urlscan.io logo urlscan.io
SecurityTrails logo

dfir.ru Open in urlscan Pro
192.0.78.25  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dfir.ru/
Effective URL: https://dfir.ru/
Submission: On November 10 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 29 HTTP transactions. The main IP is 192.0.78.25, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is dfir.ru.
TLS certificate: Issued by R3 on October 20th 2023. Valid for: 3 months.
This is the only time dfir.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 192.0.78.24 2635 (AUTOMATTIC)
2 192.0.78.25 2635 (AUTOMATTIC)
17 192.0.77.32 2635 (AUTOMATTIC)
2 2a04:fa87:fff... 2635 (AUTOMATTIC)
1 192.0.72.18 2635 (AUTOMATTIC)
5 192.0.76.3 2635 (AUTOMATTIC)
1 192.0.78.18 2635 (AUTOMATTIC)
29 7
1    192.0.78.24 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
dfir.ru
2    192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
dfir.ru
17    192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
s0.wp.com
fonts-api.wp.com
fonts.wp.com
2    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
0.gravatar.com
1    192.0.72.18 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
dfirru.files.wordpress.com
5    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
1    192.0.78.18 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
r-login.wordpress.com
Apex Domain
Subdomains		 Transfer
22 wp.com
s0.wp.com — Cisco Umbrella Rank: 8056
fonts-api.wp.com — Cisco Umbrella Rank: 15907
stats.wp.com — Cisco Umbrella Rank: 2855
fonts.wp.com — Cisco Umbrella Rank: 16559
pixel.wp.com — Cisco Umbrella Rank: 2799
127 KB
3 dfir.ru
dfir.ru
28 KB
2 wordpress.com
dfirru.files.wordpress.com
r-login.wordpress.com — Cisco Umbrella Rank: 26761
2 KB
2 gravatar.com
0.gravatar.com — Cisco Umbrella Rank: 8325
6 KB
29 4
Domain Requested by
15 s0.wp.com dfir.ru
4 pixel.wp.com dfir.ru
3 dfir.ru 1 redirects dfir.ru
2 0.gravatar.com dfir.ru
0.gravatar.com
1 r-login.wordpress.com dfir.ru
1 fonts.wp.com fonts-api.wp.com
1 stats.wp.com dfir.ru
1 dfirru.files.wordpress.com dfir.ru
1 fonts-api.wp.com dfir.ru
29 9
Subject Issuer Validity Valid
tls.automattic.com
R3		 2023-10-20 -
2024-01-18		 3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-14 -
2023-12-15		 a year crt.sh
*.gravatar.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-23 -
2023-12-24		 a year crt.sh
*.files.wordpress.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-23 -
2023-12-24		 a year crt.sh
*.wordpress.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-23 -
2023-12-24		 a year crt.sh

This page contains 2 frames:

Primary Page: https://dfir.ru/
Frame ID: E83AE926FA87567BE9D3CA619BAD27F4
Requests: 28 HTTP requests in this frame

Frame: https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9kZmlyLnJ1&wpcomid=149118243&time=1699594720
Frame ID: 0B1C8BA84B048D67EEAC88850514D18B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

My DFIR Blog – Digital Forensics & Incident Response & Reverse Engineering

Page URL History Show full URLs

  1. http://dfir.ru/ HTTP 301
    https://dfir.ru/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]+s\d+\.wp\.com
  • /wp-(?:content|includes)/

Page Statistics

29
Requests

97 %
HTTPS

14 %
IPv6

4
Domains

9
Subdomains

7
IPs

2
Countries

163 kB
Transfer

634 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dfir.ru/ HTTP 301
    https://dfir.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
dfir.ru/
Redirect Chain
  • http://dfir.ru/
  • https://dfir.ru/
97 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
001e59c81a45e3e14a69993078e2acfcc7f0f82f94687b3c85d7c29d0a2877ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 10 Nov 2023 05:38:40 GMT
host-header
WordPress.com
link
<https://wp.me/a5GsX>; rel=shortlink
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding accept, content-type, cookie
x-ac
2.hhn _dfw EXPIRED
x-hacker
Want root? Visit join.a8c.com/hacker and mention this header.

Redirect headers

Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Fri, 10 Nov 2023 05:38:40 GMT
Location
https://dfir.ru/
Server
nginx
X-ac
2.hhn _dfw BYPASS
infinity.css
s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/modules/infinite-scroll/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/modules/infinite-scroll/infinity.css?m=1685115060i&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
f037f98a71bb59b4aec4e4f54d3915489a84376c82d0c95e61c3e0cb60b61785

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
x-minify
t
alt-svc
h3=":443"; ma=86400
x-nc
HIT hhn 2
server
nginx
etag
W/5729-1685115077021.7341
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
expires
Thu, 30 May 2024 20:31:41 GMT
style.css
s0.wp.com/wp-content/plugins/gutenberg-core/v16.9.0/build/block-library/ 		108 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/plugins/gutenberg-core/v16.9.0/build/block-library/style.css?m=1698313083i&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
79072b7bdb8b7fc3dbb1c5958dc0c586d8d3f7c1cef439a679672beab6196afe

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
miss
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
x-minify
t
alt-svc
h3=":443"; ma=86400
x-nc
HIT hhn 2
server
nginx
etag
W/110750-1698313099700.6604
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
expires
Fri, 25 Oct 2024 10:33:16 GMT
/
s0.wp.com/_static/ 		159 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJyVjV0OwiAQBi8kEKrR+mA8C4UN2br8hAVNby8mprEvGh8n+82semSB0VJzwGpmFcChAYIAsW4gk1mgCAJv7CIDRmmZd+qb3m+fvJFsivW1ydQ8Rla+dZygeDFRsrceg5qNvYn+NrUqfEGnuC4E/yeKqRg9/9BtemuD1KPUgjFkAlHgLg/KIdd1IdbQNVz0cdTjfhjOp/kJMmh7kg==&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
71df132c94f689f31822d47f4c4651b3639b7eb548a20bac80d9f30f686312a3

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
last-modified
Fri, 19 May 2023 01:48:14 GMT
server
nginx
etag
W/"6466d55e-27db3"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Wed, 02 Oct 2024 11:52:45 GMT
/
s0.wp.com/_static/ 		369 B
675 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
x-ac
2.hhn _dfw BYPASS
last-modified
Sun, 19 Dec 2021 04:31:32 GMT
server
nginx
etag
"61beb5a4-171"
access-control-allow-methods
GET, HEAD
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
369
expires
Fri, 10 Nov 2023 15:12:40 GMT
/
s0.wp.com/_static/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??/wp-content/themes/pub/penscratch-2/css/reset.css,/wp-content/themes/pub/penscratch-2/style.css?m=1697120938j&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
90b76fae643307fa7880dfd5d81d176ddf33d7b4459dda41704a73b688f2db66

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
last-modified
Thu, 12 Oct 2023 14:35:24 GMT
server
nginx
etag
W/"6528042c-5c38"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Sun, 13 Oct 2024 10:07:15 GMT
css
fonts-api.wp.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts-api.wp.com/css?family=Roboto+Slab%3A300%2C400%2C700&subset=latin%2Clatin-ext
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b61291dfcdba53293cedcdc466d2ae0aa02fac9b5bd75597b2b92cefd254e471
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 05:38:40 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
x-nc
BYPASS hhn 1
last-modified
Fri, 10 Nov 2023 04:10:53 GMT
server
nginx
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
/
s0.wp.com/_static/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJyNjkEKwjAQRS/kOLWU7MSzpMOYRpNJyEwpvb3RjYgg7t5bvM/HrQIVMRZDWzizYl1nrCxKzRstMCKp4pwK3fXY8YB/JFEI1fbEsFUq+avLK9S0hiiKgQv0cW+xyIfANfnYfqWN+63QMbw+vvUZXfL55NwwjM5N0+0BdkhVaQ==&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
4542137c751f4fa3c953955e67e98f7a95672cde8e65da7e7cbd230f5e21bd91

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
last-modified
Tue, 09 Aug 2022 06:40:10 GMT
server
nginx
etag
W/"62f2014a-251e"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Thu, 14 Mar 2024 19:36:30 GMT
global-print.css
s0.wp.com/wp-content/mu-plugins/global-print/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035i&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
x-minify
t
alt-svc
h3=":443"; ma=86400
x-nc
HIT hhn 2
server
nginx
etag
W/8044-1684465181225.707
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
expires
Thu, 30 May 2024 20:22:44 GMT
global.css
s0.wp.com/wp-content/themes/h4/ 		311 B
604 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/themes/h4/global.css?m=1420737423i&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
947d703f577549cbb0b1a4143f3b363ec9c7cf309587d5b12b87f0e64ff99db4

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
x-ac
2.hhn _dfw BYPASS
server
nginx
x-minify
t
etag
W/471-1684465158837.707
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
311
expires
Thu, 30 May 2024 20:22:44 GMT
/
s0.wp.com/_static/ 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJxdjUsOwjAMBS9EMD8BXSCOUiWNqZwmdpQ4BW5PF4AEyzdvpIF7NoOwIiuECkkcRTStYrHjwgzxTdahruDXK1FNLvJ4/n+pmRzbSFwhoGY7TO8NtfEH9TOylwK2qSSrSsNXnsmj5IK1gmsUPURyoDIhG1fIj7gEr+myPXbd/rw5HXbhBQA5SCY=
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
c84b33ef039cfde382df32d6736dc00281d42d092dc9157cea29359f1a988a5c

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
last-modified
Tue, 07 Nov 2023 18:12:32 GMT
server
nginx
etag
W/"654a7e10-736f"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Wed, 06 Nov 2024 18:22:45 GMT
hovercards.min.js
0.gravatar.com/js/hovercards/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202345aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 05:38:40 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
last-modified
Tue, 15 Aug 2023 17:32:05 GMT
server
nginx
etag
W/"64dbb695-32aa"
content-type
application/javascript
cache-control
max-age=604800
alt-svc
h3=":443"; ma=86400
expires
Fri, 17 Nov 2023 05:38:40 GMT
wpgroho.js
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 		655 B
703 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
x-minify
t
alt-svc
h3=":443"; ma=86400
x-nc
HIT hhn 2
server
nginx
etag
W/1125-1684460931415.6394
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
expires
Thu, 30 May 2024 20:22:44 GMT
cropped-logo1.png
dfirru.files.wordpress.com/2018/07/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dfirru.files.wordpress.com/2018/07/cropped-logo1.png?w=50
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.72.18 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
74d560e4e6095f6054f8bf5c4c80608bb4057b436d1b2f68bef70423f5782b37
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 18 np
date
Fri, 10 Nov 2023 05:38:41 GMT
x-content-type-options
nosniff, nosniff
last-modified
Tue, 17 Jul 2018 22:12:41 GMT
server
nginx
x-orig-src
0_imageresize
vary
Accept, Origin
content-type
image/webp
access-control-allow-origin
https://dfirru.wordpress.com
access-control-allow-credentials
true
accept-ranges
bytes
content-length
1164
expires
Thu, 07 Dec 2023 06:17:09 GMT
/
s0.wp.com/_static/ 		33 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJydzEEKwyAQheEL1Q5JocFFyFmsDkEzjuI4hNy+FJptFln+j8cHezW+cEfukNVU0jWyQMJend/+DaIMuQQlFPCuFRUkkD1WbOajHAifXuQB97Hzcw43vR4Jg1kdEbbjqn7+kufhbUc7vYZxSl9CS2RI&cssminify=yes
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
45715a58f477840e10d7fefd4b8b58a99451e429f4711fd75820a972d2503aa0

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
last-modified
Fri, 25 Aug 2023 14:18:57 GMT
server
nginx
etag
W/"64e8b851-8455"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Sat, 24 Aug 2024 14:32:26 GMT
/
s0.wp.com/_static/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJyVkN1uwjAMRl9ortcObXAx7VFQmrrFreNEdQLj7WHSuiGENrg8ls/nHzwk8FEzacZQIEkZWA1Hysn56ZvRiuKW1WNbWDpk7Vk5E5ifo8jCxyqwVqM94UXokuhjK9FPhk1Vr6sajEMSgpn21Qo7tozjbxNIdB3Nt/LyjgIZptJiIj0v4LLfQfNlq9vz4DLHR6RLfkCziRMI6wR99MWg589r++53ejfHYiQ/bUvh1v13p2YW6mBwIjQf/6J/pizLwCH5GK7w7H2E9/p181Y3z5uX9XgCF93bpA==
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
c0eb7c5f11c1b86a4598d1c292c40706e017b4a1f7e3403078bd331ec3a4d8d2

Request headers

Referer
https://dfir.ru/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:40 GMT
content-encoding
br
x-ac
2.hhn _dfw BYPASS
last-modified
Thu, 12 Oct 2023 14:35:24 GMT
server
nginx
etag
W/"6528042c-bee4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Fri, 11 Oct 2024 20:14:26 GMT
w.js
stats.wp.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/w.js?64
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
585d4af3a08847a4604f8796b4841ebf7eaec7211606cc954f88dc9f27c72b28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT hhn
date
Fri, 10 Nov 2023 05:38:41 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/11154-1698845937402.5698
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Thu, 31 Oct 2024 13:39:12 GMT
bilmur.min.js
dfir.ru/wp-content/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dfir.ru/wp-content/js/bilmur.min.js?i=10&m=202345
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
cc4ed79586437da5670d6468a8371ddf4bb25921a02d2cbc69f120bc6715cec6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 05:38:41 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 09 Nov 2023 12:17:57 GMT
server
nginx
x-ac
2.hhn _dfw MISS
etag
W/"654ccdf5-1a82"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
expires
Sat, 09 Nov 2024 05:38:41 GMT
e5e08466-c149-4b0b-bd24-1e44f2a0274a
https://dfir.ru/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://dfir.ru/e5e08466-c149-4b0b-bd24-1e44f2a0274a
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Length
1245
Content-Type
text/javascript
BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.wp.com/s/robotoslab/v34/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.wp.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Roboto+Slab%3A300%2C400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://dfir.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 10 Nov 2023 05:38:41 GMT
x-content-type-options
nosniff
last-modified
Tue, 24 Oct 2023 01:54:50 GMT
server
nginx
age
12546
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
34328
x-xss-protection
0
g.gif
pixel.wp.com/ 		50 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.7337471737269106
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 10 Nov 2023 05:38:41 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
g.gif
pixel.wp.com/ 		50 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?blog=149118243&v=wpcom&tz=3&user_id=0&subd=dfirru&host=dfir.ru&ref=&rand=0.9503245998678111
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 10 Nov 2023 05:38:41 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
g.gif
pixel.wp.com/ 		50 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD98bDhscWI%2FelZKWDRzYkNyaD1XdFpoZW5WRXA1MFQ3aXlnbWN8Z0R2NTJ6P0tPRlZCc25kcFd1ZjYuXzV5Xzl4RXBIRHR2fix%2BSSxha3QuMyY2TCxNNGwsNS5EVEo5fkcmRU5vR0JBJUssL08rOXM2WVpkQzNFWnxoT1glU1pkaEdZQUJVVV1na3VWUHpqdDhJaV1xTkcwdTFNcURMTnUzQUxqK0RialFGbzE2K1YmYlNIZUVrYXcrZEJyc3IreE1vdm9aM0Q%3D&v=wpcom-no-pv&rand=0.6005359669838843
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 10 Nov 2023 05:38:41 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
wp-emoji-release.min.js
s0.wp.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1677072837i&ver=6.4.1-RC1-57094
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 10 Nov 2023 05:38:41 GMT
content-encoding
br
x-ac
2.hhn _dca MISS
last-modified
Fri, 19 May 2023 01:53:28 GMT
server
nginx
etag
W/"6466d698-4904"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
expires
Fri, 08 Nov 2024 11:43:21 GMT
hovercards.min.css
0.gravatar.com/js/hovercards/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=202345aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
Requested by
Host: 0.gravatar.com
URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202345aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 05:38:41 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
last-modified
Wed, 11 Oct 2023 03:50:13 GMT
server
nginx
etag
W/"65261b75-d5d"
content-type
text/css
cache-control
max-age=604800
alt-svc
h3=":443"; ma=86400
expires
Fri, 17 Nov 2023 05:38:41 GMT
remote-login.php
r-login.wordpress.com/ Frame 0B1C 		117 B
342 B 		Document
General
Check archive.org
Download Go to
Full URL
https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9kZmlyLnJ1&wpcomid=149118243&time=1699594720
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.18 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
7db48314731b612123ecf61b9b435f24f4a9dd045724b3df76f9c985fd192da1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://dfir.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, must-revalidate, max-age=0
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 10 Nov 2023 05:38:41 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding Cookie
x-ac
1.hhn _dfw MISS
actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20231110
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
5a64f5d72092484a8b369be4852e2f5d82f024bb8e191add1ba028f30ec37f3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
date
Fri, 10 Nov 2023 05:38:41 GMT
content-encoding
br
x-ac
2.hhn _dca MISS
x-minify
t
alt-svc
h3=":443"; ma=86400
x-nc
HIT hhn 1
server
nginx
etag
W/18163-1699585417053.101
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
expires
Sat, 09 Nov 2024 03:03:48 GMT
actionbar.js
s0.wp.com/wp-content/mu-plugins/actionbar/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231110
Requested by
Host: dfir.ru
URL: https://dfir.ru/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
28bac34917bba2f5ebef5c3a1533fdfcd9c7c6e0accef5bc18addd58adeb1181

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-minify-cache
hit
date
Fri, 10 Nov 2023 05:38:41 GMT
content-encoding
br
x-ac
2.hhn _dca MISS
x-minify
t
alt-svc
h3=":443"; ma=86400
x-nc
HIT hhn 1
server
nginx
etag
W/15129-1699585419687.8982
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
expires
Sat, 09 Nov 2024 03:03:48 GMT
boom.gif
pixel.wp.com/ 		0
81 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0&largest_contentful_paint=989&batcache_hit=0&provider=wordpress.com&service=simple&custom_properties=%7B%22logged_in%22%3A%220%22%2C%22wptheme%22%3A%22pub%2Fpenscratch-2%22%2C%22wptheme_is_block%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=10000&host_name=dfir.ru&url_path=%2F&nt_fetchStart=257&nt_domainLookupStart=258&nt_domainLookupEnd=258&nt_connectStart=258&nt_connectEnd=298&nt_secureConnectionStart=275&nt_requestStart=298&nt_responseStart=608&nt_responseEnd=751&nt_domLoading=611&nt_domInteractive=948&nt_domContentLoadedEventStart=1021&nt_domContentLoadedEventEnd=1029&nt_domComplete=1283&nt_loadEventStart=1283&nt_loadEventEnd=1284&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=958&first_contentful_paint=958&resource_size=443425&resource_transferred=81197&resource_cache_percent=0&js_size=85860&js_transferred=27503&js_cache_percent=0&blocking_size=348071&blocking_transferred=52506&blocking_cache_percent=0&last_resource_end=1306
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dfir.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 10 Nov 2023 05:38:43 GMT
cache-control
no-cache
server
nginx

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| wpcom_remote_login_extra_auth function| wpcom_remote_login_remove_dom_node_id function| wpcom_remote_login_remove_dom_node_classes function| wpcom_remote_login_final_cleanup function| addLoadEvent object| _wpemojiSettings object| videopressAjax object| actionbardata object| wpcom_mobile_user_agent_info function| rltInvalidateToken function| rltInjectToken function| rltIsAuthenticated function| rltGetToken function| rltAddInitializationListener function| rltStoreToken function| rltInitialize object| infiniteScroll object| Gravatar object| WPGroHo object| wpcom_coblocks_js object| coblocksLigthboxData object| jetpackSwiperLibraryPath object| jetpackCarouselStrings object| wpcom object| _tkq object| _stq string| mobileStatsQueryString object| twemoji object| wp

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
dfir.ru
dfirru.files.wordpress.com
fonts-api.wp.com
fonts.wp.com
pixel.wp.com
r-login.wordpress.com
s0.wp.com
stats.wp.com
192.0.72.18
192.0.76.3
192.0.77.32
192.0.78.18
192.0.78.24
192.0.78.25
2a04:fa87:fffe::c000:4902
001e59c81a45e3e14a69993078e2acfcc7f0f82f94687b3c85d7c29d0a2877ea
14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730
28bac34917bba2f5ebef5c3a1533fdfcd9c7c6e0accef5bc18addd58adeb1181
2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4542137c751f4fa3c953955e67e98f7a95672cde8e65da7e7cbd230f5e21bd91
45715a58f477840e10d7fefd4b8b58a99451e429f4711fd75820a972d2503aa0
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
585d4af3a08847a4604f8796b4841ebf7eaec7211606cc954f88dc9f27c72b28
5a64f5d72092484a8b369be4852e2f5d82f024bb8e191add1ba028f30ec37f3e
71df132c94f689f31822d47f4c4651b3639b7eb548a20bac80d9f30f686312a3
74d560e4e6095f6054f8bf5c4c80608bb4057b436d1b2f68bef70423f5782b37
79072b7bdb8b7fc3dbb1c5958dc0c586d8d3f7c1cef439a679672beab6196afe
7db48314731b612123ecf61b9b435f24f4a9dd045724b3df76f9c985fd192da1
90b76fae643307fa7880dfd5d81d176ddf33d7b4459dda41704a73b688f2db66
947d703f577549cbb0b1a4143f3b363ec9c7cf309587d5b12b87f0e64ff99db4
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
b61291dfcdba53293cedcdc466d2ae0aa02fac9b5bd75597b2b92cefd254e471
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
c0eb7c5f11c1b86a4598d1c292c40706e017b4a1f7e3403078bd331ec3a4d8d2
c84b33ef039cfde382df32d6736dc00281d42d092dc9157cea29359f1a988a5c
cc4ed79586437da5670d6468a8371ddf4bb25921a02d2cbc69f120bc6715cec6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f037f98a71bb59b4aec4e4f54d3915489a84376c82d0c95e61c3e0cb60b61785
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1