cybsploit.com Open in urlscan Pro
2001:41d0:303:878a:: Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyW...
Submission: On May 12 via api (May 12th 2020, 11:48:24 am UTC) from US

Summary HTTP 60 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 13 domains to perform 60 HTTP transactions. The main IP is 2001:41d0:303:878a::, located in France and belongs to OVH, FR. The main domain is cybsploit.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 30th 2020. Valid for: 3 months.

This is the only time cybsploit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	2001:41d0:303... 2001:41d0:303:878a::	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	88.208.60.53 88.208.60.53	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
5	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:84e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	91.228.74.197 91.228.74.197	27281 (QUANTCAST) (QUANTCAST)
2	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1 2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
1	2600:9000:215... 2600:9000:2156:1200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
1	91.228.74.253 91.228.74.253	27281 (QUANTCAST) (QUANTCAST)
2 3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
60	17

32 2001:41d0:303:878a:: (France)

ASN16276 (OVH, FR)

cybsploit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.208.60.53 (Heemstede, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

ntvsw.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.197 (United Kingdom)

ASN27281 (QUANTCAST, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:1200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.253 (United Kingdom)

ASN27281 (QUANTCAST, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland) 2 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	cybsploit.com cybsploit.com	837 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	107 KB
5	gstatic.com fonts.gstatic.com	49 KB
3	facebook.com 2 redirects www.facebook.com	1023 B
3	twimg.com cdn.syndication.twimg.com pbs.twimg.com	29 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	facebook.net connect.facebook.net	117 KB
1	quantcount.com rules.quantcount.com	356 B
1	cloudflare.com cdnjs.cloudflare.com	4 KB
1	ntvsw.com ntvsw.com	2 KB
1	googleapis.com fonts.googleapis.com	2 KB
1	googletagmanager.com www.googletagmanager.com	30 KB
60	13

	Domain	Requested by
32	cybsploit.com	cybsploit.com
7	platform.twitter.com	cybsploit.com platform.twitter.com
5	fonts.gstatic.com	cybsploit.com
3	www.facebook.com	2 redirects connect.facebook.net
2	pbs.twimg.com	cybsploit.com
2	syndication.twitter.com	1 redirects cybsploit.com
2	www.google-analytics.com	www.googletagmanager.com cybsploit.com
2	connect.facebook.net	cybsploit.com connect.facebook.net
1	pixel.quantserve.com	cybsploit.com
1	rules.quantcount.com	secure.quantserve.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	secure.quantserve.com	cybsploit.com
1	cdnjs.cloudflare.com	cybsploit.com
1	ntvsw.com	cybsploit.com
1	fonts.googleapis.com	cybsploit.com
1	www.googletagmanager.com	cybsploit.com
60	16

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
instagram.com
pinterest.com
www.youtube.com
www.malwaretech.com
www.bitsight.com
facebook.com
www.linkedin.com
linkedin.com

Subject Issuer	Validity	Valid
cybsploit.com Let's Encrypt Authority X3	`2020-04-30` - `2020-07-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-04-15` - `2020-07-14`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
ntvsw.com Let's Encrypt Authority X3	`2020-03-04` - `2020-06-02`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
Frame ID: 5005D4683A1387CD760D2F42E7388E81
Requests: 71 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.c63890edc4243ee77048d507b181eeec.html?origin=https%3A%2F%2Fcybsploit.com
Frame ID: E81ADBC98A37EB2349F8F6AAD7A3F638
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0
Frame ID: E65150D15757274223ADED7651517CCC
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: EEDAAA0DE74449F83371B38164D5A91A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

script /clipboard(?:-([\d.]+))?(?:\.min)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

60
Requests

100 %
HTTPS

75 %
IPv6

13
Domains

16
Subdomains

17
IPs

6
Countries

1205 kB
Transfer

2705 kB
Size

4
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/cybsploit/

Search URL Search Domain Scan URL

URL: https://twitter.com/cybsploit

Search URL Search Domain Scan URL

URL: https://instagram.com/cybsploit/

Search URL Search Domain Scan URL

URL: https://pinterest.com/cybsploit

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJte4xZFX3xg6TD6EYqFynA

Search URL Search Domain Scan URL

URL: https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
Title: MalwareTech

Search URL Search Domain Scan URL

URL: https://www.bitsight.com/
Title: BitSight

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?text=The+Bluekeep+Exploit+is+back+and+is+used+to+install+Cryptominer&url=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&title=The+Bluekeep+Exploit+is+back+and+is+used+to+install+Cryptominer&summary=The+Bluekeep+Exploit+is+back+and+is+used+to+install+Cryptominer&source=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&media=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&description=The+Bluekeep+Exploit+is+back+and+is+used+to+install+Cryptominer

Search URL Search Domain Scan URL

URL: https://facebook.com/neoslab

Search URL Search Domain Scan URL

URL: https://twitter.com/neoslabSec

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/neoslab

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 70

https://www.facebook.com/v5.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0 HTTP 302
https://www.facebook.com/plugins/comments.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0 HTTP 302
https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0

Request Chain 72

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

60 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09 Show response
cybsploit.com/2019/11/06/ 108 KB
28 KB 195ms
135ms Document
text/html 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PHP/7.4.5 PleskLin

Resource Hash

673aea29ce8d0ef37974f05dc6b5ab1d2e9b4e3923ab0de6d5c1c28b3d8fd171

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

:method: GET
:authority: cybsploit.com
:scheme: https
:path: /2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
server: nginx
date: Tue, 12 May 2020 11:48:07 GMT
content-type: text/html; charset=UTF-8
content-length: 28257
x-powered-by: PHP/7.4.5 PleskLin
vary: Accept-Encoding
x-mod-pagespeed: 1.13.35.2-0
content-encoding: gzip
cache-control: max-age=0, no-cache
strict-transport-security: max-age=15768000; includeSubDomains

GET
H2 200 vendor.min.css+prism.min.css.pagespeed.cc.qSD-26et3o.css
cybsploit.com/themes/createx/assets/styles/ 56 KB
13 KB 18ms
17ms Stylesheet
text/css 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/styles/vendor.min.css+prism.min.css.pagespeed.cc.qSD-26et3o.css

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

be1c59f9c49bdd1d0d7c696bd64f6198776b41c99d3ec5a088bfcd553266c405

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
etag: W/"0"
x-original-content-length: 57716
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:44:41 GMT
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 12874
expires: Wed, 12 May 2021 11:44:41 GMT

GET
H2 200 theme.min.css
cybsploit.com/themes/createx/assets/styles/ 369 KB
58 KB 19ms
18ms Stylesheet
text/css 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/styles/theme.min.css

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

72e09cf55b5a0071388cc2314f7087aed2d00456317b289bff8a9eac943c68ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-original-content-length: 377786
x-powered-by: PleskLin
status: 200
vary: Accept-Encoding
content-length: 59391
last-modified: Thu, 30 Apr 2020 16:12:54 GMT
server: nginx
etag: "5c3ba-5a484564cc373"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/css
cache-control: max-age=300, s-maxage=10
accept-ranges: bytes
expires: Tue, 12 May 2020 11:49:28 GMT

GET
H2 200 A.custom.min.css.pagespeed.cf.fc3VT9rZw3.css
cybsploit.com/themes/createx/assets/styles/ 13 KB
3 KB 19ms
18ms Stylesheet
text/css 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/styles/A.custom.min.css.pagespeed.cf.fc3VT9rZw3.css

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

c90d5643bfa07b83d7fd12dc55fb9b7a32ae8131e7b048c0dc149f0e81e2f358

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
etag: W/"0"
x-original-content-length: 12908
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:44:42 GMT
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 2277
expires: Wed, 12 May 2021 11:44:42 GMT

GET
H2 200 modernizr.min.js.pagespeed.jm.tEePkauata.js Show response
cybsploit.com/themes/createx/assets/javascripts/ 8 KB
3 KB 31ms
30ms Script
application/javascript 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/javascripts/modernizr.min.js.pagespeed.jm.tEePkauata.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

5b8e70ffdb90d68343c43bb6b46ea84912f4ccb6362d040fd1cc77fd51820022

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
etag: W/"0"
x-original-content-length: 8155
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:44:41 GMT
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 3211
expires: Wed, 12 May 2021 11:44:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 81 KB
30 KB 44ms
27ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-163766979-1

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8edf291b0661748f31bb89e65698e83823e25dd30662044d102aa6cb8e689331

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30433
x-xss-protection: 0
last-modified: Tue, 12 May 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 May 2020 11:48:07 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 23ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6d79cc618e583071ee74b711fb6682d4d3e29cf3d5b28ad7f3e03a8f194d925d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
Origin: https://cybsploit.com

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Jm1X72XR6OnGYglAwCzfRA==
status: 200
content-length: 1781
etag: "b9604e69843a1600ef65b6fc6339b636"
x-fb-debug: QBY78p2sQujuJPqsAGdRqKNZPguon1greZXI4E0qpkJp0F4+M/kbz013TXVHeUJWnh6QHknb/21SwUSVzxDNPQ==
x-fb-trip-id: 664085054
x-fb-content-md5: f8b1da4a04fb167f0dbabc6598aba23f
x-frame-options: DENY
date: Tue, 12 May 2020 11:48:07 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 May 2020 11:54:22 GMT

GET
H2 200 x5afb15034ccc33d4750897090b47a57e-120x120.jpg.pagespeed.ic.lYnFl7rPZc.webp
cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-2/images/ 4 KB
4 KB 32ms
26ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-2/images/x5afb15034ccc33d4750897090b47a57e-120x120.jpg.pagespeed.ic.lYnFl7rPZc.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

e8163e2425b1a97490bcef6b92722f8e59cf0a3c41cc0e6bde1d6c9cbf35b005

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 22165
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:40:59 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-2/images/5afb15034ccc33d4750897090b47a57e-120x120.jpg>; rel="canonical"
content-length: 3860
expires: Wed, 12 May 2021 06:40:59 GMT

GET
H2 200 xbcc450b81865a427047ecec5f9e07c42-120x120.jpg.pagespeed.ic.S1bHC6n4xp.webp
cybsploit.com/content/posts/how-to-generate-a-payload-for-metasploit/images/ 2 KB
2 KB 33ms
27ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/how-to-generate-a-payload-for-metasploit/images/xbcc450b81865a427047ecec5f9e07c42-120x120.jpg.pagespeed.ic.S1bHC6n4xp.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

93bf58f7bf9d9d3c18d21d06d3a5e29e6833f4d09889ed5cc723d1c6c6f4e815

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 10735
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:00 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/how-to-generate-a-payload-for-metasploit/images/bcc450b81865a427047ecec5f9e07c42-120x120.jpg>; rel="canonical"
content-length: 2066
expires: Wed, 12 May 2021 06:41:00 GMT

GET
H2 200 x2cb2bc094e383b81bc08ed6d1bfaeae5-120x120.jpg.pagespeed.ic.AKp9TrJVzr.webp
cybsploit.com/content/posts/getting-started-with-metasploit-for-ethical-hacking/images/ 2 KB
3 KB 32ms
26ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/getting-started-with-metasploit-for-ethical-hacking/images/x2cb2bc094e383b81bc08ed6d1bfaeae5-120x120.jpg.pagespeed.ic.AKp9TrJVzr.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

56151d44a86663c1d59d81efa11f2a993b6222010f680f22837cc3fa5ffa853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 10372
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:00 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/getting-started-with-metasploit-for-ethical-hacking/images/2cb2bc094e383b81bc08ed6d1bfaeae5-120x120.jpg>; rel="canonical"
content-length: 2544
expires: Wed, 12 May 2021 06:41:00 GMT

GET
H2 200 x8f927f9765083d67482a2632b6593671-120x120.jpg.pagespeed.ic.FT9HRVlnNX.webp
cybsploit.com/content/posts/evading-antivirus-with-encrypted-payloads-using-venom/images/ 5 KB
6 KB 31ms
25ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/evading-antivirus-with-encrypted-payloads-using-venom/images/x8f927f9765083d67482a2632b6593671-120x120.jpg.pagespeed.ic.FT9HRVlnNX.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

686915283c0bc582a76cef041da7a4773f83868679ebccce2ef41cb0b60415d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 20795
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:00 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/evading-antivirus-with-encrypted-payloads-using-venom/images/8f927f9765083d67482a2632b6593671-120x120.jpg>; rel="canonical"
content-length: 5338
expires: Wed, 12 May 2021 06:41:00 GMT

GET
H2 200 xf1329158619e5cc13f0572910fdbcc47-1920x1080.jpg.pagespeed.ic._aA2e_HuNo.webp
cybsploit.com/content/posts/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer/images/ 51 KB
51 KB 28ms
23ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer/images/xf1329158619e5cc13f0572910fdbcc47-1920x1080.jpg.pagespeed.ic._aA2e_HuNo.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

3e2c05ff9dafbf47c6c4a59491cd1371d9cdc287b83c180b76695da6e47db1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 124281
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:21:02 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer/images/f1329158619e5cc13f0572910fdbcc47-1920x1080.jpg>; rel="canonical"
content-length: 51946
expires: Wed, 12 May 2021 11:21:02 GMT

GET
H2 200 xthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-1.png.pagespeed.ic.8SYRfBpP8f.webp
cybsploit.com/uploads/posts/2019/11/ 36 KB
36 KB 29ms
24ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/uploads/posts/2019/11/xthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-1.png.pagespeed.ic.8SYRfBpP8f.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

b488757dc9686c43718fb64aa22f830fb0cc56f5981f3011d5b07a05c3bf40fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 85030
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:21:02 GMT
accept-ranges: bytes
link: <https://cybsploit.com/uploads/posts/2019/11/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-1.png>; rel="canonical"
content-length: 36904
expires: Wed, 12 May 2021 11:21:02 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 33ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40E7) /
Resource Hash: f4eeb4ceea453fd7c1e54e6990325e6f6659219ba99debdf1d0fe69a14e6851d

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 May 2020 11:48:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Apr 2020 21:45:57 GMT
Server: ECS (fcn/40E7)
Age: 1063
Etag: "1f8f0f4b5562e951d241e51fb1f76e2e+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 29152

GET
H2 200 x3836a6f61f6c003639f337ba21617413-170x170.png.pagespeed.ic.zeFZlEyYcM.webp
cybsploit.com/uploads/users/avatars/ 11 KB
12 KB 29ms
24ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/uploads/users/avatars/x3836a6f61f6c003639f337ba21617413-170x170.png.pagespeed.ic.zeFZlEyYcM.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

d6dc5e69198d4492f6b9fe751e5298fa08f2e81b10d0f2d442f4d946e4cb5d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 26424
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:01 GMT
accept-ranges: bytes
link: <https://cybsploit.com/uploads/users/avatars/3836a6f61f6c003639f337ba21617413-170x170.png>; rel="canonical"
content-length: 11520
expires: Wed, 12 May 2021 06:41:01 GMT

GET
H2 200 x8204ffd4d6c269bdd50fc27dfad0ae49-88x88.jpg.pagespeed.ic.ehE4NCDQto.webp
cybsploit.com/content/posts/nemty-ransomware-expands-its-reach-and-delivering-method/images/ 3 KB
3 KB 32ms
27ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/nemty-ransomware-expands-its-reach-and-delivering-method/images/x8204ffd4d6c269bdd50fc27dfad0ae49-88x88.jpg.pagespeed.ic.ehE4NCDQto.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

7bfbec3939d6a5c1773c3f067f6074bf1d163dccf0bb02088bfd28f4d503c62b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 13804
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:21:02 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/nemty-ransomware-expands-its-reach-and-delivering-method/images/8204ffd4d6c269bdd50fc27dfad0ae49-88x88.jpg>; rel="canonical"
content-length: 2852
expires: Wed, 12 May 2021 11:21:02 GMT

GET
H2 200 x9a5efd4a0f62a20a7fc19f47f62543ba-88x88.jpg.pagespeed.ic.NWElcft6kV.webp
cybsploit.com/content/posts/megacortex-ransomware-is-now-able-to-change-windows-password/images/ 2 KB
2 KB 32ms
28ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/megacortex-ransomware-is-now-able-to-change-windows-password/images/x9a5efd4a0f62a20a7fc19f47f62543ba-88x88.jpg.pagespeed.ic.NWElcft6kV.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

369006ed0e7c32eb2062c7d5b2c66dcac6624596a9e6393cff52a419ba0a4338

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 10022
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:21:02 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/megacortex-ransomware-is-now-able-to-change-windows-password/images/9a5efd4a0f62a20a7fc19f47f62543ba-88x88.jpg>; rel="canonical"
content-length: 1762
expires: Wed, 12 May 2021 11:21:02 GMT

GET
H2 200 x04ada2d85a9a455342bf0c3ae8b21bb4-120x120.jpg.pagespeed.ic.miq-WViraW.webp
cybsploit.com/content/posts/how-to-route-all-traffic-through-tor-network-on-arch-linux/images/ 4 KB
4 KB 34ms
30ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/how-to-route-all-traffic-through-tor-network-on-arch-linux/images/x04ada2d85a9a455342bf0c3ae8b21bb4-120x120.jpg.pagespeed.ic.miq-WViraW.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

7f3341f941894981ec7ea69a0e4695087d216ee7dc61db05ee620f93c06bce55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 21294
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:00 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/how-to-route-all-traffic-through-tor-network-on-arch-linux/images/04ada2d85a9a455342bf0c3ae8b21bb4-120x120.jpg>; rel="canonical"
content-length: 3748
expires: Wed, 12 May 2021 06:41:00 GMT

GET
H2 200 x5b3f4caef7294c7e9ec6bf45d0ad8e87-580x360.jpg.pagespeed.ic.c7bUCjGypv.webp
cybsploit.com/content/posts/two-zero-day-flaws-in-ios-mail-threaten-billions-of-iphone-and-ipad/images/ 9 KB
9 KB 36ms
31ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/two-zero-day-flaws-in-ios-mail-threaten-billions-of-iphone-and-ipad/images/x5b3f4caef7294c7e9ec6bf45d0ad8e87-580x360.jpg.pagespeed.ic.c7bUCjGypv.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

db81b788135822333f93497d791e5fcd425b8b8ab4941ba7cba184faaafd76b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 30225
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:39:49 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/two-zero-day-flaws-in-ios-mail-threaten-billions-of-iphone-and-ipad/images/5b3f4caef7294c7e9ec6bf45d0ad8e87-580x360.jpg>; rel="canonical"
content-length: 8736
expires: Wed, 12 May 2021 06:39:49 GMT

GET
H2 200 x623ac474742279d6cfde9048c4166abd-580x360.jpg.pagespeed.ic.DP5xZHDPlD.webp
cybsploit.com/content/posts/security-breach-exposed-clearview-ai-source-code-and-app-data/images/ 43 KB
43 KB 38ms
34ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/security-breach-exposed-clearview-ai-source-code-and-app-data/images/x623ac474742279d6cfde9048c4166abd-580x360.jpg.pagespeed.ic.DP5xZHDPlD.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

b6b18251edb3fed5cdd7514033b8dee9e7e4b12d343a91ac3616221472e52b45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 112123
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/security-breach-exposed-clearview-ai-source-code-and-app-data/images/623ac474742279d6cfde9048c4166abd-580x360.jpg>; rel="canonical"
content-length: 43616
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 x98d40f6548423815df35daab2925d365-580x360.jpg.pagespeed.ic.qj0WwBvvCe.webp
cybsploit.com/content/posts/google-blocks-18-million-covid-19-scams-on-gmail-every-day/images/ 20 KB
20 KB 35ms
31ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/google-blocks-18-million-covid-19-scams-on-gmail-every-day/images/x98d40f6548423815df35daab2925d365-580x360.jpg.pagespeed.ic.qj0WwBvvCe.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

eda8242b067cad6b849e219bf2368ee89eee4d24642dd41a4ba118cab1e9c081

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 58984
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/google-blocks-18-million-covid-19-scams-on-gmail-every-day/images/98d40f6548423815df35daab2925d365-580x360.jpg>; rel="canonical"
content-length: 20438
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 x21301488d1528d66211d9f24a88ba783-580x360.jpg.pagespeed.ic.BOamq4YYwX.webp
cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-3/images/ 9 KB
9 KB 34ms
30ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-3/images/x21301488d1528d66211d9f24a88ba783-580x360.jpg.pagespeed.ic.BOamq4YYwX.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

debc0a2860c393e0628edc66cb681afddd4dff2d8a3a603072535621974e580e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 43716
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-3/images/21301488d1528d66211d9f24a88ba783-580x360.jpg>; rel="canonical"
content-length: 9268
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 x5afb15034ccc33d4750897090b47a57e-580x360.jpg.pagespeed.ic.JhSpcOhJ9x.webp
cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-2/images/ 24 KB
25 KB 39ms
35ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-2/images/x5afb15034ccc33d4750897090b47a57e-580x360.jpg.pagespeed.ic.JhSpcOhJ9x.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

3cf310023688319b23eb595380cda249e62b4bef7fa8e612414138ee49b2f648

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 69751
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-2/images/5afb15034ccc33d4750897090b47a57e-580x360.jpg>; rel="canonical"
content-length: 24892
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 x12089bda5ec9cb38858eb2184ceaa179-580x360.jpg.pagespeed.ic.rX9HopHkak.webp
cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-1/images/ 14 KB
14 KB 39ms
36ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-1/images/x12089bda5ec9cb38858eb2184ceaa179-580x360.jpg.pagespeed.ic.rX9HopHkak.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

9dd98d340bb1150000d643887f8231d2bcbad2b8898334d320cbb0ec144ab82f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 59543
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-1/images/12089bda5ec9cb38858eb2184ceaa179-580x360.jpg>; rel="canonical"
content-length: 14148
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 x04ada2d85a9a455342bf0c3ae8b21bb4-580x360.jpg.pagespeed.ic.aRp1vEFwAA.webp
cybsploit.com/content/posts/how-to-route-all-traffic-through-tor-network-on-arch-linux/images/ 28 KB
28 KB 40ms
37ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/how-to-route-all-traffic-through-tor-network-on-arch-linux/images/x04ada2d85a9a455342bf0c3ae8b21bb4-580x360.jpg.pagespeed.ic.aRp1vEFwAA.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

bcabba0133661c200f448407d3cf8a0535cb4cc9f1bdbe949d08c3e082c05500

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 77292
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 07:07:23 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/how-to-route-all-traffic-through-tor-network-on-arch-linux/images/04ada2d85a9a455342bf0c3ae8b21bb4-580x360.jpg>; rel="canonical"
content-length: 28268
expires: Wed, 12 May 2021 07:07:23 GMT

GET
H2 200 xa93ad8f286c0976dfed18991a2d409bd-580x360.jpg.pagespeed.ic.ZauaJnz1dE.webp
cybsploit.com/content/posts/how-to-install-metasploit-5-and-armitage-on-arch-linux/images/ 52 KB
53 KB 41ms
37ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/content/posts/how-to-install-metasploit-5-and-armitage-on-arch-linux/images/xa93ad8f286c0976dfed18991a2d409bd-580x360.jpg.pagespeed.ic.ZauaJnz1dE.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

6c8a45361ee8456adecdec46ff1e2276d4104cbbed25ae62a151b4cce9968138

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 124591
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/content/posts/how-to-install-metasploit-5-and-armitage-on-arch-linux/images/a93ad8f286c0976dfed18991a2d409bd-580x360.jpg>; rel="canonical"
content-length: 53700
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 xlogo-light.png.pagespeed.ic.ce5NqxQlNK.webp
cybsploit.com/uploads/logos/ 4 KB
5 KB 43ms
39ms Image
image/webp 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/uploads/logos/xlogo-light.png.pagespeed.ic.ce5NqxQlNK.webp

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

4ae38612f053d9ddd9251a569997237d7a04d1f378f4237e5bf9ebc56fc8feed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: W/"0"
x-original-content-length: 16927
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/webp
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 06:41:04 GMT
accept-ranges: bytes
link: <https://cybsploit.com/uploads/logos/logo-light.png>; rel="canonical"
content-length: 4564
expires: Wed, 12 May 2021 06:41:04 GMT

GET
H2 200 vendor.min.js.pagespeed.jm.m_VRjnTxbz.js Show response
cybsploit.com/themes/createx/assets/javascripts/ 370 KB
111 KB 22ms
21ms Script
application/javascript 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/javascripts/vendor.min.js.pagespeed.jm.m_VRjnTxbz.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

f5a4aef35f81e29a50cfe9e06e4829f653734189b282f0582b28d1a58dc35b74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
etag: W/"0"
x-original-content-length: 378712
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:44:42 GMT
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 113187
expires: Wed, 12 May 2021 11:44:42 GMT

GET
H2 200 theme.min.js.pagespeed.jm.qYp5r6qsVF.js Show response
cybsploit.com/themes/createx/assets/javascripts/ 10 KB
3 KB 35ms
35ms Script
application/javascript 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/javascripts/theme.min.js.pagespeed.jm.qYp5r6qsVF.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

bc36f789869d7779582f0a3a4df4df9ab974c4a007bca1f1cd6a8b699474f9b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
etag: W/"0"
x-original-content-length: 10089
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
last-modified: Tue, 12 May 2020 11:44:42 GMT
strict-transport-security: max-age=15768000; includeSubDomains
accept-ranges: bytes
content-length: 2844
expires: Wed, 12 May 2021 11:44:42 GMT

GET
H2 200 prism.min.js Show response
cybsploit.com/themes/createx/assets/javascripts/ 387 KB
144 KB 22ms
22ms Script
application/javascript 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/javascripts/prism.min.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

18dcaa7163c939c4435e057083e946c1845b8af50aad2f0cded62379d3339335

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-original-content-length: 396713
x-powered-by: PleskLin
status: 200
vary: Accept-Encoding
content-length: 146938
last-modified: Thu, 30 Apr 2020 16:13:10 GMT
server: nginx
etag: "60da9-5a4845749423b"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: application/javascript
cache-control: max-age=300, s-maxage=10
accept-ranges: bytes
expires: Tue, 12 May 2020 11:49:28 GMT

GET
H2 200 quantcast.min.js Show response
cybsploit.com/themes/createx/assets/javascripts/ 341 B
608 B 25ms
24ms Script
application/javascript 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/javascripts/quantcast.min.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

761830cc4fb692ce5a68394a544d139937c456937876ff41295da14572d0e8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-original-content-length: 341
x-powered-by: PleskLin
status: 200
vary: Accept-Encoding
content-length: 258
last-modified: Thu, 30 Apr 2020 16:13:06 GMT
server: nginx
etag: "155-5a4845704d719"
strict-transport-security: max-age=15768000; includeSubDomains
content-type: application/javascript
cache-control: max-age=300, s-maxage=10
accept-ranges: bytes
expires: Tue, 12 May 2020 11:49:28 GMT

GET
H2 200 css
fonts.googleapis.com/ 18 KB
2 KB 43ms
31ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto:400,700|Roboto+Condensed:400,700&display=swap

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5731a775af2d873525240253cc70e5bf97a2fb2cb22457597c14cf352ed946b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 May 2020 11:48:07 GMT
server: ESF
date: Tue, 12 May 2020 11:48:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 May 2020 11:48:07 GMT

GET
H2 200 native.js Show response
ntvsw.com/code/ 5 KB
2 KB 103ms
41ms Script
application/javascript 88.208.60.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ntvsw.com/code/native.js?h=waWQiOjEwMTE1MDYsInNpZCI6MTA0NzExMiwid2lkIjo4NjIwNywic3JjIjoyfQ==eyJ
Requested by: Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.208.60.53 Heemstede, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.3 /
Resource Hash: 2e25e9a9958458db0d4975d7e063ac9d52636adeab82e1c02754646dac7d6d2e

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
content-encoding: gzip
server: nginx/1.17.3
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://cybsploit.com
x-zone: eu4

GET
H2 200 feather.woff
cybsploit.com/themes/createx/assets/fonts/ 68 KB
68 KB 42ms
40ms Font
application/font-woff 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/fonts/feather.woff

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

6758d48c645ef6740d2d7d5c582a4d7aaa5c95f0edd78b8c31a412a356094f08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cybsploit.com/themes/createx/assets/styles/vendor.min.css+prism.min.css.pagespeed.cc.qSD-26et3o.css
Origin: https://cybsploit.com

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: "5eaaf90b-10ed0"
last-modified: Thu, 30 Apr 2020 16:12:59 GMT
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: application/font-woff
status: 200
cache-control: s-maxage=10
accept-ranges: bytes
content-length: 69328

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 20ms
8ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto:400,700|Roboto+Condensed:400,700&display=swap
Origin: https://cybsploit.com

Response headers

date: Fri, 17 Apr 2020 00:29:51 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 2200696
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Sat, 17 Apr 2021 00:29:51 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 18ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto:400,700|Roboto+Condensed:400,700&display=swap
Origin: https://cybsploit.com

Response headers

date: Fri, 10 Apr 2020 06:12:35 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: sffe
age: 2784932
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Sat, 10 Apr 2021 06:12:35 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 18ms
7ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto:400,700|Roboto+Condensed:400,700&display=swap
Origin: https://cybsploit.com

Response headers

date: Fri, 10 Apr 2020 08:39:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:44 GMT
server: sffe
age: 2776095
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Sat, 10 Apr 2021 08:39:52 GMT

GET
H2 200 socicon.woff
cybsploit.com/themes/createx/assets/fonts/ 27 KB
27 KB 39ms
39ms Font
application/font-woff 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/themes/createx/assets/fonts/socicon.woff

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

ba1f7e981899d762e928b8a6be41cde150b385d9716b8b3cc70e42c37bdc3e4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cybsploit.com/themes/createx/assets/styles/vendor.min.css+prism.min.css.pagespeed.cc.qSD-26et3o.css
Origin: https://cybsploit.com

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
etag: "5eaaf90d-6a18"
last-modified: Thu, 30 Apr 2020 16:13:01 GMT
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: application/font-woff
status: 200
cache-control: s-maxage=10
accept-ranges: bytes
content-length: 27160

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto:400,700|Roboto+Condensed:400,700&display=swap
Origin: https://cybsploit.com

Response headers

date: Wed, 06 May 2020 00:50:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 557870
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Thu, 06 May 2021 00:50:17 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 530d3ff142436601d9213b61fde0a603ba45e5afa96634a3535ff82d2fccfc9d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2081b80a5867d4c17e40f726f380dd341d4352939b2105c94a47bcc4187893b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eaa481b3e8f1be07f0b9c90f7e9235c96c373a0a5b3a2411cc67da49ba282642

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 812 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da3aba02ff48e5da8eaf94919e03afdcb028c948c14e94eeceae93cde7925a9b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYb9lecyU.woff2
fonts.gstatic.com/s/robotocondensed/v18/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v18/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYb9lecyU.woff2

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87b60a7315307d1b3c3230eff607b52bbf3d56a452aa68eb5bf50ede73bc517b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700|Roboto:400,700|Roboto+Condensed:400,700&display=swap
Origin: https://cybsploit.com

Response headers

date: Fri, 10 Apr 2020 02:52:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:17 GMT
server: sffe
age: 2796913
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10996
x-xss-protection: 0
expires: Sat, 10 Apr 2021 02:52:54 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d5b92ef4eae7d97ceff3f2b82f8ee0102c7ca24e9c38de4d3413ec97c3eff94

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 3836a6f61f6c003639f337ba21617413.jpg
cybsploit.com/uploads/users/covers/ 48 KB
49 KB 22ms
22ms Image
image/jpeg 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybsploit.com/uploads/users/covers/3836a6f61f6c003639f337ba21617413.jpg

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

12b3de1bd4e15a47fd17eb8342d4420587b6e40cdfeeb97ad9fbc87d9236209f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 16:08:23 GMT
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains
content-type: image/jpeg
status: 200
cache-control: max-age=300, s-maxage=10
accept-ranges: bytes
content-length: 49474
etag: "c142-5a4844625b728"
expires: Tue, 12 May 2020 11:52:27 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c972f1d21c8fe8e9c079da22e482193d7389b1ae00d4e3ab13f89e1b862c033

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 970 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca81f106003c068d1677491149477d9b9845215eda925e0925119a2e1bc1b35a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 862 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 832b340072ad03c4a2b3de0136a7dcb11693532f5fb963898689b9e9924b98d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 395 KB
115 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=e1cd07341c41341e849fe845508e27ac&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2f7f9cd3ef91d6af619a95f1a58fab8961200333bea69bf5c652b99d7ef1ca26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
Origin: https://cybsploit.com

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: hI1nWTUYCX9hvjt6mJuftQ==
status: 200
content-length: 117370
etag: "7a3797e3c85651bde0ea697b6690ef94"
x-fb-debug: s/tyVqNNxZMPKFKwuSpmBEepGLPgdjOQmRCTUCXPzrrs6pd4bWXaFCxmI2ItL3kctP1kslWMVsMnoxgeM73Iiw==
x-fb-trip-id: 664085054
x-fb-content-md5: 01bd50419fd934ed6b815babab32110b
x-frame-options: DENY
date: Tue, 12 May 2020 11:48:07 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Wed, 12 May 2021 11:34:23 GMT

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/ 10 KB
4 KB 31ms
16ms Script
application/javascript 2606:4700::6810:84e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.0/clipboard.min.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/themes/createx/assets/javascripts/prism.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 16697490
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 02aa4fc0dc00001752ec340200000001
served-in-seconds: 0.000
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:18:30 GMT
server: cloudflare
etag: W/"5afd48e6-29a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5923e8ae290f1752-FRA
expires: Sun, 02 May 2021 11:48:08 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 21 KB
8 KB 114ms
30ms Script
application/x-javascript 91.228.74.197
QUANTCAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.quantserve.com/quant.js

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/themes/createx/assets/javascripts/quantcast.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.197 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 May 2020 11:48:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12-May-2020 11:48:08 GMT
Server: QS
Etag: M0-004a9efe
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Strict-Transport-Security: max-age=86400
Content-Length: 8025
Expires: Tue, 19 May 2020 11:48:08 GMT

GET
H/1.1 200
OK widget_iframe.c63890edc4243ee77048d507b181eeec.html
platform.twitter.com/widgets/ Frame E81A 0
0 7ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.c63890edc4243ee77048d507b181eeec.html?origin=https%3A%2F%2Fcybsploit.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41A7) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1260000
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 12 May 2020 11:48:08 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Mon, 27 Apr 2020 21:32:31 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41A7)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5825

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-163766979-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 3109
date: Tue, 12 May 2020 10:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Tue, 12 May 2020 12:56:19 GMT

GET
H/1.1 200
OK moment~timeline~tweet.99ce5e0e4617985354c5c426d7e1b9f4.js Show response
platform.twitter.com/js/ 24 KB
8 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.99ce5e0e4617985354c5c426d7e1b9f4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40B6) /
Resource Hash: f13585ddb86f9ec0432f36eae40bcaabe3aad166eff8424b27082c2b8174a3a2

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 May 2020 11:48:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Apr 2020 21:32:19 GMT
Server: ECS (fcn/40B6)
Age: 1260001
Etag: "e137faa829d69782b030b8ae591989d1+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7864

GET
H/1.1 200
OK tweet.9aa9eda3c163ec539c16aef0d822d807.js Show response
platform.twitter.com/js/ 16 KB
6 KB 13ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/tweet.9aa9eda3c163ec539c16aef0d822d807.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/419E) /
Resource Hash: f42a719c42729853609255c0f4e029aa6ae44a9a9925743394343a8a0265a110

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 May 2020 11:48:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Apr 2020 21:32:19 GMT
Server: ECS (fcn/419E)
Age: 1260001
Etag: "f87f962919a6220b09193a0007706785+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 5434

GET
H2 200 syndication
syndication.twitter.com/i/jot/ 43 B
338 B 135ms
134ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1589284088146%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 110
pragma: no-cache
last-modified: Tue, 12 May 2020 11:48:08 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 529800f5931f82933070d8cd61b1341f
x-transaction: 00b536880081f7fc
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 tweets.json Show response
cdn.syndication.twimg.com/ 9 KB
3 KB 181ms
160ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweets.json?callback=__twttr.callbacks.cb0&ids=1190730471321112577&lang=en&suppress_response_codes=true&theme=light&tz=GMT%2B0200

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

4b5d6cd755789bf335d9fd12bf33fe7154d25ea9994981fdd0f56cd2542dd174

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
content-length: 2281
x-xss-protection: 0
x-response-time: 135
last-modified: Tue, 12 May 2020 11:48:08 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
access-control-allow-methods: GET
content-type: application/javascript;charset=utf-8
expires: Tue, 12 May 2020 11:49:08 GMT
cache-control: must-revalidate, max-age=60
x-connection-hash: 2d53b19a461c4719724f528eaa5a32d1
timing-allow-origin: *
x-transaction: 001114e1005d8f12
access-contol-allow-origin: platform.twitter.com

GET
H2 200 rules-p-5fd1tXupHa9ZB.js Show response
rules.quantcount.com/ 3 B
356 B 377ms
364ms Script
application/x-javascript 2600:9000:2156:1200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-5fd1tXupHa9ZB.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:1200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:46:21 GMT
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 109
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: raEeqYIF1PO7kQgq5uk8Rt7XxJrNc8IZ7MEhEF_FTKA-WaBEMV2ejQ==

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
199 B 14ms
14ms Image
image/gif 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=783993597&t=pageview&_s=1&dl=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&ul=en-us&de=UTF-8&dt=The%20Bluekeep%20Exploit%20is%20back%20and%20is%20used%20to%20install%20Cryptominer%20%7C%20CybSploit&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1934220339&gjid=923545814&cid=429002436.1589284088&tid=UA-163766979-1&_gid=1234073379.1589284088&_r=1&gtm=2ou4t0&z=487760123

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 May 2020 11:48:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
platform.twitter.com/css/ 52 KB
12 KB 7ms
6ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41AE) /
Resource Hash: ca4627707c434a5db3dca160e8883c09864ddb7ab4b28af47dd302d47062fef6

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 May 2020 11:48:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Apr 2020 21:32:15 GMT
Server: ECS (fcn/41AE)
Age: 1260001
Etag: "1668dde994ebdac8e42a2bdbba968e61+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 11585

GET
H/1.1 200
OK tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
platform.twitter.com/css/ 52 KB
52 KB 9ms
9ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/tweet.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41AE) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 May 2020 11:48:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Apr 2020 21:32:15 GMT
Server: ECS (fcn/41AE)
Age: 1260001
Etag: "1668dde994ebdac8e42a2bdbba968e61+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 11585

GET
H2 200 pWd2o5Hz_normal.jpg
pbs.twimg.com/profile_images/1210830289041100800/ 2 KB
2 KB 27ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1210830289041100800/pWd2o5Hz_normal.jpg

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E3) /

Resource Hash

c2133035b7aaa4a0ee417bffd245dadb3d553795ab66f732d89134b368599bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:08 GMT
x-content-type-options: nosniff
age: 272346
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 121
surrogate-key: profile_images profile_images/bucket/2 profile_images/1210830289041100800
last-modified: Sat, 28 Dec 2019 07:48:11 GMT
server: ECS (fcn/40E3)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f24628644cf1a1dbc1972786f39be5be
accept-ranges: bytes

GET
H2 200 EIYOZRuXUAEIg1M
pbs.twimg.com/media/ 24 KB
24 KB 28ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EIYOZRuXUAEIg1M?format=jpg&name=small

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4195) /

Resource Hash

9b7c72b6adb58a4cf6b3faad030ccf716754bdafb1ee63d5f225b0f99fcfa4d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 May 2020 11:48:08 GMT
x-content-type-options: nosniff
age: 19622
x-cache: HIT
status: 200
content-length: 24371
x-response-time: 232
surrogate-key: media media/bucket/2 media/1190654978903461889
last-modified: Sat, 02 Nov 2019 15:38:42 GMT
server: ECS (fcn/4195)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 310fbc1d59286a28f4aae9873141bb9e
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49c2a3cf0f363bf387c06a35a4a4e6c7255799b3776bed55914862136d783028

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 600 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 323 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK pixel;r=1042631262;rf=0;a=p-5fd1tXupHa9ZB;url=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09;fpan=1;...
pixel.quantserve.com/ 35 B
658 B 116ms
29ms Image
image/gif 91.228.74.253
QUANTCAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1042631262;rf=0;a=p-5fd1tXupHa9ZB;url=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09;fpan=1;fpa=P0-19406279-1589284088533;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589284088533;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.The%20Bluekeep%20Exploit%20is%20back%20and%20is%20used%20to%20install%20Cryptominer%2Cdescription.Recently%20one%20Cyber-Security%20researcher%20discovered%20that%20the%20vulnerability%20BlueKee%2Curl.https%3A%2F%2Fcybsploit%252Ecom%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-ins%2Csite_name.CybSploit%2Cupdated_time.2019-11-06T00%3A59%3A59%2B00%3A00%2Cimage.https%3A%2F%2Fcybsploit%252Ecom%2Fcontent%2Fposts%2Fthe-bluekeep-exploit-is-back-and-is-used-to-%2Cimage%3Asecure_url.https%3A%2F%2Fcybsploit%252Ecom%2Fcontent%2Fposts%2Fthe-bluekeep-exploit-is-back-and-is-used-to-%2Cimage%3Awidth.1920%2Cimage%3Aheight.1080

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.253 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 May 2020 11:48:08 GMT
Server: QS
Strict-Transport-Security: max-age=86400
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

feedback.php
www.facebook.com/plugins/ Frame E651
Redirect Chain

https://www.facebook.com/v5.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26ori...
https://www.facebook.com/plugins/comments.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3D...
https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3D...

0
0

65ms
65ms

Document
text/html

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e1cd07341c41341e849fe845508e27ac&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: about:blank

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: text/html; charset="utf-8"
x-fb-debug: /9xfHe+b7G+LCMY+P8h1qPCWUjRweImjCgKRbxYZqQ2qR0y4e19P6nMZ9pRSPLP9IsNHRPB6vpFojD2cAajA7w==
date: Tue, 12 May 2020 11:48:08 GMT

Redirect headers

status: 302
location: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df3fc8bfadd37e7%26domain%3Dcybsploit.com%26origin%3Dhttps%253A%252F%252Fcybsploit.com%252Ff1a3b76e8eb15f8%26relation%3Dparent.parent&container_width=838&height=100&href=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09&locale=en_US&numposts=5&sdk=joey&version=v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: UBLvluP11/QbuO0D9OxSojaqrWsQda8aiogVEruuWJNkrMhV+Pt9LPTowX1nzzA28+PLtxdbrY0cJZpKbOcqfw==
content-length: 0
date: Tue, 12 May 2020 11:48:08 GMT

POST
H2 204 mod_pagespeed_beacon Show response
cybsploit.com/ 0
130 B 22ms
22ms XHR
text/plain 2001:41d0:303:878a::
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cybsploit.com/mod_pagespeed_beacon?url=https%3A%2F%2Fcybsploit.com%2F2019%2F11%2F06%2Fthe-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Requested by

Host: cybsploit.com
URL: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2001:41d0:303:878a:: , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://cybsploit.com/2019/11/06/the-bluekeep-exploit-is-back-and-is-used-to-install-cryptominer-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 204
date: Tue, 12 May 2020 11:48:08 GMT
cache-control: max-age=0, no-cache
server: nginx
x-powered-by: PleskLin
strict-transport-security: max-age=15768000; includeSubDomains

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame EEDA
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

12ms
7ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40D1) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://cybsploit.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1260001
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 12 May 2020 11:48:08 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Mon, 27 Apr 2020 21:45:55 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40D1)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Tue, 12 May 2020 11:48:08 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Tue, 12 May 2020 11:48:08 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 529800f5931f82933070d8cd61b1341f
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 118
x-transaction: 001625b700ae0d79
x-tsa-request-body-time: 1
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cybsploit.com/	1970-01-19 18:52:32	Name: __qca Value: P0-19406279-1589284088533
.cybsploit.com/	1970-01-19 09:28:04	Name: _gat_gtag_UA_163766979_1 Value: 1
.cybsploit.com/	1970-01-19 09:29:30	Name: _gid Value: GA1.2.1234073379.1589284088
.cybsploit.com/	1970-01-20 02:59:16	Name: _ga Value: GA1.2.429002436.1589284088

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.syndication.twimg.com
cdnjs.cloudflare.com
connect.facebook.net
cybsploit.com
fonts.googleapis.com
fonts.gstatic.com
ntvsw.com
pbs.twimg.com
pixel.quantserve.com
platform.twitter.com
rules.quantcount.com
secure.quantserve.com
syndication.twitter.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
104.244.42.8
2001:41d0:303:878a::
2600:9000:2156:1200:6:44e3:f8c0:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:84e5
2a00:1450:4001:800::2008
2a00:1450:4001:80b::200a
2a00:1450:4001:81d::200e
2a00:1450:4001:820::2003
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
88.208.60.53
91.228.74.197
91.228.74.253
0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
12b3de1bd4e15a47fd17eb8342d4420587b6e40cdfeeb97ad9fbc87d9236209f
18dcaa7163c939c4435e057083e946c1845b8af50aad2f0cded62379d3339335
2081b80a5867d4c17e40f726f380dd341d4352939b2105c94a47bcc4187893b8
2e25e9a9958458db0d4975d7e063ac9d52636adeab82e1c02754646dac7d6d2e
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
2f7f9cd3ef91d6af619a95f1a58fab8961200333bea69bf5c652b99d7ef1ca26
369006ed0e7c32eb2062c7d5b2c66dcac6624596a9e6393cff52a419ba0a4338
3cf310023688319b23eb595380cda249e62b4bef7fa8e612414138ee49b2f648
3e2c05ff9dafbf47c6c4a59491cd1371d9cdc287b83c180b76695da6e47db1e4
4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0
49c2a3cf0f363bf387c06a35a4a4e6c7255799b3776bed55914862136d783028
4ae38612f053d9ddd9251a569997237d7a04d1f378f4237e5bf9ebc56fc8feed
4b5d6cd755789bf335d9fd12bf33fe7154d25ea9994981fdd0f56cd2542dd174
530d3ff142436601d9213b61fde0a603ba45e5afa96634a3535ff82d2fccfc9d
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
56151d44a86663c1d59d81efa11f2a993b6222010f680f22837cc3fa5ffa853f
5731a775af2d873525240253cc70e5bf97a2fb2cb22457597c14cf352ed946b9
5b8e70ffdb90d68343c43bb6b46ea84912f4ccb6362d040fd1cc77fd51820022
673aea29ce8d0ef37974f05dc6b5ab1d2e9b4e3923ab0de6d5c1c28b3d8fd171
6758d48c645ef6740d2d7d5c582a4d7aaa5c95f0edd78b8c31a412a356094f08
686915283c0bc582a76cef041da7a4773f83868679ebccce2ef41cb0b60415d7
6c8a45361ee8456adecdec46ff1e2276d4104cbbed25ae62a151b4cce9968138
6c972f1d21c8fe8e9c079da22e482193d7389b1ae00d4e3ab13f89e1b862c033
6d79cc618e583071ee74b711fb6682d4d3e29cf3d5b28ad7f3e03a8f194d925d
72e09cf55b5a0071388cc2314f7087aed2d00456317b289bff8a9eac943c68ac
761830cc4fb692ce5a68394a544d139937c456937876ff41295da14572d0e8e7
7bfbec3939d6a5c1773c3f067f6074bf1d163dccf0bb02088bfd28f4d503c62b
7f3341f941894981ec7ea69a0e4695087d216ee7dc61db05ee620f93c06bce55
832b340072ad03c4a2b3de0136a7dcb11693532f5fb963898689b9e9924b98d2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87b60a7315307d1b3c3230eff607b52bbf3d56a452aa68eb5bf50ede73bc517b
8d5b92ef4eae7d97ceff3f2b82f8ee0102c7ca24e9c38de4d3413ec97c3eff94
8edf291b0661748f31bb89e65698e83823e25dd30662044d102aa6cb8e689331
93bf58f7bf9d9d3c18d21d06d3a5e29e6833f4d09889ed5cc723d1c6c6f4e815
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424
9b7c72b6adb58a4cf6b3faad030ccf716754bdafb1ee63d5f225b0f99fcfa4d4
9dd98d340bb1150000d643887f8231d2bcbad2b8898334d320cbb0ec144ab82f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b488757dc9686c43718fb64aa22f830fb0cc56f5981f3011d5b07a05c3bf40fe
b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0
b6b18251edb3fed5cdd7514033b8dee9e7e4b12d343a91ac3616221472e52b45
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
ba1f7e981899d762e928b8a6be41cde150b385d9716b8b3cc70e42c37bdc3e4c
bc36f789869d7779582f0a3a4df4df9ab974c4a007bca1f1cd6a8b699474f9b9
bcabba0133661c200f448407d3cf8a0535cb4cc9f1bdbe949d08c3e082c05500
be1c59f9c49bdd1d0d7c696bd64f6198776b41c99d3ec5a088bfcd553266c405
c2133035b7aaa4a0ee417bffd245dadb3d553795ab66f732d89134b368599bdc
c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4
c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0
c90d5643bfa07b83d7fd12dc55fb9b7a32ae8131e7b048c0dc149f0e81e2f358
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca4627707c434a5db3dca160e8883c09864ddb7ab4b28af47dd302d47062fef6
ca81f106003c068d1677491149477d9b9845215eda925e0925119a2e1bc1b35a
d6dc5e69198d4492f6b9fe751e5298fa08f2e81b10d0f2d442f4d946e4cb5d2f
da3aba02ff48e5da8eaf94919e03afdcb028c948c14e94eeceae93cde7925a9b
db81b788135822333f93497d791e5fcd425b8b8ab4941ba7cba184faaafd76b2
debc0a2860c393e0628edc66cb681afddd4dff2d8a3a603072535621974e580e
ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8163e2425b1a97490bcef6b92722f8e59cf0a3c41cc0e6bde1d6c9cbf35b005
eaa481b3e8f1be07f0b9c90f7e9235c96c373a0a5b3a2411cc67da49ba282642
eda8242b067cad6b849e219bf2368ee89eee4d24642dd41a4ba118cab1e9c081
f13585ddb86f9ec0432f36eae40bcaabe3aad166eff8424b27082c2b8174a3a2
f42a719c42729853609255c0f4e029aa6ae44a9a9925743394343a8a0265a110
f4eeb4ceea453fd7c1e54e6990325e6f6659219ba99debdf1d0fe69a14e6851d
f5a4aef35f81e29a50cfe9e06e4829f653734189b282f0582b28d1a58dc35b74

cybsploit.com Open in urlscan Pro 2001:41d0:303:878a:: Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

60 Requests

100 %HTTPS

75 %IPv6

13 Domains

16 Subdomains

17 IPs

6 Countries

1205 kBTransfer

2705 kBSize

4 Cookies

14 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cybsploit.com Open in urlscan Pro
2001:41d0:303:878a:: Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

100 %
HTTPS

75 %
IPv6

13
Domains

16
Subdomains

17
IPs

6
Countries

1205 kB
Transfer

2705 kB
Size

4
Cookies

60 HTTP transactions
14 data transactions