dfir.science Open in urlscan Pro
2606:4700:3037::6815:59ab Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Submission: On July 27 via manual (July 27th 2022, 7:25:26 pm UTC) from US — Scanned from DE

Summary HTTP 39 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 39 HTTP transactions. The main IP is 2606:4700:3037::6815:59ab, located in United States and belongs to CLOUDFLARENET, US. The main domain is dfir.science.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 6th 2022. Valid for: a year.

This is the only time dfir.science was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700:303... 2606:4700:3037::6815:59ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
3	51.38.185.25 51.38.185.25	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
1	96.16.131.108 96.16.131.108	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
7	13.32.121.28 13.32.121.28	16509 (AMAZON-02) (AMAZON-02)
1	96.16.159.175 96.16.159.175	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
39	11

13 2606:4700:3037::6815:59ab (United States)

ASN13335 (CLOUDFLARENET, US)

dfir.science	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.38.185.25 (France)

ASN16276 (OVH, FR)
PTR: vps-06119eaf.vps.ovh.net

microanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.131.108 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-131-108.deploy.static.akamaitechnologies.com

chimpstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.32.121.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-28.fra60.r.cloudfront.net

downloads.mailchimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.159.175 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-159-175.deploy.static.akamaitechnologies.com

mc.us5.list-manage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	dfir.science dfir.science	1 MB
7	mailchimp.com downloads.mailchimp.com — Cisco Umbrella Rank: 11276	156 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 668 syndication.twitter.com — Cisco Umbrella Rank: 871	150 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 424	178 KB
3	microanalytics.io microanalytics.io — Cisco Umbrella Rank: 911441	1 KB
2	gstatic.com fonts.gstatic.com	29 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 72	2 KB
1	list-manage.com mc.us5.list-manage.com — Cisco Umbrella Rank: 100024	2 KB
1	chimpstatic.com chimpstatic.com — Cisco Umbrella Rank: 4865	2 KB
39	9

	Domain	Requested by
13	dfir.science	dfir.science
7	downloads.mailchimp.com	chimpstatic.com downloads.mailchimp.com
4	platform.twitter.com	dfir.science platform.twitter.com
4	cdn.jsdelivr.net	dfir.science cdn.jsdelivr.net
3	microanalytics.io	dfir.science microanalytics.io
2	syndication.twitter.com	platform.twitter.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	dfir.science
1	mc.us5.list-manage.com	downloads.mailchimp.com
1	chimpstatic.com	dfir.science
39	10

This site contains links to these domains. Also see Links.

Domain
www.patreon.com
learn.dfir.science
unsplash.com
eepurl.com
www.youtube.com
twitter.com
github.com
linkedin.com
reddit.com
us5.list-manage.com
forms.gle
cellebrite.com
thebinaryhick.blog
www.mediafire.com
www.facebook.com
www.linkedin.com
infosec.exchange
instagram.com
jekyllrb.com
mademistakes.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-21` - `2023-04-22`	a year	crt.sh
microanalytics.io R3	`2022-06-15` - `2022-09-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
wildcardsan.us15.list-manage.com DigiCert SHA2 Secure Server CA	`2021-11-19` - `2022-11-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
downloads.mailchimp.com Amazon	`2022-07-06` - `2023-08-03`	a year	crt.sh
wildcardsan.list-manage.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-27` - `2023-06-29`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Frame ID: FD42D70E2CEDA6C8BA88C4D0D160EEF8
Requests: 31 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fdfir.science
Frame ID: D1B1C043F46FCF7791089F64F2F45632
Requests: 2 HTTP requests in this frame

Frame: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/common.css
Frame ID: 3006138535FB58F0E4CCB349AE5CEADA
Requests: 2 HTTP requests in this frame

Frame: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/common.css
Frame ID: 245ED3FEA4BC4295BCE8B291824DFAEC
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.dc05643fdb8d0e2b89e5cc3c1d26d1b5.en.html
Frame ID: F36302CB841743EB014DB878AFE5C59A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How to extract files from Cellebrite Reader UFDR for ALEAPP or iLEAPP - DFIRScience

Detected technologies

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

chimpstatic\.com/mcjs-connected

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

39
Requests

100 %
HTTPS

50 %
IPv6

9
Domains

10
Subdomains

11
IPs

3
Countries

1916 kB
Transfer

2676 kB
Size

3
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://www.patreon.com/bePatron?u=16239620

Search URL Search Domain Scan URL

URL: https://learn.dfir.science/
Title: Courses

Search URL Search Domain Scan URL

URL: https://unsplash.com/@rami_alzayat?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
Title: Rami Al-zayat

Search URL Search Domain Scan URL

URL: https://unsplash.com/s/photos/fast?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
Title: Unsplash

Search URL Search Domain Scan URL

URL: http://eepurl.com/hG9inj
Title: Newsletter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/DFIRScience?sub_confirmation=1
Title: Youtube

Search URL Search Domain Scan URL

URL: https://twitter.com/DFIRScience
Title: Twitter

Search URL Search Domain Scan URL

URL: https://github.com/DFIRScience
Title: GitHub

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/dfirscience
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://reddit.com/u/dfirscience
Title: Reddit

Search URL Search Domain Scan URL

URL: https://us5.list-manage.com/contact-form?u=3664f5bc2c4350bc7454f233d&form_id=42749486e45c8394701634ff776be7b8
Title: Email

Search URL Search Domain Scan URL

URL: https://www.patreon.com/dfirscience
Title: Support

Search URL Search Domain Scan URL

URL: https://forms.gle/nRDGNP2qeEVPPyPj6
Title: VOTE DFIR ScienceShow of the Year

Search URL Search Domain Scan URL

URL: https://cellebrite.com/en/learn-more-about-ufd-vs-ufdx-extraction-outputs/
Title: UFDX

Search URL Search Domain Scan URL

URL: https://thebinaryhick.blog/2021/12/17/android-12-image-now-available/
Title: Josh Hickman Android 12 image

Search URL Search Domain Scan URL

URL: https://www.mediafire.com/file/4s19ubpptbukd6b/Android_12_Cellebrite_Reader.zip/file
Title: Here

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?via=DFIRScience&text=How+to+extract+files+from+Cellebrite+Reader+UFDR+for+ALEAPP+or+iLEAPP%20https%3A%2F%2Fdfir.science%2F2022%2F02%2FHow-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fdfir.science%2F2022%2F02%2FHow-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fdfir.science%2F2022%2F02%2FHow-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@DFIRScience
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DFIRScience
Title: Facebook

Search URL Search Domain Scan URL

URL: https://instagram.com/DFIRScience
Title: Instagram

Search URL Search Domain Scan URL

URL: https://jekyllrb.com/
Title: Jekyll

Search URL Search Domain Scan URL

URL: https://mademistakes.com/work/minimal-mistakes-jekyll-theme/
Title: Minimal Mistakes

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP Show response
dfir.science/2022/02/ 26 KB
8 KB 505ms
393ms Document
text/html 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6e0ec9891fff60f39f603403f1a5a5f9411618af0c02fd3edadddfa177ec15e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 7317c2ab38d459c5-MXP
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=utf-8
date: Wed, 27 Jul 2022 19:25:20 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Wed, 27 Jul 2022 19:31:49 GMT
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'
last-modified: Sun, 24 Jul 2022 21:37:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ANWCeoN0E9ORCeTgdI43jttmFGgu9Re8WjHZHE1LQeSpMzcla%2FiN9i3svHSK4OfSrbJNQ5EhZO12kR20tFIIfbQO4UogNZC7rIItxC2VC7Z6QbEnpUVSMzW2pl5lkbl2ir70Fbu%2B2arxQRY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-github-request-id: 615A:6B9C:1E8194:3134FE:62E19120
x-proxy-cache: HIT
x-xss-protection: 1; mode=block

GET
H2 200 main.css
dfir.science/assets/css/ 62 KB
14 KB 399ms
398ms Stylesheet
text/css 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/css/main.css

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2517951614051871e877d1b291a3b744316e2361c6682609f7615e8a316fa3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=63642
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 24 Jul 2022 21:37:07 GMT
server: cloudflare
x-github-request-id: C484:7578:18B380:3F5CE6:62DDC1C8
etag: W/"62ddbb83-f89a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNfQ29YCJTEORz84txnUpn5jdhkW77X719gBaeR0%2BWJIBPMabMMHysmFast1MdZFEg51NCXxmLtEPrbRpQ9c2IbBlntGiRxqpTTWFNkDW27Td%2FHSwMv%2BAWbxoEmMkaH4ZqQ%2BbKVJV9MAvJQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 7317c2adccc759c5-MXP
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 19:31:50 GMT

GET
H2 200 all.min.css
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/ 58 KB
13 KB 90ms
26ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 27477
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 12857
etag: W/"e7a9-pX7mjRFgGw/Y5QN/wkH/ZadURzw"
x-served-by: cache-fra19151-FRA, cache-mxp6940-MXP
x-jsd-version-type: version
date: Wed, 27 Jul 2022 19:25:20 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK script.js Show response
microanalytics.io/js/ 728 B
855 B 141ms
41ms Script
application/javascript 51.38.185.25
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://microanalytics.io/js/script.js
Requested by: Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.38.185.25 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-06119eaf.vps.ovh.net
Software: nginx /
Resource Hash: ffb51ec7ccf32269bf96792be2a3b1bbae4a4abda0965983f1a3944ff48750d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 19:25:21 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Jun 2022 09:16:10 GMT
Server: nginx
ETag: W/"6299d15a-2d8"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=604800
wikivps_com: HIT from backend
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Wed, 03 Aug 2022 19:25:21 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1 KB 71ms
25ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52d19d23087cab4754d99e1b93eef0c81607dbe0e235928d00d0ec3e89fac2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 17:54:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 27 Jul 2022 19:25:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 27 Jul 2022 19:25:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
643 B 79ms
33ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4401aeae8ced32f3503b820eda4fb6bec9cc703ef9a1a42a817fae255f34e716

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 19:24:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 27 Jul 2022 19:25:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 27 Jul 2022 19:25:20 GMT

GET
H3 200 dfir_circuits_corner.png
dfir.science/assets/images/logos/ 100 KB
101 KB 354ms
352ms Image
image/png 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_circuits_corner.png

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8988d67ee7f22fa5e226abb2f8c6da90c5ca00ed17c0e3d2a29fc66e0ccc55d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 102281
expires: Wed, 27 Jul 2022 19:35:21 GMT
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: B36C:7204:F94DC:198152:62E0FBA1
etag: "62ddbb5e-18f89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EkgMNgT58e6WWdVJtyhkFr9Wdf00ClCZU3q7VgY9kPux9M8S%2BeU5TMDA6Qa%2B4tZPM62AI6pjBYXNkFoN19I9X3jZaF59fRbpZbpAlSw0dxFvoCG%2F0fk65OFeAZQpXN3S7cfyBLGwzM7APBc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7317c2b02dcdbb06-MXP
x-proxy-cache: MISS

GET
H3 200 dfir_logo_horz_light.png
dfir.science/assets/images/logos/ 67 KB
68 KB 418ms
416ms Image
image/png 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_logo_horz_light.png

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49b6eabf151d0d507b6b326036c3df1b64b3aa6eb925e351f95038a310fd09a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 68732
expires: Wed, 27 Jul 2022 19:35:21 GMT
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: 4430:1CF3:7AA03:10F54B:62E0FBA0
etag: "62ddbb5e-10c7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Iv0KYPV5lGbKVtc%2BYYzbyzvEFx0wENJVXKCxrQGSsWVurUnmlVmu%2F6tYLu2GvJoI0%2FEziSxxKlrydVGQeVeEz%2FlQR2XOokgl2HELm6HR5FiLbi8QuWGhm2EtpgYasJrSqGv4GICeynEDOc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7317c2b02dcfbb06-MXP
x-proxy-cache: MISS

GET
H3 200 becomepatron.png
dfir.science/assets/images/ 10 KB
11 KB 381ms
379ms Image
image/png 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/becomepatron.png

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91a3e46bd2f13459f49e0725554fa7908e36ac219655c4926b8501e9779c05a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7317c2b02dd0bb06-MXP
vary: Accept-Encoding
content-length: 10193
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: E9A2:79B0:5BBA5:ECEC9:62E0FBA1
etag: "62ddbb5e-27d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HOkKIpbGvqd8epqMT%2Bapy9cHqYNl0T4jUviUjiicBI%2Bqhj7FhLZFBrh8McPbu0iV5B0zt44RKhBJXpn6hOLqvS4pT0fP0JfQ%2F2XaZqL0dobHvhJDda2molUqZs9OYaUjzEqiM4%2BXZ1n3pXE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 27 Jul 2022 19:33:36 GMT
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS

GET
H3 200 android.jpg
dfir.science/assets/images/posts/headers/ 627 KB
628 KB 555ms
554ms Image
image/jpeg 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/posts/headers/android.jpg

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9b874f2a7cfbec9c219e54cec8749fa371b98aeb6b9e96de3bb2219f77a96a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 641869
expires: Wed, 27 Jul 2022 19:35:21 GMT
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: 7D9A:15ED:1C26CB:2EC4F2:62E19121
etag: "62ddbb5e-9cb4d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jv1lKd2QibNZzY3REqGgccvYHIsisORzDILSEj1kSyAsaHOXs%2Fc4jaogN6mJzcADXFOYVsuiwaodl4hS6Qk4U6nDDEKSS5En3XsOzBYfcq97fp5bCNRFjy48WkNbbIVJKqBvbhA8IXlxwlY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7317c2b02dd2bb06-MXP
x-proxy-cache: MISS

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 175ms
42ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) /
Resource Hash: ccaf59e06eb4f607fdedb30b166d8ab31ae2f92eaf4a2f998504204f1a2bf526

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 19:25:21 GMT
Content-Encoding: gzip
Age: 752
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 29212
x-tw-cdn: VZ
Last-Modified: Tue, 19 Jul 2022 20:07:06 GMT
Server: ECS (amb/6B75)
Etag: "3b16e031477759af620cd0de990c6783+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H3 200 dfir_squaregrid_slate.png
dfir.science/assets/images/logos/ 320 KB
321 KB 441ms
440ms Image
image/png 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_squaregrid_slate.png

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

934db3add01aa8157a04f0447270d1903e92a02c41bf592c054c7c384b1f505c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 327656
expires: Wed, 27 Jul 2022 19:35:21 GMT
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: FD94:72A4:5F45F:F1274:62E0FBA2
etag: "62ddbb5e-4ffe8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISQ9g%2FmlcjK7BNSl3qqQMJud2TpeZ8SIcOVQlUhOspt6NgYk1xrfRhNIPu%2BPRvyTfDfn3xSCTl%2BZ9NJHLzIwRDKPRPYq6ak9FFteTNLvz2TwVALj430dNXdg3NcpKODFjA6EtBSYXJ%2FfmkU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7317c2b02dd4bb06-MXP
x-proxy-cache: MISS

GET
H3 200 dfir_circuits_corner_navy.png
dfir.science/assets/images/logos/ 101 KB
101 KB 481ms
480ms Image
image/png 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/assets/images/logos/dfir_circuits_corner_navy.png

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dea590e7a344ea7b1d9affe6f8b6fcee69778f1aa5e6b4a4a4339b068bd8e6e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7317c2b02dd5bb06-MXP
vary: Accept-Encoding
content-length: 103143
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: 4590:4573:E9A08:18A3DE:62E0FBA2
etag: "62ddbb5e-192e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3b2Vi7d8%2Fl6hCaszTlxyUojKeuWhqV9d6994ILTjG%2BhE%2FPk2pNgouZ394WTdpbjIRFr7nzmv2a%2Fte3uRs4g%2BGvazTKGucXMb9L1MbGxKEx%2BChvylUF80p8Nr8PPZn0FUVVHb8QAqv6ZRhUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 27 Jul 2022 19:35:21 GMT
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS

GET
H3 200 main.min.js Show response
dfir.science/assets/js/ 120 KB
44 KB 383ms
383ms Script
application/javascript 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/main.min.js

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2c08b3696c561765665f6d299c44dc819d3a6d384bab9f54c0be37f369c975f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: EE30:4571:1A2F6:A62DB:62E0FBA1
etag: W/"62ddbb5e-1de0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aNx5aItsUjGdkq%2BewvOxcKEXDQdd%2Bq%2FSPlYM4%2FZtHk0TJlmtcuf7lRk72Vrg2S60iZuluBsPVwvZydA1QyhAhMv0eTJsgaStsU%2FHcKKDgHqIqIkbxxWYqeHoYjUrPJzmSTguKzhKbyPLwgA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 7317c2ae3990bb06-MXP
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 19:35:21 GMT

GET
H3 200 lunr.min.js Show response
dfir.science/assets/js/lunr/ 29 KB
9 KB 389ms
389ms Script
application/javascript 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/lunr/lunr.min.js

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c50d9002b85780a842afffb567bb54ede402dae7c6dc5997a018614d8044fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 24 Jul 2022 21:36:30 GMT
server: cloudflare
x-github-request-id: BCA2:1F2A:F1469:192EC8:62E0FBA1
etag: W/"62ddbb5e-7346"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wyPhYS5828DhHpQAW5HjJQYX8TUVXLllzH68bM6xEZm5QyKCgJpuz1YKGBUV0zkbAVodgm8GJ%2FFEAMgV1LnBpf8eVX0uRLuD1OS38FUiaEI6yLT9JlE34qWk5EJgBfZA%2FKYLYGnPdNagoU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 7317c2b01dbabb06-MXP
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 19:31:58 GMT

GET
H3 200 lunr-store.js Show response
dfir.science/assets/js/lunr/ 214 KB
64 KB 386ms
386ms Script
application/javascript 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/lunr/lunr-store.js

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47a9fafe51e1d0ff722b1f4e320405dd509bc6cdcab3154ea3381ed451eac437

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=240568
cf-ray: 7317c2b02dc5bb06-MXP
cf-bgj: minify
vary: Accept-Encoding
last-modified: Sun, 24 Jul 2022 21:37:07 GMT
server: cloudflare
x-github-request-id: F882:3E14:ED584:18B691:62E0FBA2
etag: W/"62ddbb83-3abb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T9mJLpllak40VpJJZFs1Zhx1IjNsqvXUTPTz6QQPbSIHi8wHTqC62Ryg0THPaYHoYE756Xge%2B%2Buho6ERaeDFKTv8gQ23edKXTknC9qWHG0E2n78BQ0IyIRg0GM2q%2FjLCKeAvGx%2FiOKKGH%2F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
x-origin-cache: HIT
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 19:34:32 GMT

GET
H3 200 lunr-en.js Show response
dfir.science/assets/js/lunr/ 2 KB
1 KB 412ms
410ms Script
application/javascript 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dfir.science/assets/js/lunr/lunr-en.js

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f178011f6846fa89e8fd056339e483c9176846053b98d2d328deb1764d67ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=2493
cf-ray: 7317c2b02dcbbb06-MXP
cf-bgj: minify
vary: Accept-Encoding
last-modified: Sun, 24 Jul 2022 21:37:07 GMT
server: cloudflare
x-github-request-id: 32F8:9642:73D9F:1087EC:62E0FBA2
etag: W/"62ddbb83-9bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RCYVAYqtDGKpiE6tU5yBq85%2BKNnrMRTDe2SdAfTIMMqnFdX8vVMEsoRbFywmbFyGQHFIZLQfhv98niDXm6hjWytsMuU3l9L83M5gGEPmtX3Zgo6TS8fBVtiVZ%2Ftnc%2ByF8vjR9hF2Bx4VdSU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
x-origin-cache: HIT
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 19:35:21 GMT

GET
H/1.1 200
OK bc1e83d88c15540b3c7f781ee.js Show response
chimpstatic.com/mcjs-connected/js/users/3664f5bc2c4350bc7454f233d/ 4 KB
2 KB 282ms
144ms Script
application/javascript 96.16.131.108
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/3664f5bc2c4350bc7454f233d/bc1e83d88c15540b3c7f781ee.js
Requested by: Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.131.108 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-131-108.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 16e04a9a46ac0ea5e191b0883837e6dd660c7823b5400db021889d4a4e450a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 140, 140, 96, 94, 100
Date: Wed, 27 Jul 2022 19:25:21 GMT
Content-Encoding: gzip
x-amz-request-id: EE1J75Z69ZEHMVXH
X-EdgeConnect-MidMile-RTT: 0, 0, 0, 0, 0
Connection: keep-alive
Content-Length: 1222
x-amz-id-2: 0QtNMxDLk32PamMvzFmwchjfmZTeTGlgBeIzi44/NwL90eQ2Ww/JqdhbrbB8Gdi/PWzCs+HxHzM=
Last-Modified: Tue, 19 Oct 2021 16:00:54 GMT
Server: AmazonS3
ETag: "a8e7eb74a2d4000de591d9250af7701b"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1783
Accept-Ranges: bytes
Expires: Wed, 27 Jul 2022 19:55:04 GMT

GET
H3 200 How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
dfir.science/2022/02/ 26 KB
26 KB 487ms
487ms Image
text/html 2606:4700:3037::6815:59ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Requested by

Host: dfir.science
URL: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:59ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/2022/02/How-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7317c2b02dd6bb06-MXP
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 24 Jul 2022 21:37:08 GMT
server: cloudflare
x-github-request-id: CF78:7033:1E6825:31560D:62E19121
x-frame-options: DENY
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3Rgblvdy97ODkAw8erUHina7W7Nipp98GH5u%2FJSOxmns%2FL5mCsq8KvMAYVM%2FkYXd8zs26%2BQxnmiDvRes2Vbtx8FBbniniv2Ie9NIZwD6NSYVdRV9YiA8Bf0lAGxSEFTf6DPJA1LYgQzmbc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 27 Jul 2022 19:31:49 GMT
cache-control: max-age=600
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'
content-security-policy: upgrade-insecure-requests
x-origin-cache: HIT
x-proxy-cache: HIT

GET
H2 200 UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2
fonts.gstatic.com/s/inter/v12/ 16 KB
17 KB 91ms
19ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dfir.science
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 05:46:10 GMT
x-content-type-options: nosniff
age: 49151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16708
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:02:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jul 2023 05:46:10 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2
fonts.gstatic.com/s/robotomono/v22/ 12 KB
12 KB 101ms
29ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v22/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7295944e0067d71c5d5276d397dc0299afb519f277ba644aec0b96343e4185d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dfir.science
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 21:55:32 GMT
x-content-type-options: nosniff
age: 250189
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12312
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:56:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jul 2023 21:55:32 GMT

GET
H3 200 fa-solid-900.woff2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/ 76 KB
77 KB 114ms
67ms Font
font/woff2 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/fa-solid-900.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css
Origin: https://dfir.science
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 154
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 78268
etag: W/"131bc-DMssgUp+TKEsR3iCFjOAnLA2Hqo"
x-served-by: cache-fra19148-FRA, cache-mxp6929-MXP
x-jsd-version-type: version
date: Wed, 27 Jul 2022 19:25:21 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 fa-brands-400.woff2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/ 75 KB
75 KB 82ms
35ms Font
font/woff2 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/fa-brands-400.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css
Origin: https://dfir.science
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 30430
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 76736
etag: W/"12bc0-BhPH67pV7kfvMCwPd2YyRpL4mac"
x-served-by: cache-fra19177-FRA, cache-mxp6929-MXP
x-jsd-version-type: version
date: Wed, 27 Jul 2022 19:25:21 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 fa-regular-400.woff2
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/ 13 KB
13 KB 130ms
98ms Font
font/woff2 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/webfonts/fa-regular-400.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5/css/all.min.css
Origin: https://dfir.science
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 20382
x-jsd-version: 5.15.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 13224
etag: W/"33a8-E1F1Ka/6OeJYXFkayubcM2tqqRc"
x-served-by: cache-fra19143-FRA, cache-mxp6929-MXP
x-jsd-version-type: version
date: Wed, 27 Jul 2022 19:25:21 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H/1.1 200
OK event Show response
microanalytics.io/api/ 3 B
425 B 80ms
79ms XHR
text/html 51.38.185.25
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://microanalytics.io/api/event
Requested by: Host: microanalytics.io
URL: https://microanalytics.io/js/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.38.185.25 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-06119eaf.vps.ovh.net
Software: nginx /
Resource Hash: d26eae87829adde551bf4b852f9da6b8c3c2db9b65b8b68870632a2db5f53e00

Request headers

Referer: https://dfir.science/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

pragma: no-cache
Date: Wed, 27 Jul 2022 19:25:21 GMT
Server: nginx
X-RateLimit-Remaining: 59
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://dfir.science
Cache-Control: private, must-revalidate
wikivps_com: HIT from backend
X-RateLimit-Limit: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=60
Content-Length: 3
expires: -1

OPTIONS
H/1.1 204
No Content event
microanalytics.io/api/ Frame 0
0 177ms
61ms Preflight
text/html 51.38.185.25
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://microanalytics.io/api/event
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.38.185.25 , France, ASN16276 (OVH, FR),
Reverse DNS: vps-06119eaf.vps.ovh.net
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://dfir.science
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://dfir.science
Access-Control-Max-Age: 0
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 27 Jul 2022 19:25:21 GMT
Keep-Alive: timeout=60
Server: nginx
wikivps_com: HIT from backend

GET
H/1.1 200
OK embed.js Show response
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/ 128 KB
44 KB 82ms
22ms Script
application/javascript 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Requested by: Host: chimpstatic.com
URL: https://chimpstatic.com/mcjs-connected/js/users/3664f5bc2c4350bc7454f233d/bc1e83d88c15540b3c7f781ee.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b960a89dca43490bf0005a6ed7ef8287405c4bd8b050fc4a4934580d8a5920c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 02:01:34 GMT
Content-Encoding: br
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 62628
ETag: W/"7ab9fd3318ef228deb0ec630a29c7cbe"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P1
X-Amz-Cf-Id: U32EpBMdc9fdaArajyPJTVGi0-ZhaU1wlbfAPc0IE4Wql0jd8Z0qLQ==

GET
H2 200 form-settings Show response
mc.us5.list-manage.com/subscribe/ 2 KB
2 KB 336ms
200ms Script
application/json 96.16.159.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mc.us5.list-manage.com/subscribe/form-settings?u=3664f5bc2c4350bc7454f233d&id=522fd8fdae&u=3664f5bc2c4350bc7454f233d&id=522fd8fdae&c=dojo_request_script_callbacks.dojo_request_script0
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.159.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-159-175.deploy.static.akamaitechnologies.com
Software: openresty /
Resource Hash: 5488a4810051a872916f0b8faa4d57195b11da017679819eced5c976c827b33e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:22 GMT
content-encoding: gzip
referrer-policy: same-origin
server: openresty
vary: Accept-Encoding
content-type: application/json; charset=utf-8
expires: Wed, 27 Jul 2022 19:30:22 GMT
cache-control: max-age=300
content-length: 790
x-ua-compatible: IE=edge,chrome=1

GET
H/1.1 200
OK widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html Show response
platform.twitter.com/widgets/ Frame D1B1 320 KB
104 KB 32ms
32ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fdfir.science
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB2) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://dfir.science/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2252
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Wed, 27 Jul 2022 19:25:21 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 19 Jul 2022 20:05:03 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BB2)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 settings Show response
syndication.twitter.com/ Frame D1B1 580 B
540 B 174ms
132ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=dbcb93f3e1dbd1783cbcab76bb13c52b2370309b

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fdfir.science

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

a502f79cb5fa985d8b516eeb3b2ce66e500731cd1999e64b3bb1cb035e784f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 104
date: Wed, 27 Jul 2022 19:25:21 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 19:25:22 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 763988d22b2e283d16e53ad0e2c01dcece321814647022522b08b4d503730a8d
content-length: 260

GET
H/1.1 200
OK popup.js Show response
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/ 102 KB
102 KB 25ms
25ms Script
application/javascript 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/popup.js
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1bd26acd5c8342ed1753d77feace640cb6a1db7e46b5649521eadc50e0dd206

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 15:57:54 GMT
Via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront)
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 12449
ETag: W/"fb8bd57028aa5fdb4ef666437e4717f7"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P1
Accept-Ranges: bytes
Content-Length: 104104
X-Amz-Cf-Id: BfZ5oqU-iGd9dd6DVhQNv6w6fWcC1X9IO-U9honR79-N-DogcG4qOA==

GET
H/1.1 200
OK common.css
downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/ Frame 3006 9 KB
3 KB 16ms
16ms Stylesheet
text/css 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/common.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 03:45:09 GMT
Content-Encoding: br
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 56414
ETag: W/"82e72d627b04e1654282023cca1d1e69"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P1
X-Amz-Cf-Id: ryY91pnIYM9djtKgSK9rcT4Htxpzs37TZouPqwXcvDXH1RN_8--jTw==

GET
H/1.1 200
OK banner.css
downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/ Frame 3006 1005 B
867 B 33ms
16ms Stylesheet
text/css 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/banner.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bece213397fe5f546674ee29dd3f69ec2f2cc0e480e67f09dcc4c25c0d12a3d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 14:36:45 GMT
Content-Encoding: br
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 17318
ETag: W/"78d1bdd981816cfbeb6954a85f9efa58"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P1
X-Amz-Cf-Id: 8cM3NI4eZhBwveN1GpjlMl2gmFQrDNKomfSjQs04Nl8biWdIesM4PQ==

GET
H/1.1 200
OK common.css
downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/ Frame 245E 9 KB
3 KB 67ms
39ms Stylesheet
text/css 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/common.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 03:45:09 GMT
Content-Encoding: br
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 56414
ETag: W/"82e72d627b04e1654282023cca1d1e69"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P1
X-Amz-Cf-Id: _33aRJZ4yH5y4ji0NY-Ni5jLaFFlgMdKAiectvhg0IcR_6kHWVURXg==

GET
H/1.1 200
OK layout-1.css
downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/ Frame 245E 804 B
1 KB 68ms
38ms Stylesheet
text/css 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/layout-1.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60defd0229880a6f78696fcf8e687f94e43fc8bb5ff66028e23e546d0345d2f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 00:52:31 GMT
Via: 1.1 fd38301adb0ceb6cf6c42567f371a2f4.cloudfront.net (CloudFront)
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 66772
ETag: "33e182d2957d66f0239c291b39120c17"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P1
Accept-Ranges: bytes
Content-Length: 804
X-Amz-Cf-Id: pB4gRO5PnWiorEjFoTTXkGv0_OhFevDBaHV10uVxUPrqXYwAFc4wPA==

GET
H/1.1 200
OK modal-slidein.css
downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/ 3 KB
2 KB 68ms
36ms Stylesheet
text/css 13.32.121.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://downloads.mailchimp.com/css/signup-forms/popup/079edf446cb10dc5225dfe31714cd182fefedaf3/modal-slidein.css
Requested by: Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/079edf446cb10dc5225dfe31714cd182fefedaf3/popup.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-28.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 717a079466da86282255203ddb9f6faafb2bf0ca0bb23ecb539463b3f963bde4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 06:03:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Jun 2022 13:56:31 GMT
Server: AmazonS3
Age: 48140
ETag: W/"d23d4c0fac6d9f158d23552bbd4592f0"
Vary: Accept-Encoding, Origin
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 d954dd318e06aa0e69375f36dcd819de.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P1
X-Amz-Cf-Id: 2kaKkLfeScXZXsGJW9F-qew3yJ1uwY9nMNfIBdr0_MrRgncfV7brEA==

GET
H/1.1 200
OK button.fed83577e235944f1c02f314fdfd94dd.js Show response
platform.twitter.com/js/ 7 KB
3 KB 38ms
37ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.fed83577e235944f1c02f314fdfd94dd.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) /
Resource Hash: dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 27 Jul 2022 19:25:22 GMT
Content-Encoding: gzip
Age: 2253
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 2359
x-tw-cdn: VZ
Last-Modified: Tue, 19 Jul 2022 20:04:46 GMT
Server: ECS (amb/6B75)
Etag: "c1233079fb145bc77c712143fa5dcd65+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.dc05643fdb8d0e2b89e5cc3c1d26d1b5.en.html Show response
platform.twitter.com/widgets/ Frame F363 37 KB
14 KB 45ms
45ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.dc05643fdb8d0e2b89e5cc3c1d26d1b5.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) /
Resource Hash: ffe1fc548e8d8c0e937c360cdb0d8ad6fa1a293dc72fe52325d1e3f95524a125

Request headers

Referer: https://dfir.science/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2248
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13674
Content-Type: text/html; charset=utf-8
Date: Wed, 27 Jul 2022 19:25:22 GMT
Etag: "836d4ee21a1d9b1817c4d6170a2173a3+gzip"
Last-Modified: Tue, 19 Jul 2022 20:04:55 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B75)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
357 B 131ms
130ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fdfir.science%2F2022%2F02%2FHow-to-extract-files-from-Cellebrite-Reader-UFDR-for-ALEAPPiLEAPP%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22DFIRScience%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1658949922236%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%226da0b7085cc99%3A1658260301864%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22mention%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=dbcb93f3e1dbd1783cbcab76bb13c52b2370309b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dfir.science/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:25:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 107
pragma: no-cache
last-modified: Wed, 27 Jul 2022 19:25:22 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 763988d22b2e283d16e53ad0e2c01dcece321814647022522b08b4d503730a8d
x-transaction: 7ab695cd92d7fdc6
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame F363 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.list-manage.com/	1970-01-20 13:34:45	Name: _abck Value: 6D93C79CE6B5072C7D6DB2F1DF26308A~-1~YAAQzdXOF1CmQiWCAQAA6+weQQi/gQ9Ocn+cxTyTYWOb38TS60388rGZoEl6fJ29EqRxS7VrKNOkRY5kEuXMS8mT8QKNZVTafEEXr91mSoogkbQ1CHmSBSbhhuFHgAFtIspb8+xoHAkClEsh6RK9mMhrLNBTzzYzWdMvFuhyvwVghtiXoR2+6oiAKjmEJZwgxHEZAi4Hb9T8dRwK+1Da8sllZHgihYWkwBipWdDVnYXFmYFnR1sFPeK+C+PEvhkqEtiE1bSRhFEGpHJxHVwFGq+FIPBzJNcbIxv3zk8S36S88A7Zuu+wevJ6ZpR0zAiK4aZV1rj+cvX8QcGjq/4rYv8wV3Bl6R4Xn2Iu/O3YHS8oWR2dEi9V5Ouir+EpZFeILQ==~-1~-1~-1
.us5.list-manage.com/	1970-01-20 04:49:17	Name: ak_bmsc Value: 5F097BE3DACF0C53BC5C54FE02C30B0A~000000000000000000000000000000~YAAQzdXOF1GmQiWCAQAA6+weQRCQsD/BM+c9C2IB/gU7Bn0Zl3xdZ/FIOY5SbJtAk3K0DJU13vzw2u6yw+e9uXIK12cD+jHOW5RbDLEv3q/k0hLNspiBGdo0Caeq4aMS2TWTEoJhuHtJXXr1GGLb8+rA0jz2v2+I+eGYE3+643vBKvSJvX10+Jdeef3DftKw1+a2aftAxW3x6oja2dbs32znbBUNhIEzJHLbYh/R1jWUIeCHuSA4wkpNUo+EF6TutXNKhK1yA674kD5m2DjPzLH4h7ojD54Ed/dB1NlWRDRuEhTlSx6WrlWCQcq6DJ5VDVvXeo1O/ZhEtoMAVYMf5H+0rqNp1TmH23Cw9pAYjahxz62X1lutgsWFo4bBQT0L9T1NBdlrT9GBQmgot3vM4SxZ
.list-manage.com/	1970-01-20 04:49:24	Name: bm_sz Value: 70A78385EB92999A0EC7D6623CD66AC2~YAAQzdXOF1KmQiWCAQAA6+weQRB8GanON/h73aLN6KzeeiYTXLZTHwLmfh+hRB9nHH2iAAQWEydiiewm9fuSJSWRiwDcBlnCm9kSdiK1fViktkTY+8qlnUCgMq+QIHADTIge00W9HpybjIqkArUhW5rgIzcTECg6i7hlR7uvdaMPahTon9P4Rk/hBLts7cmttaOkw6mAbDNXITJU/Dfrf2P9nlDtc7HBXkkzhTi34UKZSnWVeic/T5rmRhoCf7spseEZOBvKw+0eJ1Ay6BspQNvJ350CkGvoH+LrpYTfcE++/uVmxPTBfw==~4407619~3228482

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
chimpstatic.com
dfir.science
downloads.mailchimp.com
fonts.googleapis.com
fonts.gstatic.com
mc.us5.list-manage.com
microanalytics.io
platform.twitter.com
syndication.twitter.com
104.244.42.200
13.32.121.28
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:3037::6815:59ab
2a00:1450:4001:809::200a
2a00:1450:4001:82f::2003
2a04:4e42:400::485
51.38.185.25
96.16.131.108
96.16.159.175
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
0c50d9002b85780a842afffb567bb54ede402dae7c6dc5997a018614d8044fc8
16e04a9a46ac0ea5e191b0883837e6dd660c7823b5400db021889d4a4e450a8c
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
4401aeae8ced32f3503b820eda4fb6bec9cc703ef9a1a42a817fae255f34e716
47a9fafe51e1d0ff722b1f4e320405dd509bc6cdcab3154ea3381ed451eac437
49b6eabf151d0d507b6b326036c3df1b64b3aa6eb925e351f95038a310fd09a5
4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72
52d19d23087cab4754d99e1b93eef0c81607dbe0e235928d00d0ec3e89fac2e0
5488a4810051a872916f0b8faa4d57195b11da017679819eced5c976c827b33e
60defd0229880a6f78696fcf8e687f94e43fc8bb5ff66028e23e546d0345d2f1
717a079466da86282255203ddb9f6faafb2bf0ca0bb23ecb539463b3f963bde4
7295944e0067d71c5d5276d397dc0299afb519f277ba644aec0b96343e4185d1
7f178011f6846fa89e8fd056339e483c9176846053b98d2d328deb1764d67ceb
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef
91a3e46bd2f13459f49e0725554fa7908e36ac219655c4926b8501e9779c05a6
934db3add01aa8157a04f0447270d1903e92a02c41bf592c054c7c384b1f505c
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
a502f79cb5fa985d8b516eeb3b2ce66e500731cd1999e64b3bb1cb035e784f66
a8988d67ee7f22fa5e226abb2f8c6da90c5ca00ed17c0e3d2a29fc66e0ccc55d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b2517951614051871e877d1b291a3b744316e2361c6682609f7615e8a316fa3e
b960a89dca43490bf0005a6ed7ef8287405c4bd8b050fc4a4934580d8a5920c6
bece213397fe5f546674ee29dd3f69ec2f2cc0e480e67f09dcc4c25c0d12a3d7
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c9b874f2a7cfbec9c219e54cec8749fa371b98aeb6b9e96de3bb2219f77a96a9
ccaf59e06eb4f607fdedb30b166d8ab31ae2f92eaf4a2f998504204f1a2bf526
d26eae87829adde551bf4b852f9da6b8c3c2db9b65b8b68870632a2db5f53e00
dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f
dea590e7a344ea7b1d9affe6f8b6fcee69778f1aa5e6b4a4a4339b068bd8e6e1
e2c08b3696c561765665f6d299c44dc819d3a6d384bab9f54c0be37f369c975f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca
f1bd26acd5c8342ed1753d77feace640cb6a1db7e46b5649521eadc50e0dd206
f6e0ec9891fff60f39f603403f1a5a5f9411618af0c02fd3edadddfa177ec15e
ffb51ec7ccf32269bf96792be2a3b1bbae4a4abda0965983f1a3944ff48750d6
ffe1fc548e8d8c0e937c360cdb0d8ad6fa1a293dc72fe52325d1e3f95524a125

dfir.science Open in urlscan Pro 2606:4700:3037::6815:59ab Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

39 Requests

100 %HTTPS

50 %IPv6

9 Domains

10 Subdomains

11 IPs

3 Countries

1916 kBTransfer

2676 kBSize

3 Cookies

24 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

dfir.science Open in urlscan Pro
2606:4700:3037::6815:59ab Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

100 %
HTTPS

50 %
IPv6

9
Domains

10
Subdomains

11
IPs

3
Countries

1916 kB
Transfer

2676 kB
Size

3
Cookies

39 HTTP transactions
1 data transactions