urlscan.io logo urlscan.io
SecurityTrails logo

www.inversecos.com Open in urlscan Pro
142.250.186.147  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Submission Tags: falconsandbox
Submission: On September 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 1 countries across 7 domains to perform 33 HTTP transactions. The main IP is 142.250.186.147, located in United States and belongs to GOOGLE, US. The main domain is www.inversecos.com.
TLS certificate: Issued by GTS CA 1D4 on July 29th 2021. Valid for: 3 months.
This is the only time www.inversecos.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 142.250.186.147 15169 (GOOGLE)
1 142.250.185.195 15169 (GOOGLE)
1 18 216.58.212.137 15169 (GOOGLE)
4 142.250.186.67 15169 (GOOGLE)
3 142.250.185.129 15169 (GOOGLE)
4 142.250.184.225 15169 (GOOGLE)
1 1 172.217.23.109 15169 (GOOGLE)
1 172.217.16.132 15169 (GOOGLE)
33 8
2    142.250.186.147 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f19.1e100.net
www.inversecos.com
1    142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
www.gstatic.com
18    216.58.212.137 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f9.1e100.net
www.blogger.com
resources.blogblog.com
www.blogblog.com
4    142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net
fonts.gstatic.com
3    142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net
lh3.googleusercontent.com
4    142.250.184.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f1.1e100.net
3.bp.blogspot.com
1.bp.blogspot.com
2.bp.blogspot.com
1    172.217.23.109 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f13.1e100.net
accounts.google.com
1    172.217.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f4.1e100.net
www.google.com
Domain Requested by
13 www.blogger.com 1 redirects www.inversecos.com
www.blogger.com
4 resources.blogblog.com www.inversecos.com
www.blogger.com
4 fonts.gstatic.com www.inversecos.com
www.blogger.com
3 lh3.googleusercontent.com www.inversecos.com
2 1.bp.blogspot.com www.inversecos.com
2 www.inversecos.com www.inversecos.com
1 www.google.com www.blogger.com
1 www.blogblog.com www.inversecos.com
1 accounts.google.com 1 redirects
1 2.bp.blogspot.com www.inversecos.com
1 3.bp.blogspot.com www.inversecos.com
1 www.gstatic.com www.inversecos.com
33 12

This site contains links to these domains. Also see Links.

Domain
lh3.googleusercontent.com
www.blogger.com
www.amazon.com
twitter.com
www.linkedin.com
Subject Issuer Validity Valid
www.inversecos.com
GTS CA 1D4		 2021-07-29 -
2021-10-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.blogger.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Frame ID: A88C62EA88FB1840B721FFCBA22B77C2
Requests: 23 HTTP requests in this frame

Frame: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506
Frame ID: 7F022ABE4CBE386C1D8D461CD6FFB376
Requests: 1 HTTP requests in this frame

Frame: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Frame ID: 5F2432F949E364471CC3444B5E65D251
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Backdoor Office 365 and Active Directory - Golden SAML

Detected technologies

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js

Page Statistics

33
Requests

97 %
HTTPS

0 %
IPv6

7
Domains

12
Subdomains

8
IPs

1
Countries

1118 kB
Transfer

1262 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506 HTTP 302
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D4913778223018726354%26postID%3D6509475546134938735%26skin%3Dessential%26blogspotRpcToken%3D3575506%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4913778223018726354%26postID%3D6509475546134938735%26skin%3Dessential%26blogspotRpcToken%3D3575506%26bpli%3D1&go=true HTTP 302
  • https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request backdooring-office-365-and-active.html
www.inversecos.com/2021/09/ 		108 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f19.1e100.net
Software
GSE /
Resource Hash
6af97ac2acc8450428af4808bf9d107cb03921bcbd63b21f11919185eed12235
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.inversecos.com
:scheme
https
:path
/2021/09/backdooring-office-365-and-active.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=UTF-8
expires
Wed, 22 Sep 2021 23:32:46 GMT
date
Wed, 22 Sep 2021 23:32:46 GMT
cache-control
private, max-age=0
last-modified
Wed, 22 Sep 2021 06:03:22 GMT
etag
W/"b7b639afd014dc71ad76412d1bf8c2c6bc705c2ef5427eda0c6478c5ff8d8adf"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
24814
server
GSE
clipboard.min.js
www.gstatic.com/external_hosted/clipboardjs/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
92e40dc4bbb485a182b796c58e6da7974cb8a6a84fdb4548ace3b85c991f0f94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3475
x-xss-protection
0
last-modified
Wed, 14 Apr 2021 19:28:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=0
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 22 Sep 2021 23:32:46 GMT
authorization.css
www.blogger.com/dyn-css/ 		1 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4913778223018726354&zx=fdb25563-2cea-47ec-aaa0-883d38f606ac
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Sep 2021 23:32:46 GMT
server
GSE
date
Wed, 22 Sep 2021 23:32:46 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
sprite_v1_6.css.svg
www.inversecos.com/responsive/ 		7 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.inversecos.com/responsive/sprite_v1_6.css.svg
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f19.1e100.net
Software
sffe /
Resource Hash
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:path
/responsive/sprite_v1_6.css.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
same-origin
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inversecos.com
referer
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Sep 2021 22:53:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/svg+xml
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
2244
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 29 Sep 2021 23:32:46 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.inversecos.com/
Origin
https://www.inversecos.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 04:48:57 GMT
x-content-type-options
nosniff
age
67429
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 04:48:57 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.inversecos.com/
Origin
https://www.inversecos.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 10:50:07 GMT
x-content-type-options
nosniff
age
218559
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:46 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 20 Sep 2022 10:50:07 GMT
Screen%2BShot%2B2021-09-03%2Bat%2B1.46.13%2Bpm.png
lh3.googleusercontent.com/-vYuq9ZWoKko/YTGai7gDLAI/AAAAAAAACG4/YKVLcgE5-ygiB80pUsILdS3BVArdh3FfQCLcBGAsYHQ/w640-h196/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/-vYuq9ZWoKko/YTGai7gDLAI/AAAAAAAACG4/YKVLcgE5-ygiB80pUsILdS3BVArdh3FfQCLcBGAsYHQ/w640-h196/Screen%2BShot%2B2021-09-03%2Bat%2B1.46.13%2Bpm.png
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
fife /
Resource Hash
753faa33e7592fb17ed1c3845ec9b253d04615ee7be93f9357fec1dfb9103673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="Screen Shot 2021-09-03 at 1.46.13 pm.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36432
x-xss-protection
0
server
fife
etag
"v870"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 07 Sep 2021 06:12:56 GMT
Screen%2BShot%2B2021-09-03%2Bat%2B1.44.57%2Bpm.png
lh3.googleusercontent.com/-83eTfN6ffqo/YTGaPYO_LPI/AAAAAAAACGw/KmKANQgImqwjDkJZRrICkPwaqigLDkaowCLcBGAsYHQ/w640-h555/ 		103 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/-83eTfN6ffqo/YTGaPYO_LPI/AAAAAAAACGw/KmKANQgImqwjDkJZRrICkPwaqigLDkaowCLcBGAsYHQ/w640-h555/Screen%2BShot%2B2021-09-03%2Bat%2B1.44.57%2Bpm.png
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
fife /
Resource Hash
88c8eb00a16c1699d2006c86d87fb1fa3f7695e2884f4c3bf0ab803b3944a5df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
x-content-type-options
nosniff
server
fife
etag
"v86d"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="Screen Shot 2021-09-03 at 1.44.57 pm.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
105041
x-xss-protection
0
expires
Thu, 23 Sep 2021 23:32:46 GMT
Screen%2BShot%2B2021-09-03%2Bat%2B1.46.55%2Bpm.png
lh3.googleusercontent.com/-O69yVTwBNQ8/YTGaxx_NvyI/AAAAAAAACG8/gFRep5PTvus50UV-ksT7czwnniYH5KbpQCLcBGAsYHQ/w640-h238/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/-O69yVTwBNQ8/YTGaxx_NvyI/AAAAAAAACG8/gFRep5PTvus50UV-ksT7czwnniYH5KbpQCLcBGAsYHQ/w640-h238/Screen%2BShot%2B2021-09-03%2Bat%2B1.46.55%2Bpm.png
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f1.1e100.net
Software
fife /
Resource Hash
d87923a1246e7e712db98a7d6cc2310c9facecc96cce03aea195555391145823
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
x-content-type-options
nosniff
server
fife
etag
"v871"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="Screen Shot 2021-09-03 at 1.46.55 pm.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41424
x-xss-protection
0
expires
Thu, 23 Sep 2021 23:32:46 GMT
blogger_logo_round_35.png
www.blogger.com/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blogger.com/img/blogger_logo_round_35.png
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 22:15:55 GMT
x-content-type-options
nosniff
last-modified
Wed, 22 Sep 2021 03:51:33 GMT
server
sffe
age
4611
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2531
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 29 Sep 2021 22:15:55 GMT
IMG_0113.JPG
3.bp.blogspot.com/_eIHB7WOQ6wk/Seq0tCyyeTI/AAAAAAAAAAk/1HOg4TObrHA/S45-s35/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/_eIHB7WOQ6wk/Seq0tCyyeTI/AAAAAAAAAAk/1HOg4TObrHA/S45-s35/IMG_0113.JPG
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f1.1e100.net
Software
fife /
Resource Hash
7c08e8718d125e7e4f4f27d8b6e2239a0761065a579501b4873677ee81f18050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:47 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="IMG_0113.JPG"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1334
x-xss-protection
0
server
fife
etag
"v9"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 23 Sep 2021 14:10:16 GMT
blank.gif
resources.blogblog.com/img/ 		43 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.blogblog.com/img/blank.gif
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 05:03:30 GMT
x-content-type-options
nosniff
last-modified
Fri, 17 Sep 2021 03:50:17 GMT
server
sffe
age
498556
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Fri, 24 Sep 2021 05:03:30 GMT
186635561-comment_from_post_iframe.js
www.blogger.com/static/v1/jsbin/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/jsbin/186635561-comment_from_post_iframe.js
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
77bbf7198131f779d4b0f1a60286ec9fe66e113a03be25e97b3ddac6b0480a59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 01:56:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
164160
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6505
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 00:52:11 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 21 Sep 2022 01:56:46 GMT
Screen%2BShot%2B2021-09-17%2Bat%2B2.59.05%2Bpm.png
1.bp.blogspot.com/-uWt0Nh427IU/YUQi3qIgGLI/AAAAAAAACHs/AmuKnzEheyYExr58SyDTwqwDjZqc9KnYgCLcBGAsYHQ/w72-h72-p-k-no-nu/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-uWt0Nh427IU/YUQi3qIgGLI/AAAAAAAACHs/AmuKnzEheyYExr58SyDTwqwDjZqc9KnYgCLcBGAsYHQ/w72-h72-p-k-no-nu/Screen%2BShot%2B2021-09-17%2Bat%2B2.59.05%2Bpm.png
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f1.1e100.net
Software
fife /
Resource Hash
ff5e90ed6ff9504c5451b51cc18bfced4263a15d18ea702e70cfee545bf43079
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="Screen Shot 2021-09-17 at 2.59.05 pm.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3870
x-xss-protection
0
server
fife
etag
"v87c"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 21 Sep 2021 07:28:40 GMT
Screen%2BShot%2B2020-05-01%2Bat%2B11.33.55%2Bam.png
1.bp.blogspot.com/-vzPGZLlpKe8/Xqt89iEw1bI/AAAAAAAABzw/23308Bbn8fMmomx9CfvQZeXCzkpNvLjJACEwYBhgL/w72-h72-p-k-no-nu/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-vzPGZLlpKe8/Xqt89iEw1bI/AAAAAAAABzw/23308Bbn8fMmomx9CfvQZeXCzkpNvLjJACEwYBhgL/w72-h72-p-k-no-nu/Screen%2BShot%2B2020-05-01%2Bat%2B11.33.55%2Bam.png
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f1.1e100.net
Software
fife /
Resource Hash
812fbb57ed27ac2edad6a7874525c0caa9a285732fde949221f51a5cd3a77b59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:32:46 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="Screen Shot 2020-05-01 at 11.33.55 am.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3466
x-xss-protection
0
server
fife
etag
"v73c"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 04 Sep 2021 07:59:26 GMT
wmRsOras_400x400.jpg
2.bp.blogspot.com/-TF0IlZMjSWQ/YCtWEwhlG3I/AAAAAAAAB8E/YDktztDwR2cTB9b_6mXT4mkLr71lUYNrgCK4BGAYYCw/s120-pf/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-TF0IlZMjSWQ/YCtWEwhlG3I/AAAAAAAAB8E/YDktztDwR2cTB9b_6mXT4mkLr71lUYNrgCK4BGAYYCw/s120-pf/wmRsOras_400x400.jpg
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f1.1e100.net
Software
fife /
Resource Hash
ff78a30fd4e65cee1f0b335a93e7081cf2923996dcef8c845f0b7f28bfe09a42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 20:37:27 GMT
x-content-type-options
nosniff
age
10519
content-disposition
inline;filename="wmRsOras_400x400.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4285
x-xss-protection
0
server
fife
etag
"v7c8"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 07 Sep 2021 16:10:55 GMT
1196570827-strm_compiled.js
resources.blogblog.com/blogblog/data/res/ 		134 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.blogblog.com/blogblog/data/res/1196570827-strm_compiled.js
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
8b74d9aa49cf2bc773e8d1cd78757129623b268b00471f2922fb60a6bc9b9434
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 02:07:37 GMT
x-content-type-options
nosniff
age
163509
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/blogger-tech
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136806
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 01:50:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Tue, 28 Sep 2021 02:07:37 GMT
1183870265-widgets.js
www.blogger.com/static/v1/widgets/ 		147 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1183870265-widgets.js
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
10b24e55b1c18111463754323394cc60728981a761b333a9a3970c07a473084f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 01:55:23 GMT
x-content-type-options
nosniff
age
164243
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
150301
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 21:51:34 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 21 Sep 2022 01:55:23 GMT
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v27/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
sffe /
Resource Hash
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.inversecos.com/
Origin
https://www.inversecos.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:20:40 GMT
x-content-type-options
nosniff
age
202326
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17484
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:42 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 20 Sep 2022 15:20:40 GMT
comment-iframe.g
www.blogger.com/ Frame 7F02 		0
0
comment-iframe.g
www.blogger.com/ Frame 5F24
Redirect Chain
  • https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D4913778223018726354%26postID%3D6509475546134938735%26skin%3Dessential%26blogspotRpcT...
  • https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
17 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/widgets/1183870265-widgets.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
GSE /
Resource Hash
80e25b9b87ba7383eecacb01c5c1f054fee99efc925f87d89af2153f11dd8518
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.blogger.com
:scheme
https
:path
/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.inversecos.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
about:blank

Response headers

p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 22 Sep 2021 23:32:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
4794
server
GSE
set-cookie
S=blogger=O-yfdVHHwRUgkYA1ckV0xuWLlHcshMYoy0QNDEw085Q; Domain=.blogger.com; Path=/; Secure; HttpOnly; Priority=LOW; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type
text/html; charset=UTF-8
x-frame-options
DENY
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 22 Sep 2021 23:32:47 GMT
location
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
script-src 'report-sample' 'nonce-fujpkuVJi4F19+RK35Mv7A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
269
server
GSE
set-cookie
__Host-GAPS=1:eXZA42pZZ6S3px7hbM-fmkAwu6TjNw:0oXyqS5kG3e20gcw;Path=/;Expires=Fri, 22-Sep-2023 23:32:47 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
mspin_black_large.svg
www.blogblog.com/indie/ 		6 KB
998 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blogblog.com/indie/mspin_black_large.svg
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
1e2c209346d02318a063c7ea2513498881c35f1525114c9b969b573384f54baf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 04:43:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
240545
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
870
x-xss-protection
0
last-modified
Sun, 19 Sep 2021 04:49:55 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Mon, 27 Sep 2021 04:43:41 GMT
authorization.css
www.blogger.com/dyn-css/ 		1 B
43 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4913778223018726354&zx=fdb25563-2cea-47ec-aaa0-883d38f606ac
Requested by
Host: www.inversecos.com
URL: https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Sep 2021 23:32:47 GMT
server
GSE
date
Wed, 22 Sep 2021 23:32:47 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
3670766380-cmt__en_gb.js
www.blogger.com/static/v1/jsbin/ Frame 5F24 		96 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/jsbin/3670766380-cmt__en_gb.js
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
6ba640dd43583f0d1b2bb7a80e9fa1409400a7469752c93895dd4a727f2b9c17
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 07:15:30 GMT
x-content-type-options
nosniff
age
58637
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98752
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 15:29:40 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 22 Sep 2022 07:15:30 GMT
blank.gif
resources.blogblog.com/img/ Frame 5F24 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.blogblog.com/img/blank.gif
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 05:03:30 GMT
x-content-type-options
nosniff
last-modified
Fri, 17 Sep 2021 03:50:17 GMT
server
sffe
age
498557
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Fri, 24 Sep 2021 05:03:30 GMT
0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js
www.google.com/js/bg/ Frame 5F24 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f4.1e100.net
Software
sffe /
Resource Hash
d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 13:56:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
466553
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13319
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:30:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 13:56:54 GMT
close.gif
www.blogger.com/img/cmt/ Frame 5F24 		347 B
370 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blogger.com/img/cmt/close.gif
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
df6cb367e3692c4d2056dd69c54bea18458148ef028ce7b998824f9f49ceafd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 13:27:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 21 Sep 2021 18:04:41 GMT
server
sffe
age
36303
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
347
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 29 Sep 2021 13:27:44 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 5F24 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blogger.com/
Origin
https://www.blogger.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 04:48:57 GMT
x-content-type-options
nosniff
age
67430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 04:48:57 GMT
sprite_comment_v1.css.svg
www.blogger.com/img/responsive/ Frame 5F24 		585 B
363 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/img/responsive/sprite_comment_v1.css.svg
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
b87dd1f80f3239467127bfa7c4d48f4071b0bacb510dc87cd1193eb3afc8241d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:10:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1320
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
338
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 04:52:27 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 29 Sep 2021 23:10:47 GMT
comment-iframe-bg.g
www.blogger.com/ Frame 5F24 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&bgint=0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/jsbin/3670766380-cmt__en_gb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
GSE /
Resource Hash
f6b9b8717ef27dd384ddad46080216c12cb9a7e699c9c5adc1043d16e176c0dd
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
date
Wed, 22 Sep 2021 23:32:48 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9494
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
anon36.png
resources.blogblog.com/img/ Frame 5F24 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.blogblog.com/img/anon36.png
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506&bpli=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
19a794aab8d93c3cafd1efa4ae19579369f92ed5f1bb114d05aa0d7c7d1b3c22
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.blogger.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:03:11 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Sep 2021 08:50:20 GMT
server
sffe
age
487776
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1654
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Fri, 24 Sep 2021 08:03:11 GMT
4076883957-lightbox_bundle.css
www.blogger.com/static/v1/v-css/ 		35 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/v-css/4076883957-lightbox_bundle.css
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/widgets/1183870265-widgets.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
b36420078eff98260683e049cf2ecc27adaa071e10ca528fc3dab786592782cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 09:00:09 GMT
x-content-type-options
nosniff
age
138759
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35768
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 03:50:35 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 21 Sep 2022 09:00:09 GMT
4043737584-lbx__en_gb.js
www.blogger.com/static/v1/jsbin/ 		377 KB
377 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/jsbin/4043737584-lbx__en_gb.js
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/widgets/1183870265-widgets.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.137 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f9.1e100.net
Software
sffe /
Resource Hash
7ef5830e5ba6f9df3d6cecf05d00af02693fc814ec487e061a9f476c0f1d6790
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inversecos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 23:22:57 GMT
x-content-type-options
nosniff
age
591
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
385746
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 21:53:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 22 Sep 2022 23:22:57 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.blogger.com
URL
https://www.blogger.com/comment-iframe.g?blogID=4913778223018726354&postID=6509475546134938735&skin=essential&blogspotRpcToken=3575506

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster function| ClipboardJS object| blogger object| goog function| BLOG_CMT_createIframe function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt function| __gjsload__ object| closure_lm_259208 object| closure_lm_25247

1 Cookies

Domain/Path Name / Value
.blogger.com/ Name: S
Value: blogger=O-yfdVHHwRUgkYA1ckV0xuWLlHcshMYoy0QNDEw085Q

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
2.bp.blogspot.com
3.bp.blogspot.com
accounts.google.com
fonts.gstatic.com
lh3.googleusercontent.com
resources.blogblog.com
www.blogblog.com
www.blogger.com
www.google.com
www.gstatic.com
www.inversecos.com
www.blogger.com
142.250.184.225
142.250.185.129
142.250.185.195
142.250.186.147
142.250.186.67
172.217.16.132
172.217.23.109
216.58.212.137
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10b24e55b1c18111463754323394cc60728981a761b333a9a3970c07a473084f
183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a
19a794aab8d93c3cafd1efa4ae19579369f92ed5f1bb114d05aa0d7c7d1b3c22
1e2c209346d02318a063c7ea2513498881c35f1525114c9b969b573384f54baf
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
6af97ac2acc8450428af4808bf9d107cb03921bcbd63b21f11919185eed12235
6ba640dd43583f0d1b2bb7a80e9fa1409400a7469752c93895dd4a727f2b9c17
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
753faa33e7592fb17ed1c3845ec9b253d04615ee7be93f9357fec1dfb9103673
77bbf7198131f779d4b0f1a60286ec9fe66e113a03be25e97b3ddac6b0480a59
7c08e8718d125e7e4f4f27d8b6e2239a0761065a579501b4873677ee81f18050
7ef5830e5ba6f9df3d6cecf05d00af02693fc814ec487e061a9f476c0f1d6790
80e25b9b87ba7383eecacb01c5c1f054fee99efc925f87d89af2153f11dd8518
812fbb57ed27ac2edad6a7874525c0caa9a285732fde949221f51a5cd3a77b59
88c8eb00a16c1699d2006c86d87fb1fa3f7695e2884f4c3bf0ab803b3944a5df
8b74d9aa49cf2bc773e8d1cd78757129623b268b00471f2922fb60a6bc9b9434
92e40dc4bbb485a182b796c58e6da7974cb8a6a84fdb4548ace3b85c991f0f94
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b36420078eff98260683e049cf2ecc27adaa071e10ca528fc3dab786592782cc
b87dd1f80f3239467127bfa7c4d48f4071b0bacb510dc87cd1193eb3afc8241d
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60
d87923a1246e7e712db98a7d6cc2310c9facecc96cce03aea195555391145823
df6cb367e3692c4d2056dd69c54bea18458148ef028ce7b998824f9f49ceafd6
f6b9b8717ef27dd384ddad46080216c12cb9a7e699c9c5adc1043d16e176c0dd
ff5e90ed6ff9504c5451b51cc18bfced4263a15d18ea702e70cfee545bf43079
ff78a30fd4e65cee1f0b335a93e7081cf2923996dcef8c845f0b7f28bfe09a42