dfir.science Open in urlscan Pro
2606:4700:3033::ac43:a2ce Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
Submission: On April 28 via api (April 28th 2022, 9:22:58 am UTC) from FR — Scanned from FR

Summary HTTP 63 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 17 IPs in 3 countries across 13 domains to perform 63 HTTP transactions. The main IP is 2606:4700:3033::ac43:a2ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is dfir.science.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2021. Valid for: a year.

This is the only time dfir.science was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3033::ac43:a2ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	51.38.185.25 51.38.185.25	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	104.89.44.137 104.89.44.137	16625 (AKAMAI-AS) (AKAMAI-AS)
13	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
7	18.66.2.21 18.66.2.21	16509 (AMAZON-02) (AMAZON-02)
1	104.89.22.184 104.89.22.184	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
4	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2016	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
63	17

12 2606:4700:3033::ac43:a2ce (United States)

ASN13335 (CLOUDFLARENET, US)

dfir.science	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.38.185.25 (France)

ASN16276 (OVH, FR)
PTR: vps-06119eaf.vps.ovh.net

microanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.44.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-44-137.deploy.static.akamaitechnologies.com

chimpstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube-nocookie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.66.2.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-21.txl50.r.cloudfront.net

downloads.mailchimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.22.184 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-22-184.deploy.static.akamaitechnologies.com

mc.us5.list-manage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	youtube-nocookie.com www.youtube-nocookie.com — Cisco Umbrella Rank: 2680	800 KB
12	dfir.science dfir.science	744 KB
7	mailchimp.com downloads.mailchimp.com — Cisco Umbrella Rank: 10962	83 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 616 syndication.twitter.com — Cisco Umbrella Rank: 890	149 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39 jnn-pa.googleapis.com — Cisco Umbrella Rank: 260	24 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	62 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 419	180 KB
3	microanalytics.io microanalytics.io — Cisco Umbrella Rank: 805416	1 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 106	40 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 216	4 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	14 KB
1	list-manage.com mc.us5.list-manage.com — Cisco Umbrella Rank: 91553	2 KB
1	chimpstatic.com chimpstatic.com — Cisco Umbrella Rank: 4466	2 KB
63	13

	Domain	Requested by
13	www.youtube-nocookie.com	dfir.science www.youtube-nocookie.com
12	dfir.science	dfir.science
7	downloads.mailchimp.com	chimpstatic.com downloads.mailchimp.com
4	jnn-pa.googleapis.com	www.youtube-nocookie.com
4	platform.twitter.com	dfir.science platform.twitter.com
4	cdn.jsdelivr.net	dfir.science cdn.jsdelivr.net
3	fonts.gstatic.com	fonts.googleapis.com www.youtube-nocookie.com
3	microanalytics.io	dfir.science microanalytics.io
2	www.gstatic.com	www.youtube-nocookie.com www.gstatic.com
2	syndication.twitter.com	platform.twitter.com
2	fonts.googleapis.com	dfir.science
1	i.ytimg.com	dfir.science
1	yt3.ggpht.com	dfir.science
1	www.google.com	www.youtube-nocookie.com
1	mc.us5.list-manage.com	downloads.mailchimp.com
1	chimpstatic.com	dfir.science
63	16

This site contains links to these domains. Also see Links.

Domain
www.patreon.com
youtube.com
swag.dfir.science
eepurl.com
www.youtube.com
twitter.com
github.com
linkedin.com
reddit.com
us5.list-manage.com
ssdeep.sourceforge.net
www.sciencedirect.com
roussev.net
www.nist.gov
www.facebook.com
www.linkedin.com
infosec.exchange
instagram.com
jekyllrb.com
mademistakes.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-06` - `2022-07-05`	a year	crt.sh
microanalytics.io R3	`2022-04-16` - `2022-07-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
wildcardsan.us15.list-manage.com DigiCert SHA2 Secure Server CA	`2021-11-19` - `2022-11-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
downloads.mailchimp.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
wildcardsan.list-manage.com DigiCert SHA2 Secure Server CA	`2021-09-27` - `2022-09-27`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
Frame ID: 6AA9DD7DDA8CC21FA80E44FB223E6F30
Requests: 30 HTTP requests in this frame

Frame: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
Frame ID: 9187CB9EA615FAE3120D448E077D7341
Requests: 6 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fdfir.science
Frame ID: 211F944BDC6E8C067D239B9B6B0076B9
Requests: 2 HTTP requests in this frame

Frame: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
Frame ID: A78427672AFD488A56FFD611254777AD
Requests: 18 HTTP requests in this frame

Frame: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/common.css
Frame ID: 42500DCC841D317A8D72C8987ACF65DF
Requests: 2 HTTP requests in this frame

Frame: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/common.css
Frame ID: 2F5DA624243FCBD997CFC1AD26BF67EC
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.bbd13993eb53d3a11ac08f5e8cf9d6a4.en.html
Frame ID: 8211FF137F8A753B965F4988A544C091
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[How To] Fuzzy Hashing with SSDEEP (similarity matching) - DFIRScience

Detected technologies

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

chimpstatic\.com/mcjs-connected

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

63
Requests

97 %
HTTPS

69 %
IPv6

13
Domains

16
Subdomains

17
IPs

3
Countries

2105 kB
Transfer

6134 kB
Size

3
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.patreon.com/bePatron?u=16239620

Search URL Search Domain Scan URL

URL: https://youtube.com/dfirscience
Title: Tutorials

Search URL Search Domain Scan URL

URL: https://swag.dfir.science/
Title: Shop

Search URL Search Domain Scan URL

URL: http://eepurl.com/hG9inj
Title: Newsletter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/DFIRScience?sub_confirmation=1
Title: Youtube

Search URL Search Domain Scan URL

URL: https://twitter.com/DFIRScience
Title: Twitter

Search URL Search Domain Scan URL

URL: https://github.com/DFIRScience
Title: GitHub

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/dfirscience
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://reddit.com/u/dfirscience
Title: Reddit

Search URL Search Domain Scan URL

URL: https://us5.list-manage.com/contact-form?u=3664f5bc2c4350bc7454f233d&form_id=42749486e45c8394701634ff776be7b8
Title: Email

Search URL Search Domain Scan URL

URL: https://www.patreon.com/dfirscience
Title: Support

Search URL Search Domain Scan URL

URL: http://ssdeep.sourceforge.net/
Title: SSDEEP

Search URL Search Domain Scan URL

URL: https://www.sciencedirect.com/search?qs=ssdeep&authors=&pub=Digital%20Investigation&volume=&issue=&page=&origin=journal&zone=qSearch&publicationTitles=273059&withinJournalBook=true
Title: quite a bit of work

Search URL Search Domain Scan URL

URL: http://roussev.net/sdhash/sdhash.html
Title: sdhash

Search URL Search Domain Scan URL

URL: https://www.nist.gov/itl/ssd/cs/non-rds-hash-sets
Title: hash sets

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?via=DFIRScience&text=%5BHow+To%5D+Fuzzy+Hashing+with+SSDEEP+%28similarity+matching%29%20https%3A%2F%2Fdfir.science%2F2017%2F07%2FHow-To-Fuzzy-Hashing-with-SSDEEP-%28similarity-matching%29.html
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fdfir.science%2F2017%2F07%2FHow-To-Fuzzy-Hashing-with-SSDEEP-%28similarity-matching%29.html
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fdfir.science%2F2017%2F07%2FHow-To-Fuzzy-Hashing-with-SSDEEP-%28similarity-matching%29.html
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@DFIRScience
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DFIRScience
Title: Facebook

Search URL Search Domain Scan URL

URL: https://instagram.com/DFIRScience
Title: Instagram

Search URL Search Domain Scan URL

URL: https://jekyllrb.com/
Title: Jekyll

Search URL Search Domain Scan URL

URL: https://mademistakes.com/work/minimal-mistakes-jekyll-theme/
Title: Minimal Mistakes

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html Show response
dfir.science/2017/07/ 32 KB
10 KB 367ms
322ms Document
text/html 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

401f473f1116a90d20522b81ae069872d696da1c4d18e3c681fbc7a29fa8601f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 702ebc67281499bc-CDG
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=utf-8
date: Thu, 28 Apr 2022 09:22:52 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 28 Apr 2022 09:32:52 GMT
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'
last-modified: Fri, 08 Apr 2022 22:48:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=we9yGaQ5%2FkoEBorTpAMGObLKjR4Ns%2Fw%2F1HiFYK8D70xxuKoKZiojR%2BhQpznMameC21NZBtUaC7oo0k0ZkJCk1fEPY0dL7PLUfiXN6QdgmFkv98E2ovNX3LEvU%2FVNDlqi6PSjJyyweOo4GvY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-github-request-id: C6C2:8BDA:1B336C:383710:626A5CEC
x-proxy-cache: MISS
x-xss-protection: 1; mode=block

GET
H2 200 main.css
dfir.science/assets/css/ 61 KB
14 KB 36ms
35ms Stylesheet
text/css 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/css/main.css

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ba0da4e1ec30889efee1d8e045057eba2e01e1da2afc6d54f3c98a97e661bef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470
cf-polished: origSize=63435
cf-ray: 702ebc695c0299bc-CDG
cf-bgj: minify
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 22:48:53 GMT
server: cloudflare
x-github-request-id: 25F6:0F66:6F7F4B:A99D9F:6250D543
etag: W/"6250bbd5-f7cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30l%2BGfej9xGT3bL1e0mNDVPxxBBIOrosWPDCnt68roHJrphjR5DBqS6gRWMWlDe4n3XtfdZTxJF0pl2ypRreLbE1qamtEFdrsTiqQVkteYgI9Z7vDtkkscSJJPHvZ8S%2Bzw3MXP4oK3qrYas%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
x-origin-cache: HIT
x-proxy-cache: MISS
expires: Thu, 28 Apr 2022 09:25:03 GMT

GET
H2 200 all.min.css
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/ 58 KB
13 KB 67ms
28ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 42695
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19149-FRA, cache-cdg20767-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"e7a9-pX7mjRFgGw/Y5QN/wkH/ZadURzw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3sff%2F7xUOhZrYucfKHRxgVsww2MK5nv01qgwK9jWEyl5BKT9QaSOg1R1j7CG2lfvqwdXLshUTHOuWkb6BdOcuH8Gb8RQodtWJZofquMpbdtjGLenltsbSJmDMG1p41ToOX9wbDXM5ijN66oTS6Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 702ebc698c9299c2-CDG

GET
H/1.1 200
OK script.js Show response
microanalytics.io/js/ 745 B
867 B 52ms
15ms Script
application/javascript 51.38.185.25
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://microanalytics.io/js/script.js
Requested by: Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.38.185.25 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-06119eaf.vps.ovh.net
Software: nginx /
Resource Hash: f298d83c06cb5f12f952e5b24833f12a32bd11f97186ff9a602f1b2bb15eec51

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 28 Apr 2022 09:22:53 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 16:23:50 GMT
Server: nginx
ETag: W/"5ff34116-2e9"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=604800
wikivps_com: HIT from backend
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 05 May 2022 09:22:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1 KB 92ms
33ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b2d0b9cf370d38b039c8f81fc9a18dde96b77dcbf14371815dec3df058bbc4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 07:41:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 28 Apr 2022 09:22:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Apr 2022 09:22:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
640 B 92ms
34ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e7f9f6d6ef23f88e5dc647c21883eb1e19f3b800a8cd4938deffdabccaad217e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 07:52:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 28 Apr 2022 09:22:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Apr 2022 09:22:53 GMT

GET
H3 200 dfir_circuits_corner.png
dfir.science/assets/images/logos/ 100 KB
101 KB 81ms
79ms Image
image/png 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_circuits_corner.png

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8988d67ee7f22fa5e226abb2f8c6da90c5ca00ed17c0e3d2a29fc66e0ccc55d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 102281
expires: Thu, 28 Apr 2022 09:25:03 GMT
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: 69DC:4FF2:1C89A7:35DAA1:625FC0B8
etag: "6250bbb9-18f89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldmeR4YLpWSIN8vN8mBWUE593Ac8ZPe2jXp2KeqlqdR%2BLbAqN5nMEz43Kn8zJO%2FEByoMyi2EjOQLrNP9E9tf8luy8V8Q0doldSvwdNvPeMLNHWyXi6UnM4os4VW1aCwBjJPiZfOx6SRX2u0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 702ebc6998c04043-CDG
x-proxy-cache: MISS

GET
H3 200 dfir_logo_horz_light.png
dfir.science/assets/images/logos/ 67 KB
68 KB 38ms
37ms Image
image/png 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_logo_horz_light.png

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49b6eabf151d0d507b6b326036c3df1b64b3aa6eb925e351f95038a310fd09a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 63
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 68732
expires: Thu, 28 Apr 2022 09:31:50 GMT
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: E8C0:71F0:6112AA:CB2AC7:6250C64F
etag: "6250bbb9-10c7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqzUyPH3WOovjHlOU9sinor%2FV3BLJpWJ8Cn1awoalejzrjkzAxKseHZ0cKBBkUtijfFcNff2kRaH0ZhYdvNvIxh1bETHCxZfsKTJRzdgyJVPaY8Lom3GVWXayEnvxSdDHvdZFfW8kOvlKz4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 702ebc6998c54043-CDG
x-proxy-cache: MISS

GET
H3 200 becomepatron.png
dfir.science/assets/images/ 10 KB
11 KB 118ms
117ms Image
image/png 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/becomepatron.png

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91a3e46bd2f13459f49e0725554fa7908e36ac219655c4926b8501e9779c05a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10193
expires: Thu, 28 Apr 2022 09:25:03 GMT
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: F5B6:2EA4:15A6D6:1F3EE6:626080FF
etag: "6250bbb9-27d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHqeh2q9y9rl3YnLoJH0nrJYgZ0RgNOLgrMtQOPGtNvbs1kVBoNUW492Ykda8q6wQw%2F0zHGMJSvZFlHvwPOp3ZkKy4MCVjrN2i5jPMfG4zgroUTe8PhlPfjcGmgUngVzQ8jP1IfhrfZGiOI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 702ebc6998c64043-CDG
x-proxy-cache: MISS

GET
H3 200 email-decode.min.js Show response
dfir.science/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 25ms
24ms Script
application/javascript 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Fri, 22 Apr 2022 17:45:27 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"6262e9b7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PiNMcC61HufBnHy5Jdu6TRrPBhIE8xrL6LPkT8sLUuyHCCxV9PUANmYdRtZJ%2B1EyJsF3fLn518US7rR8ZzahWHqKQC6gPPJHbWoNhB4mHwOQNc22L8S1YPiDcD6LGYeIYPzj4vOqDNWupak%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 702ebc6998af4043-CDG
expires: Sat, 30 Apr 2022 09:22:53 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 76ms
18ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F86) /
Resource Hash: 2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 28 Apr 2022 09:22:53 GMT
Content-Encoding: gzip
Age: 332
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Content-Length: 29461
x-tw-cdn: VZ
Last-Modified: Wed, 13 Apr 2022 12:38:34 GMT
Server: ECS (pab/6F86)
Etag: "f1369725ba22125b0df0251e74090aa0+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H3 200 dfir_squaregrid_slate.png
dfir.science/assets/images/logos/ 320 KB
321 KB 123ms
122ms Image
image/png 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_squaregrid_slate.png

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

934db3add01aa8157a04f0447270d1903e92a02c41bf592c054c7c384b1f505c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 327656
expires: Thu, 28 Apr 2022 09:25:03 GMT
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: CC12:54DF:3875B6:537AA0:625FC0B8
etag: "6250bbb9-4ffe8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KBc48RGL1XL%2FiV6at%2FgzHmRgTH0pa8XyLa3LKX4CdiZB6cI1LWTciK%2FPv8Z3fmo6047O9lGUKv1S%2F6SP%2FAVW0ydJ5pH%2F5tznv5tzWm9bPOapZ%2FSDD7OCfwRFNczyAMKRVS8BNqZChGCbto%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 702ebc6998c84043-CDG
x-proxy-cache: MISS

GET
H3 200 dfir_circuits_corner_navy.png
dfir.science/assets/images/logos/ 101 KB
101 KB 153ms
152ms Image
image/png 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_circuits_corner_navy.png

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dea590e7a344ea7b1d9affe6f8b6fcee69778f1aa5e6b4a4a4339b068bd8e6e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 63
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 103143
expires: Thu, 28 Apr 2022 09:31:50 GMT
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: D18E:3A8F:20397:3BA16:62583E99
etag: "6250bbb9-192e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q8xLet8JC1OCengDbuzsQGdLjgg2WxizWZyiSdZo5wTebVHrySjiOls8A%2BX4ENGCxOX3ggJ9ecpVBSnxB5BA%2F%2B26yjegyIQXqMbP08%2FHpdqy7I40ccOICEvdcQ48DofI46epObGx12PzgDs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 702ebc6998c94043-CDG
x-proxy-cache: MISS

GET
H3 200 main.min.js Show response
dfir.science/assets/js/ 120 KB
44 KB 98ms
96ms Script
application/javascript 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/main.min.js

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7d188f6c8f8c4df10ebfb10a1921ccb1d384817a0178373ce2ae9abd7e7bd66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: A77A:0D24:ADB62:147D57:625FC0B8
etag: W/"6250bbb9-1de10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41BSE5CsEswlP8g%2FLv4TG%2F5y5bD7JS8qcyr6C1BHkvvlXAhB4wtf6wY5TD7t8aww8T%2BPqvHrMRE4FlqlQowyhZ9xrx2N2vbuZjSqBAGi6AGZ9FuSLq4mG7fIDVA9pZ%2BK2ytaYOSkg5Fj%2BJQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 702ebc6998b94043-CDG
x-proxy-cache: MISS
expires: Thu, 28 Apr 2022 09:25:03 GMT

GET
H3 200 lunr.min.js Show response
dfir.science/assets/js/lunr/ 29 KB
9 KB 79ms
77ms Script
application/javascript 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/lunr/lunr.min.js

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c50d9002b85780a842afffb567bb54ede402dae7c6dc5997a018614d8044fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 63
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 22:48:25 GMT
server: cloudflare
x-github-request-id: 830A:5FDE:81FF22:FD6EC6:625CF67E
etag: W/"6250bbb9-7346"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHQfvbt1aJ7oXKqW1KS5QDhlRs%2BF3caSYrG4K4kELaBK%2FpcnhZUSxq%2F2fEDEZLAYDet2G5zxt6tqHVpCckvNZcjUVZdjFCSdPfO7ATPGNyBq9JunVIS%2B06GrzQ6ZPjRCHyvoEV%2FmF09B6ck%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 702ebc6998bb4043-CDG
x-proxy-cache: MISS
expires: Thu, 28 Apr 2022 09:31:50 GMT

GET
H3 200 lunr-store.js Show response
dfir.science/assets/js/lunr/ 209 KB
62 KB 43ms
41ms Script
application/javascript 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/lunr/lunr-store.js

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29d6cb451f1d902fc49fa5cc0783584452a8ce6af7d561d9637878b61b1650f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 63
cf-polished: origSize=235551
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 22:48:53 GMT
server: cloudflare
x-github-request-id: 643E:8246:970111:FF14AD:625CF67E
etag: W/"6250bbd5-3981f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bd8SnStAw8BiBFIEDmsmxBinyRyMwIXVDuvneAArV9765sVAZMYJ7fjCwEJY76AS%2F%2B1uHwGtQrQaOequ6qD43HHT0%2FMDvaL%2F%2BYFxO%2FuIeyku3%2F8%2FuoLhDt88GeiEaeq9jTH%2FCyXvc8O5jrg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 702ebc6998bc4043-CDG
x-proxy-cache: MISS
expires: Thu, 28 Apr 2022 09:31:50 GMT

GET
H3 200 lunr-en.js Show response
dfir.science/assets/js/lunr/ 2 KB
1 KB 99ms
97ms Script
application/javascript 2606:4700:3033::ac43:a2ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/lunr/lunr-en.js

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:a2ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f178011f6846fa89e8fd056339e483c9176846053b98d2d328deb1764d67ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 63
cf-polished: origSize=2493
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 22:48:53 GMT
server: cloudflare
x-github-request-id: 6AEA:10DA:6E896B:A7F8B0:6250C64F
etag: W/"6250bbd5-9bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQuoP7eS0taBhXjylbcnKoUQu69d2pTGwkfZRW0d%2BcUncn9Kq7JXjHaFHEqSD5izGh2APnK4vPVOHMNbZYGDf1FmDexhMGgD5QnRRqenWe8BrpOTxbg1AKcXQtwANXpE9HqISmRZMM19z1I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 702ebc6998bf4043-CDG
x-proxy-cache: MISS
expires: Thu, 28 Apr 2022 09:31:50 GMT

GET
H/1.1 200
OK bc1e83d88c15540b3c7f781ee.js Show response
chimpstatic.com/mcjs-connected/js/users/3664f5bc2c4350bc7454f233d/ 4 KB
2 KB 113ms
32ms Script
application/javascript 104.89.44.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/3664f5bc2c4350bc7454f233d/bc1e83d88c15540b3c7f781ee.js
Requested by: Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-137.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 16e04a9a46ac0ea5e191b0883837e6dd660c7823b5400db021889d4a4e450a8c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 101, 107, 109, 121, 123, 119, 107, 392, 106
Date: Thu, 28 Apr 2022 09:22:53 GMT
Content-Encoding: gzip
x-amz-request-id: ZSN8138APN6T2Z0S
X-EdgeConnect-MidMile-RTT: 0, 0, 0, 0, 0, 8, 0, 0, 0
Connection: keep-alive
Content-Length: 1222
x-amz-id-2: 7yeBpvBMTbNUrQv8Lu8rg5FxTilAHlW4M/S5ywMlZyBO1lDpGMTFmOxa2oB4O0r+sVumAnkpWqc=
Last-Modified: Tue, 19 Oct 2021 16:00:54 GMT
Server: AmazonS3
ETag: "a8e7eb74a2d4000de591d9250af7701b"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1733
Accept-Ranges: bytes
Expires: Thu, 28 Apr 2022 09:51:46 GMT

GET
H2 200 xY4YggSTnD8 Show response
www.youtube-nocookie.com/embed/ Frame 9187 60 KB
26 KB 133ms
70ms Document
text/html 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

414aec1b413fd1fad35c29ea9c65fd156829b40ea0279b182fdfaaaa196fedcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfir.science/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="YOUTUBE_NOCOOKIE_DOMAIN"
date: Thu, 28 Apr 2022 09:22:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"YOUTUBE_NOCOOKIE_DOMAIN","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/YOUTUBE_NOCOOKIE_DOMAIN"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2
fonts.gstatic.com/s/inter/v11/ 16 KB
16 KB 90ms
31ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v11/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d56fec2159406ce1d4e284774fd1ee371018f131e28aa303ad1675edc76f20dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dfir.science
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 17:11:15 GMT
x-content-type-options: nosniff
age: 144698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16608
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:38:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 17:11:15 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
fonts.gstatic.com/s/robotomono/v21/ 12 KB
13 KB 84ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v21/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1fd013ac18aebac28e366bf82aace3b2fb6900fecc4793303ed93aeadd31910

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dfir.science
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 23:07:29 GMT
x-content-type-options: nosniff
age: 123324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12312
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:02:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 23:07:29 GMT

GET
H3 200 fa-solid-900.woff2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/ 76 KB
77 KB 54ms
31ms Font
font/woff2 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/fa-solid-900.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css
Origin: https://dfir.science
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 11050
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
x-served-by: cache-fra19139-FRA, cache-cdg20770-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"131bc-DMssgUp+TKEsR3iCFjOAnLA2Hqo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHdSY6pIwAaRGzcma4VSWjr6wB0QC%2FABs0nomoKRNj6UQoTaHPXWKSMWtZ5BdV74yrKsCo3FTcDAzfptbCE6w7Qjye%2Bc16xmJ%2FaXo%2BVoPTP3DHHPJVQpX96z0r2BTB2sEcqkY2q1cVvLdL6neuM%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
cf-ray: 702ebc6a1fc33b79-CDG

GET
H3 200 fa-brands-400.woff2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/ 75 KB
76 KB 91ms
68ms Font
font/woff2 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/fa-brands-400.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css
Origin: https://dfir.science
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40933
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
x-served-by: cache-fra19132-FRA, cache-cdg20724-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"12bc0-BhPH67pV7kfvMCwPd2YyRpL4mac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7r0NKpU0FAhG0%2Fgbqp8BmRsn488pm2o753dqRRmD1gdeVdd4sk9%2FjZrSO202DOKvS5V%2F%2FcMMFnMpUGDhx%2F6eYzpAX6576XEeCodZhWq46oaqtYF5n16XcaNHNmB%2FDpa9KVH22c9c3R0mJOyWU0M%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
cf-ray: 702ebc6a1fc23b79-CDG

GET
H3 200 fa-regular-400.woff2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/ 13 KB
14 KB 127ms
104ms Font
font/woff2 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/fa-regular-400.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css
Origin: https://dfir.science
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
fastly-original-body-size: 13224
age: 41615
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13224
x-served-by: cache-fra19135-FRA, cache-cdg20725-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"33a8-E1F1Ka/6OeJYXFkayubcM2tqqRc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PmVuNxjvbrNLBdvo2eNq4sUFSdHDucFnbbEfjDKgvNFYE0CJzl3o4VO54Rc8BS%2B1iySJ7IMxICuOBXTG0SWQwxk2N2J5%2FE2ecoRc3McLB13V0w7B%2BCAbq4zm2NFVKYhAxGq9vF5%2FtzadcItc88%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
cf-ray: 702ebc6a1fc63b79-CDG

POST
H/1.1 200
OK event Show response
microanalytics.io/api/ 3 B
425 B 77ms
77ms XHR
text/html 51.38.185.25
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://microanalytics.io/api/event
Requested by: Host: microanalytics.io
URL: https://microanalytics.io/js/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.38.185.25 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-06119eaf.vps.ovh.net
Software: nginx /
Resource Hash: 27badc983df1780b60c2b3fa9d3a19a00e46aac798451f0febdca52920faaddf

Request headers

Referer: https://dfir.science/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json, text/javascript; charset=UTF-8

Response headers

pragma: no-cache
Date: Thu, 28 Apr 2022 09:22:53 GMT
Server: nginx
X-RateLimit-Remaining: 58
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://dfir.science
Cache-Control: private, must-revalidate
wikivps_com: HIT from backend
X-RateLimit-Limit: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=60
Content-Length: 3
expires: -1

OPTIONS
H/1.1 204
No Content event
microanalytics.io/api/ Frame 0
0 68ms
34ms Preflight
text/html 51.38.185.25
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://microanalytics.io/api/event
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.38.185.25 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-06119eaf.vps.ovh.net
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://dfir.science
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://dfir.science
Access-Control-Max-Age: 0
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 28 Apr 2022 09:22:53 GMT
Keep-Alive: timeout=60
Server: nginx
wikivps_com: HIT from backend

GET
H/1.1 200
OK embed.js Show response
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/ 128 KB
44 KB 118ms
42ms Script
application/javascript 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Requested by: Host: chimpstatic.com
URL: https://chimpstatic.com/mcjs-connected/js/users/3664f5bc2c4350bc7454f233d/bc1e83d88c15540b3c7f781ee.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b960a89dca43490bf0005a6ed7ef8287405c4bd8b050fc4a4934580d8a5920c6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 28 Apr 2022 02:15:44 GMT
Content-Encoding: br
Last-Modified: Thu, 31 Mar 2022 19:11:17 GMT
Server: AmazonS3
Age: 25630
ETag: W/"7ab9fd3318ef228deb0ec630a29c7cbe"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 1444224b4b97d67af7507c4e96f65844.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: tZF6XByshTdwyKxHG6dkI9-7KDIX4L7KmJPt_1XkQuzUuPf-v6i1jw==

GET
H3 200 www-player.css
www.youtube-nocookie.com/s/player/fe8185e7/ Frame 9187 335 KB
46 KB 80ms
25ms Stylesheet
text/css 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/www-player.css

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e8f39dff13e376c1b3d19f18380bf242b3ad822947f96c37184c4c984532602

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:03:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47147
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:03:34 GMT

GET
H3 200 www-embed-player.js
www.youtube-nocookie.com/s/player/fe8185e7/www-embed-player.vflset/ Frame 9187 277 KB
0 106ms
52ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:03:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87265
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:03:34 GMT

GET
H3 200 base.js
www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/ Frame 9187 576 KB
0 116ms
63ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:17:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61501
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 537059
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:17:52 GMT

GET fetch-polyfill.js
www.youtube-nocookie.com/s/player/fe8185e7/fetch-polyfill.vflset/ Frame 9187 0
0

GET KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9187 0
0

GET
H/1.1 200
OK widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html Show response
platform.twitter.com/widgets/ Frame 211F 319 KB
104 KB 19ms
19ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fdfir.science
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F9E) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer: https://dfir.science/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 644266
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105433
Content-Type: text/html; charset=utf-8
Date: Thu, 28 Apr 2022 09:22:53 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Wed, 13 Apr 2022 12:15:11 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (pab/6F9E)
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=2
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 xY4YggSTnD8 Show response
www.youtube-nocookie.com/embed/ Frame A784 60 KB
25 KB 73ms
72ms Document
text/html 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Requested by

Host: dfir.science
URL: https://dfir.science/assets/js/main.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

24188dff2594a5a42df87e8ac9eae119f8e74a11a08c905d1cb4ca5bafce18cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dfir.science/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="YOUTUBE_NOCOOKIE_DOMAIN"
date: Thu, 28 Apr 2022 09:22:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"YOUTUBE_NOCOOKIE_DOMAIN","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/YOUTUBE_NOCOOKIE_DOMAIN"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 form-settings Show response
mc.us5.list-manage.com/subscribe/ 2 KB
2 KB 105ms
29ms Script
application/json 104.89.22.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mc.us5.list-manage.com/subscribe/form-settings?u=3664f5bc2c4350bc7454f233d&id=522fd8fdae&u=3664f5bc2c4350bc7454f233d&id=522fd8fdae&c=dojo_request_script_callbacks.dojo_request_script0
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.22.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-22-184.deploy.static.akamaitechnologies.com
Software: openresty /
Resource Hash: 2117fc8f9d6e7a7c1d4d70bc2f8ad458b4977370a6102cab4a143729aafdd978

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 139
date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: gzip
referrer-policy: same-origin
server: openresty
x-edgeconnect-midmile-rtt: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=270
x-ua-compatible: IE=edge,chrome=1
content-length: 790
expires: Thu, 28 Apr 2022 09:27:23 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 211F 169 B
424 B 175ms
128ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=55fcfde62ac6a9803dc53ffb2eafe4bd57373e08

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fdfir.science

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

d7f2a53ec64c3613054b8aca405af6eeb1e8dc1bf371d4676f5dbe917e3986d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-response-time: 106
date: Thu, 28 Apr 2022 09:22:52 GMT
content-encoding: gzip
last-modified: Thu, 28 Apr 2022 09:22:53 GMT
server: tsa_f
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 06813fd1e317be36191c6af26ac9e7fa8ba0d63bebebbbba796a1b08e42363e0
content-length: 143

GET
H3 200 www-player.css
www.youtube-nocookie.com/s/player/fe8185e7/ Frame A784 335 KB
46 KB 25ms
24ms Stylesheet
text/css 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/www-player.css

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e8f39dff13e376c1b3d19f18380bf242b3ad822947f96c37184c4c984532602

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:03:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47147
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:03:34 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube-nocookie.com/s/player/fe8185e7/www-embed-player.vflset/ Frame A784 277 KB
85 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b699a13690310f441abbd5d4f452a2b055722beb65574124c4b7dc6accf1974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:03:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87265
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:03:34 GMT

GET
H3 200 base.js Show response
www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/ Frame A784 2 MB
525 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edf2cedf3d598208ea77dc7991dce236e6fe87f287afde3e5b843d86ebe1b1b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:17:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61501
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 537059
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:17:52 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube-nocookie.com/s/player/fe8185e7/fetch-polyfill.vflset/ Frame A784 9 KB
3 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:03:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:03:34 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A784 15 KB
15 KB 25ms
25ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/xY4YggSTnD8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/
Origin: https://www.youtube-nocookie.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 144972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 26 Apr 2023 17:06:41 GMT

GET
H/1.1 200
OK popup.js Show response
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/ 101 KB
29 KB 41ms
41ms Script
application/javascript 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/popup.js
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4e464107ba4301877e7131c0108649f811828efa1327da626809628228931058

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 20:01:56 GMT
Content-Encoding: br
Last-Modified: Tue, 04 Jan 2022 17:01:32 GMT
Server: AmazonS3
Age: 48058
ETag: W/"2f66b75795f5c98d51858a088397023a"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 1444224b4b97d67af7507c4e96f65844.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: g-OEndBn40zPZnU0msz9FNNdf2WkpZFGt5cSQRnAyntkP0wic5nTHg==

GET
H/1.1 200
OK common.css
downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/ Frame 4250 9 KB
3 KB 37ms
37ms Stylesheet
text/css 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/common.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 21:25:31 GMT
Content-Encoding: br
Last-Modified: Tue, 04 Jan 2022 17:01:32 GMT
Server: AmazonS3
Age: 43043
ETag: W/"82e72d627b04e1654282023cca1d1e69"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 1444224b4b97d67af7507c4e96f65844.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: PuGhP_A1E8n2kZGWlOWrTWbl9cTPW8aVE1DvFJ6p9kKAuEE1mRg5IA==

GET
H/1.1 200
OK banner.css
downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/ Frame 4250 1005 B
867 B 74ms
37ms Stylesheet
text/css 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/banner.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bece213397fe5f546674ee29dd3f69ec2f2cc0e480e67f09dcc4c25c0d12a3d7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 18:09:31 GMT
Content-Encoding: br
Last-Modified: Tue, 04 Jan 2022 17:01:33 GMT
Server: AmazonS3
Age: 54803
ETag: W/"78d1bdd981816cfbeb6954a85f9efa58"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 1444224b4b97d67af7507c4e96f65844.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: ptrYlAtbV90bI6rlILdjEVVz0jJsIPK-FRCkpKxvzwg0JOHtujl4vA==

GET
H/1.1 200
OK common.css
downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/ Frame 2F5D 9 KB
3 KB 104ms
36ms Stylesheet
text/css 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/common.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 21:25:31 GMT
Content-Encoding: br
Last-Modified: Tue, 04 Jan 2022 17:01:32 GMT
Server: AmazonS3
Age: 43043
ETag: W/"82e72d627b04e1654282023cca1d1e69"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 cc4ec7b00e99f66f65c59b638212180e.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: 0MY0prKzmIdalOBid4fg1rkKNB-cm50UArC11Tc_B3O0gF2hoSTdZw==

GET
H/1.1 200
OK layout-1.css
downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/ Frame 2F5D 804 B
1 KB 107ms
37ms Stylesheet
text/css 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/layout-1.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60defd0229880a6f78696fcf8e687f94e43fc8bb5ff66028e23e546d0345d2f1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 28 Apr 2022 01:45:26 GMT
Via: 1.1 1444224b4b97d67af7507c4e96f65844.cloudfront.net (CloudFront)
Last-Modified: Tue, 04 Jan 2022 17:01:32 GMT
Server: AmazonS3
Age: 27449
ETag: "33e182d2957d66f0239c291b39120c17"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Connection: keep-alive
X-Amz-Cf-Pop: TXL50-P1
Accept-Ranges: bytes
Content-Length: 804
X-Amz-Cf-Id: 2MyOOS8ro2VdoNI9WW-L2lETrEPn9gyET7gH8abYCi43vXBPRksvnA==

GET
H/1.1 200
OK modal-slidein.css
downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/ 3 KB
2 KB 107ms
36ms Stylesheet
text/css 18.66.2.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/dad5257e8784c6cb4633ebbf068517135d2e0d05/modal-slidein.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/dad5257e8784c6cb4633ebbf068517135d2e0d05/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-21.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 717a079466da86282255203ddb9f6faafb2bf0ca0bb23ecb539463b3f963bde4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 14:27:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Jan 2022 17:01:33 GMT
Server: AmazonS3
Age: 68138
ETag: W/"d23d4c0fac6d9f158d23552bbd4592f0"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 88c4efc7a0d40cb6034579fa005452bc.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: uYrFpS-8h5duSAnAZbnU82FXtdj6wIPZlVi9Mrxclei8C_262z-PFw==

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 89ms
32ms Preflight
text/html 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube-nocookie.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 28 Apr 2022 09:22:53 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame A784 45 KB
22 KB 89ms
38ms XHR
application/json+protobuf 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e993441aefe269607c188134d1a802f8ced119d6b67ade12c8ec7787fe462267

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube-nocookie.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
vary: Origin, X-Origin, Referer
content-length: 22393
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/ Frame A784 118 KB
37 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/remote.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

360da7aa0d9b5dc81957c4c4443ec7c27b7ea591b760d5425de4617f52868678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:17:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61499
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37626
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:17:54 GMT

GET
H2 200 TQezcOaa2ygoYVvjSfp33wCyMmevbhCkUZi6vgUsRyc.js Show response
www.google.com/js/th/ Frame A784 35 KB
14 KB 83ms
25ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/TQezcOaa2ygoYVvjSfp33wCyMmevbhCkUZi6vgUsRyc.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d07b370e69adb2828615be349fa77df00b23267af6e10a45198babe052c4727

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 07:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13736
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 11:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Apr 2023 07:54:45 GMT

GET
H3 200 embed.js Show response
www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/ Frame A784 27 KB
8 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/embed.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fe46841ee9c3376b3b6ceeb03df6db3f5613e38da8b8ce8683793b119960ee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 16:17:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61499
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8120
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 04:40:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Apr 2023 16:17:54 GMT

GET
DATA 200
OK truncated
/ Frame A784 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 2NPCotBcPkbqOEGuKMyiHhFwv8bZM6WUU0dz18lhz-umuiAjpLWtVjV5FygDS5nbPpM5ujpE8A=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame A784 4 KB
4 KB 82ms
25ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/2NPCotBcPkbqOEGuKMyiHhFwv8bZM6WUU0dz18lhz-umuiAjpLWtVjV5FygDS5nbPpM5ujpE8A=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6a7c0a8f9ab61108aa76f70cd4cb7fd02695add69d0f4d05e05db783faa078ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:01:39 GMT
x-content-type-options: nosniff
age: 1274
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3632
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 09 Mar 2022 10:11:51 GMT

GET
H2 200 maxresdefault.webp
i.ytimg.com/vi_webp/xY4YggSTnD8/ Frame A784 40 KB
40 KB 83ms
25ms Image
image/webp 2a00:1450:4001:811::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/xY4YggSTnD8/maxresdefault.webp

Requested by

Host: dfir.science
URL: https://dfir.science/2017/07/How-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee52b81d8be85d3170233c2a60f73985aecdb582803b2e1d56451c78f56d00ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:21:51 GMT
x-content-type-options: nosniff
age: 62
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40644
x-xss-protection: 0
server: sffe
etag: "1522312453"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 28 Apr 2022 11:21:51 GMT

GET
H/1.1 200
OK button.e878ad6ba18f0bdda53d6861059b0edd.js Show response
platform.twitter.com/js/ 7 KB
3 KB 18ms
18ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e878ad6ba18f0bdda53d6861059b0edd.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F86) /
Resource Hash: bd08180ec011a2cc6a193103b8279709370cedabcafe9ea5a7dd4a6ff23541d5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 28 Apr 2022 09:22:53 GMT
Content-Encoding: gzip
Age: 644269
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Content-Length: 2358
x-tw-cdn: VZ
Last-Modified: Wed, 13 Apr 2022 12:14:38 GMT
Server: ECS (pab/6F86)
Etag: "3a38d3766372da05b01a88837c3af509+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame A784 4 KB
3 KB 104ms
46ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 28 Apr 2022 09:22:53 GMT

GET
H/1.1 200
OK tweet_button.bbd13993eb53d3a11ac08f5e8cf9d6a4.en.html Show response
platform.twitter.com/widgets/ Frame 8211 32 KB
13 KB 18ms
18ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.bbd13993eb53d3a11ac08f5e8cf9d6a4.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F86) /
Resource Hash: 3b88d851130733719e7f882b99cffb4ebf7f24f08c1f270bd697e67ff5ba667d

Request headers

Referer: https://dfir.science/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 644265
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12240
Content-Type: text/html; charset=utf-8
Date: Thu, 28 Apr 2022 09:22:53 GMT
Etag: "9678cd9d5473f15fc123f41555152a6e+gzip"
Last-Modified: Wed, 13 Apr 2022 12:14:55 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (pab/6F86)
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
357 B 130ms
130ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fdfir.science%2F2017%2F07%2FHow-To-Fuzzy-Hashing-with-SSDEEP-(similarity-matching).html%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22DFIRScience%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1651137773906%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22c8fe9736dd6fb%3A1649830956492%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22mention%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=55fcfde62ac6a9803dc53ffb2eafe4bd57373e08

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 107
pragma: no-cache
last-modified: Thu, 28 Apr 2022 09:22:53 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 06813fd1e317be36191c6af26ac9e7fa8ba0d63bebebbbba796a1b08e42363e0
x-transaction: fc66c86cdf9570e7
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3 204 generate_204
www.youtube-nocookie.com/ Frame A784 0
9 B 25ms
24ms Image
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube-nocookie.com/generate_204?1rnm9Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 09:22:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
DATA 200
OK truncated
/ Frame 8211 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/101/ Frame A784 52 KB
15 KB 80ms
29ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/101/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f69d70bf8ce1e473f3659ee6c746035ae11ebbe9383c1857783e300458667e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 06:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11342
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15395
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 19:36:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 29 Apr 2022 06:13:52 GMT

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame A784 98 B
141 B 39ms
35ms XHR
application/json+protobuf 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/player_ias.vflset/fr_FR/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

33695f2df45614ee1155d81a1926c5f0493c9ed3c3235250185e14616d42fb28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube-nocookie.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 28 Apr 2022 09:22:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
vary: Origin, X-Origin, Referer
content-length: 118
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 33ms
33ms Preflight
text/html 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube-nocookie.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 28 Apr 2022 09:22:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log_event Show response
www.youtube-nocookie.com/youtubei/v1/ Frame A784 28 B
54 B 39ms
38ms XHR
application/json 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube-nocookie.com/embed/xY4YggSTnD8
X-YouTube-Client-Version: 1.20220426.01.01
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgt1WmhHSGFfVV9ISSjtuamTBg%3D%3D
X-YouTube-Ad-Signals: dt=1651137773644&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C936%2C527&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 28 Apr 2022 09:22:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 28 Apr 2022 09:22:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/fe8185e7/fetch-polyfill.vflset/fetch-polyfill.js

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.list-manage.com/	1970-01-20 11:24:33	Name: _abck Value: 6A935F5D67E4C902612BE73B85FED885~-1~YAAQZ+F7XGqpllSAAQAAOwB7bwc8gq34b5b8ztf/cpv0t5mmQj4Z5EK7uVS7PLFS8NZDlwfYeqUu1ZUGXFbqG0vDgYvnVYXaOPBqtH8AYDjd+W/1yfQCPBjaC5tWK4yHyTlO+bFHtSeEE8/g1xtgMwDGapo1704AbqJGYPIOk0fa+56cykvmlpb3sIYNVzLHsJyv7FBhuXLlOJUJr49nZJ3nl+Czd3s8kYZS2cNxU064KsDSgAJzVXsbGkK+DN83WuNquByo3fS3KZq0XgN0Ar3J429lpGSpaKtXCFtIphUDXEUrMRy7VNu2moK38MHQAR1wRjvsrNwZrmL7I5Ti/Pp00SOA6zdGCSfi7mNw5dNVVM1xzuAdbEBOlV8cSvOOiw==~-1~-1~-1
.us5.list-manage.com/	1970-01-20 02:39:04	Name: ak_bmsc Value: 15296C4AAB3D3B2233355C3C3818D2C5~000000000000000000000000000000~YAAQZ+F7XGupllSAAQAAOwB7bw9zkQ1K+wjVmUGEc3QD3+isjW2hhg0L86Be4eoq5G8jXaEPL+Rv0/9LndnRBKM8MuBi+OhWayVT8JVdTYipDGuyQOgqcQNE0B8djuGHCBweHHIk/ksGX+P9G0Fs3nHPHI69ZFFje5+F/x1pf1E96iEDoMDWa3PNztZ+vtcqaTA9ltFGgTnsXjzA9Vcse1jATp+2XMeEqiWkuwDYfWcRBn/KykmicobJTqZtmcJY6IJ2bcA47U4DXtC09Ltpb4zcQQBD1gncqMM0uLtdWN9PxFgcwXYi8dnSO7oFkoihiU190/njQHs1fIQszdc7lz6sLYay3K55CtST3X1R7zlY/vPsFVfcKAayv78DbU7dc8Vx0MQuiShNSHf4BwWO36w5
.list-manage.com/	1970-01-20 02:39:12	Name: bm_sz Value: 11E7806DC80CD0494EED088E9F57BA0A~YAAQZ+F7XGypllSAAQAAOwB7bw9+ijfOsNsrU1BVgo2Fjj8OFd68YG5VK++M8FYrElohp7X5nimfTwplO7Nm0Eudac+ed1sKAj2OMog1Fmn1xu9oVV/nYQdrZq9n60MORF0zeHDWm32fUZQ5VpxMzl2gWajz5JdeQ3uORWrtW1V6MI1qkzkCxokd+bS/lOGh0pigzBjGOmbUFODKkLC3n0dY4EoegSvV5pWT+vxYHIRVavK2ke4P2oU6TEIME2svA+sC6oEfYLYtzw0MpSuICKU4uchqMqRENBUCUhr1/6mSKifUecI27g==~3752246~3163701

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
chimpstatic.com
dfir.science
downloads.mailchimp.com
fonts.googleapis.com
fonts.gstatic.com
i.ytimg.com
jnn-pa.googleapis.com
mc.us5.list-manage.com
microanalytics.io
platform.twitter.com
syndication.twitter.com
www.google.com
www.gstatic.com
www.youtube-nocookie.com
yt3.ggpht.com
fonts.gstatic.com
www.youtube-nocookie.com
104.244.42.8
104.89.22.184
104.89.44.137
18.66.2.21
2606:2800:234:59:254c:406:2366:268c
2606:4700:3033::ac43:a2ce
2606:4700::6810:5614
2a00:1450:4001:808::200a
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:811::2016
2a00:1450:4001:813::2001
2a00:1450:4001:829::2003
2a00:1450:4001:829::2004
2a00:1450:4001:830::200a
51.38.185.25
0c50d9002b85780a842afffb567bb54ede402dae7c6dc5997a018614d8044fc8
16e04a9a46ac0ea5e191b0883837e6dd660c7823b5400db021889d4a4e450a8c
2117fc8f9d6e7a7c1d4d70bc2f8ad458b4977370a6102cab4a143729aafdd978
24188dff2594a5a42df87e8ac9eae119f8e74a11a08c905d1cb4ca5bafce18cc
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27badc983df1780b60c2b3fa9d3a19a00e46aac798451f0febdca52920faaddf
29d6cb451f1d902fc49fa5cc0783584452a8ce6af7d561d9637878b61b1650f9
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8
33695f2df45614ee1155d81a1926c5f0493c9ed3c3235250185e14616d42fb28
360da7aa0d9b5dc81957c4c4443ec7c27b7ea591b760d5425de4617f52868678
3b88d851130733719e7f882b99cffb4ebf7f24f08c1f270bd697e67ff5ba667d
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fe46841ee9c3376b3b6ceeb03df6db3f5613e38da8b8ce8683793b119960ee7
401f473f1116a90d20522b81ae069872d696da1c4d18e3c681fbc7a29fa8601f
414aec1b413fd1fad35c29ea9c65fd156829b40ea0279b182fdfaaaa196fedcd
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
49b6eabf151d0d507b6b326036c3df1b64b3aa6eb925e351f95038a310fd09a5
4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72
4d07b370e69adb2828615be349fa77df00b23267af6e10a45198babe052c4727
4e464107ba4301877e7131c0108649f811828efa1327da626809628228931058
60defd0229880a6f78696fcf8e687f94e43fc8bb5ff66028e23e546d0345d2f1
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6a7c0a8f9ab61108aa76f70cd4cb7fd02695add69d0f4d05e05db783faa078ad
6e8f39dff13e376c1b3d19f18380bf242b3ad822947f96c37184c4c984532602
6f69d70bf8ce1e473f3659ee6c746035ae11ebbe9383c1857783e300458667e0
717a079466da86282255203ddb9f6faafb2bf0ca0bb23ecb539463b3f963bde4
7f178011f6846fa89e8fd056339e483c9176846053b98d2d328deb1764d67ceb
8ba0da4e1ec30889efee1d8e045057eba2e01e1da2afc6d54f3c98a97e661bef
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef
91a3e46bd2f13459f49e0725554fa7908e36ac219655c4926b8501e9779c05a6
934db3add01aa8157a04f0447270d1903e92a02c41bf592c054c7c384b1f505c
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9b699a13690310f441abbd5d4f452a2b055722beb65574124c4b7dc6accf1974
a8988d67ee7f22fa5e226abb2f8c6da90c5ca00ed17c0e3d2a29fc66e0ccc55d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b2d0b9cf370d38b039c8f81fc9a18dde96b77dcbf14371815dec3df058bbc4da
b960a89dca43490bf0005a6ed7ef8287405c4bd8b050fc4a4934580d8a5920c6
bd08180ec011a2cc6a193103b8279709370cedabcafe9ea5a7dd4a6ff23541d5
bece213397fe5f546674ee29dd3f69ec2f2cc0e480e67f09dcc4c25c0d12a3d7
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
d56fec2159406ce1d4e284774fd1ee371018f131e28aa303ad1675edc76f20dc
d7d188f6c8f8c4df10ebfb10a1921ccb1d384817a0178373ce2ae9abd7e7bd66
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d7f2a53ec64c3613054b8aca405af6eeb1e8dc1bf371d4676f5dbe917e3986d8
dea590e7a344ea7b1d9affe6f8b6fcee69778f1aa5e6b4a4a4339b068bd8e6e1
e1fd013ac18aebac28e366bf82aace3b2fb6900fecc4793303ed93aeadd31910
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca
e7f9f6d6ef23f88e5dc647c21883eb1e19f3b800a8cd4938deffdabccaad217e
e993441aefe269607c188134d1a802f8ced119d6b67ade12c8ec7787fe462267
edf2cedf3d598208ea77dc7991dce236e6fe87f287afde3e5b843d86ebe1b1b5
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee52b81d8be85d3170233c2a60f73985aecdb582803b2e1d56451c78f56d00ab
f298d83c06cb5f12f952e5b24833f12a32bd11f97186ff9a602f1b2bb15eec51

dfir.science Open in urlscan Pro 2606:4700:3033::ac43:a2ce Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

63 Requests

97 %HTTPS

69 %IPv6

13 Domains

16 Subdomains

17 IPs

3 Countries

2105 kBTransfer

6134 kBSize

3 Cookies

23 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

dfir.science Open in urlscan Pro
2606:4700:3033::ac43:a2ce Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

97 %
HTTPS

69 %
IPv6

13
Domains

16
Subdomains

17
IPs

3
Countries

2105 kB
Transfer

6134 kB
Size

3
Cookies

63 HTTP transactions
2 data transactions