda4210963287366a51d7092
accept-ranges: bytes

GET
H2 200 1f60e.png
abs.twimg.com/emoji/v2/72x72/ Frame 984A 871 B
1 KB 8ms
7ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f60e.png

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/41A3) /

Resource Hash

0e96db4df869e8e4a38a76b7be66ebb1d80af768e193fcbb7e29abde3980af2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:43 GMT
x-content-type-options: nosniff
x-ton-expected-size: 871
x-cache: HIT
status: 200
content-length: 871
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:28 GMT
server: ECS (fcn/41A3)
etag: "iK2i+0IlJZG5GRkomGtNNQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 3326ac2fb5011d8702a612569f4065f6
accept-ranges: bytes
expires: Thu, 08 Oct 2020 14:19:43 GMT

GET
H/1.1 200
OK timeline.9bf5093a19cec463852b31b784bf047a.light.ltr.css
platform.twitter.com/css/ Frame 984A 53 KB
12 KB 533ms
533ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.9bf5093a19cec463852b31b784bf047a.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A0) /
Resource Hash: e3ceb417f143f3da5e489b62778609a256365a98f483bed272d97e4891fdb36b

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 20:21:36 GMT
Server: ECS (fcn/41A0)
Etag: "07ca66dad14d0d26b03a02f7f31a1d7b+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 12281

GET
H/1.1 200
OK timeline.9bf5093a19cec463852b31b784bf047a.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 533ms
533ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.9bf5093a19cec463852b31b784bf047a.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A0) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 09 Oct 2019 14:19:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 20:21:36 GMT
Server: ECS (fcn/41A0)
Etag: "07ca66dad14d0d26b03a02f7f31a1d7b+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 12281

GET
H2 200 hQBTrV-O
pbs.twimg.com/card_img/1181929599736762368/ Frame 984A 13 KB
14 KB 23ms
21ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1181929599736762368/hQBTrV-O?format=png&name=144x144_2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.ec04a6cb5ba879d0e0db41f211639fdf.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40FB) /

Resource Hash

7fa9238520010de3e0d350196759351df751378d4dca3bacd9d1082a619e4285

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
x-content-type-options: nosniff
x-cache: MISS
status: 200
content-length: 13809
x-response-time: 137
surrogate-key: card_img card_img/bucket/0 card_img/1181929599736762368
last-modified: Wed, 09 Oct 2019 13:47:10 GMT
server: ECS (fcn/40FB)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: eeabd518dda4210963287366a51d7092
accept-ranges: bytes

GET
H2 200 1f60e.png
abs.twimg.com/emoji/v2/72x72/ Frame 984A 871 B
981 B 8ms
7ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f60e.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.ec04a6cb5ba879d0e0db41f211639fdf.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/41A3) /

Resource Hash

0e96db4df869e8e4a38a76b7be66ebb1d80af768e193fcbb7e29abde3980af2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
x-content-type-options: nosniff
x-ton-expected-size: 871
x-cache: HIT
status: 200
content-length: 871
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:28 GMT
server: ECS (fcn/41A3)
etag: "iK2i+0IlJZG5GRkomGtNNQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 3326ac2fb5011d8702a612569f4065f6
accept-ranges: bytes
expires: Thu, 08 Oct 2020 14:19:44 GMT

GET
H2 200 MrBfM6RL_normal.jpg
pbs.twimg.com/profile_images/715895730075000832/ Frame 984A 2 KB
2 KB 9ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/715895730075000832/MrBfM6RL_normal.jpg

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/41A5) /

Resource Hash

ef69eaf9881cc26e8b6627e4b7574076fbea6557645739ce6b533f46820becbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 2035
x-response-time: 138
surrogate-key: profile_images profile_images/bucket/4 profile_images/715895730075000832
last-modified: Fri, 01 Apr 2016 13:34:57 GMT
server: ECS (fcn/41A5)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 256fba75e8564bde6db8da3bc3634364
accept-ranges: bytes

GET
H2 200 bqhw2HOK_normal.jpg
pbs.twimg.com/profile_images/858083269916721152/ Frame 984A 2 KB
2 KB 13ms
12ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/858083269916721152/bqhw2HOK_normal.jpg

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40B0) /

Resource Hash

eedbf5a38b415b46ed9a27bdc37035a84ec5bdd56c9053a6e26b19258ef50e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 2035
x-response-time: 142
surrogate-key: profile_images profile_images/bucket/9 profile_images/858083269916721152
last-modified: Fri, 28 Apr 2017 22:17:28 GMT
server: ECS (fcn/40B0)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b01af09304d90269f33088ecd4114ac6
accept-ranges: bytes

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 984A 44 KB
7 KB 8ms
7ms Stylesheet
text/css 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/418C) /

Resource Hash

a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 88
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECS (fcn/418C)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 1eec6b09bc6b1ea69d23f6f606867d6d
accept-ranges: bytes
expires: Wed, 16 Oct 2019 14:19:44 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 44 KB
44 KB 11ms
10ms Image
text/css 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/418C) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 88
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECS (fcn/418C)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 1eec6b09bc6b1ea69d23f6f606867d6d
accept-ranges: bytes
expires: Wed, 16 Oct 2019 14:19:44 GMT

GET
DATA 200
OK truncated
/ Frame 984A 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 984A 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abd2a457215e60ab60b2a6b4f25a17583c5d80e13935f76e097236f729c5dcd6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 984A 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a87f4fd815fc95288f2da6efc536c950ef940bd9eb52176fd9e8e56107cc65e2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 984A 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 hQBTrV-O
pbs.twimg.com/card_img/1181929599736762368/ Frame 984A 13 KB
14 KB 7ms
7ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1181929599736762368/hQBTrV-O?format=png&name=144x144_2

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40FB) /

Resource Hash

7fa9238520010de3e0d350196759351df751378d4dca3bacd9d1082a619e4285

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 13809
x-response-time: 137
surrogate-key: card_img card_img/bucket/0 card_img/1181929599736762368
last-modified: Wed, 09 Oct 2019 13:47:10 GMT
server: ECS (fcn/40FB)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: eeabd518dda4210963287366a51d7092
accept-ranges: bytes

GET
H2 200 hQBTrV-O
pbs.twimg.com/card_img/1181929599736762368/ Frame 984A 13 KB
14 KB 6ms
6ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1181929599736762368/hQBTrV-O?format=png&name=144x144_2

Requested by

Host: labs.nettitude.com
URL: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40FB) /

Resource Hash

7fa9238520010de3e0d350196759351df751378d4dca3bacd9d1082a619e4285

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://labs.nettitude.com/blog/how-to-exfiltrate-aws-ec2-data/%7C
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 09 Oct 2019 14:19:44 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 13809
x-response-time: 137
surrogate-key: card_img card_img/bucket/0 card_img/1181929599736762368
last-modified: Wed, 09 Oct 2019 13:47:10 GMT
server: ECS (fcn/40FB)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: eeabd518dda4210963287366a51d7092
accept-ranges: bytes

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame 2B04
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

6ms
6ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40DB) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://labs.nettitude.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 09 Oct 2019 14:19:44 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Wed, 02 Oct 2019 20:25:42 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40DB)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Wed, 09 Oct 2019 14:19:44 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Wed, 09 Oct 2019 14:19:44 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 295a78c5968300371797f7165e284c82
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 125
x-transaction: 00c5517100428375
x-tsa-request-body-time: 1
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame 5490
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

8ms
7ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4187) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://labs.nettitude.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 09 Oct 2019 14:19:45 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Wed, 02 Oct 2019 20:25:42 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4187)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Wed, 09 Oct 2019 14:19:44 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Wed, 09 Oct 2019 14:19:44 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 295a78c5968300371797f7165e284c82
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 122
x-transaction: 00f4e8ce0080856b
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-19 08:40:41	Name: NID Value: 188=jzz2jX1cYFnp1-J4IRujOy_MLCa3QO5-J6xW99jIawN8sDJRQDKp4F31OCKRu0SWJKrgwWhYbOPJj5G-BW22CTOUoRtzrsinV1Go4K7PxQAzZa9-6QzjY5UyOjdGY5Marct5La-5566hP_1suCV2by1krMShjpU3bxSvjgHw_DM

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://labs.nettitude.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
labs.nettitude.com
nettitude-labs.disqus.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
s0.wp.com
secure.gravatar.com
stats.wp.com
syndication.twitter.com
ton.twimg.com
www.google-analytics.com
www.google.com
104.244.42.8
151.101.12.134
192.0.76.3
192.0.77.32
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:806::200a
2a00:1450:4001:81d::2003
2a00:1450:4001:820::2004
2a00:1450:4001:825::200e
2a04:fa87:fffe::c000:4902
45.33.69.168
07cb4c563ebc17800cb56fa01852c8cd5e376b734be7efe6d79a25584c1c2e9b
0e96db4df869e8e4a38a76b7be66ebb1d80af768e193fcbb7e29abde3980af2a
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
101a606604e8a1470a4d6e66c3e8593f04766763f66048880da64651a8511bc0
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
37a3bd7bc7328f0ead2c0f6f635dddf60615e676e6b4ddf964144012e529de45
3e3e6358df951436d7c4e597f61f7bb0dcbfa9b99385c14a7016bd5475cd7d07
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4a640134b19da1aed2a4a4c2a498409d9a511ba48b7d85746fe4bb18a653b680
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
4ef35581d56516af9c0a792f09316bda2494a5f497edf5de30e6ab74052bc380
57811344d04a892ddcd3623c551ce97f268cdf0b300e2396cac5168dbc49d425
5a941056f3913326f2c6a76b3bbb6abc44d5753c1230fec6c9013229d2782305
5e02d27104dc976f4b3848f5edfd97d35b6b904ca85c56fb873a9177c70f18dd
611969fcccd89efd6c58a4e957ed5811d4f48efe3c1c1f04bcdafb8d04adfa91
632af363989d420500a3fc1546178648f5aaa4f9aabb98666e62c3035fa423d1
67090904ad5e9979f69bcc2eddeb32cb298bec3fd6bf46b7ac36a69841dae58f
69aff18e54732eae1bb02c82d045c33f45675b017ba6dfdade80ab63a8e26bc5
75e801b453bd677c68d4af036055b3036b8fc0390a76bf4661ab50e22b1137ee
7fa9238520010de3e0d350196759351df751378d4dca3bacd9d1082a619e4285
82d2c0ce1e851e63f9e3d1bb250fa2660bfd997c0f96f66c7887a15544b7a28f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
892d6751dd34f7c40179c609d479bac76b4466bd3a5b8b632072ebc8e4008de5
895b8579924e8e34887fe894f95f7b3277d98f269e62a02ba19ea8c32cac1418
89fa5089c37a32c5be8938c9ab9fb7aad4345b2c7cc4dcd1055e07cf8c9f0581
8ada18d6362235d19c8823985b2e537060d347ec9a481813058855a690e6b2a2
90476f48e0b8a9f9c5c11fd16f13fc6a8772fe281d12c8e63153a6f948cdd348
96fd459c33aa7f9e9da5521ee32bbee9d48fa0b9a714226449880b2e616301ca
984084f9f6b355c07d113d00c1e49e774f0ff50e42e07273146a6ca1d6eec146
9c06faeb4bfff52deca18af4fd68fa51f4889b9906f616d2a00440ef0c5a2e6e
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a87f4fd815fc95288f2da6efc536c950ef940bd9eb52176fd9e8e56107cc65e2
abd2a457215e60ab60b2a6b4f25a17583c5d80e13935f76e097236f729c5dcd6
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b42989a0f2a1fb6d69e72c4f548ef2e73c4d3089d53649f5ed75e45c7b91cffb
c590b201ff5fbb2f0eac90917c603f4bed3ac6fc82cbd3d8096bc53c0fab0023
c8cb742dbb60decab090cf738bfef2d8a780141573e9a2a3854bf3f78919faed
cb04c84b625847684f6b428b2acc5772b549e12d18acf8ca9b6a356cdb661fbc
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
d1f2fd9e13350cacc647fab88ee8c967a6be292b9464199e75238df9e47cbca7
d5daa676d70996f49eb40dcf62fae0e28abeee0eb16539ef9a597855a28e09ec
d6a8bf1f2a5d494feca74153daf9a45952a3258b43a93d94f059fc6134650d84
d706014e1a8a48a0ac08c7c175377f61030fa4e10575319e8a29db0d68a33823
d9e3f45179711015aa2dcac0689784ad76fd2055a3b13da58a88a1590057b719
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ceb417f143f3da5e489b62778609a256365a98f483bed272d97e4891fdb36b
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7
e82f9edde7fce8c003d5174af35fc4f4eeeb9f9ad9ede3d2b6585ccfffaec848
ee1209a5518f491f2829f6c669d0ba9840dc491cdaa3d6817eb15e732d347704
eedbf5a38b415b46ed9a27bdc37035a84ec5bdd56c9053a6e26b19258ef50e64
ef69eaf9881cc26e8b6627e4b7574076fbea6557645739ce6b533f46820becbd
efdd464e865bd091ac6944b9d999124c8e19fa28a23f25f55651bbdea9a4bda9
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d
f3894b22d098b6e645c3b22b83449e25132e8ff698bbc5fb3254ab4a5aaaff16
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f452b1e5c1cae40dc81a9da7605dd6b98d0a06253d9b363e11c99ec4081ace4c
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
f71f3cef7c1ddf2365f5c3b37ddd8028b657259eb8117b6b5d0cea670736046a

labs.nettitude.com Open in urlscan Pro 45.33.69.168 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

58 %IPv6

10 Domains

16 Subdomains

13 IPs

3 Countries

657 kBTransfer

1782 kBSize

1 Cookies

4 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

labs.nettitude.com Open in urlscan Pro
45.33.69.168 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

58 %
IPv6

10
Domains

16
Subdomains

13
IPs

3
Countries

657 kB
Transfer

1782 kB
Size

1
Cookies

71 HTTP transactions
4 data transactions