www.emanueledelucia.net Open in urlscan Pro
2606:4700:30::681b:ab1f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
Submission: On September 02 via api (September 2nd 2019, 6:31:16 am UTC) from CH

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2606:4700:30::681b:ab1f, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.emanueledelucia.net.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on July 23rd 2019. Valid for: 6 months.

This is the only time www.emanueledelucia.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
12	2606:4700:30:... 2606:4700:30::681b:ab1f		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
12	1

12 2606:4700:30::681b:ab1f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.emanueledelucia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	emanueledelucia.net www.emanueledelucia.net	462 KB
12	1

	Domain	Requested by
12	www.emanueledelucia.net	www.emanueledelucia.net
12	1

This site contains no links.

Subject Issuer	Validity	Valid
sni163658.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-07-23` - `2020-01-29`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
Frame ID: 5BEF40503CC312AAE5D8D044187228F5
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

12
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

462 kB
Transfer

487 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell Show response
www.emanueledelucia.net/ 24 KB
7 KB 3088ms
2981ms Document
text/html 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a4c679cb85b918a8e1a4e24e5714d192d887c12b8249308902b044c4c5ae6d2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.emanueledelucia.net
:scheme: https
:path: /a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Mon, 02 Sep 2019 06:30:58 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=ddab56bf5dcd166f6a7b5ebbac7356d761567405855; expires=Tue, 01-Sep-20 06:30:55 GMT; path=/; domain=.emanueledelucia.net; HttpOnly
x-frame-options: SAMEORIGIN
link: <https://www.emanueledelucia.net/?p=2041>; rel=shortlink
x-xss-protection: 1; mode=block
vary: Accept-Encoding
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50fd70269a89cba8-VIE
content-encoding: br

GET
H2 200 main.css
www.emanueledelucia.net/site/ 12 KB
3 KB 2375ms
2373ms Stylesheet
text/css 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.emanueledelucia.net/site/main.css

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3b529126e3d84776ed1386cd61257d8c14b1c96b24562cfbc42633af6a4e085

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Mon, 02 Sep 2019 06:31:01 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=259200
cf-ray: 50fd70399c6ccba8-VIE
x-xss-protection: 1; mode=block
expires: Thu, 05 Sep 2019 06:31:01 GMT

GET
H2 404 active.css
www.emanueledelucia.net/site/modules/ca29bd55/ 0
0 1636ms
1635ms Stylesheet
text/html 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.emanueledelucia.net/site/modules/ca29bd55/active.css

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Sep 2019 06:31:00 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 50fd70399c6ecba8-VIE
x-xss-protection: 1; mode=block
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 1557349135152.png
www.emanueledelucia.net/site/files/2019/08/ 97 KB
98 KB 504ms
503ms Image
image/png 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/1557349135152.png

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a921e2f4c9bd099991e4e59e446a37991606a1595b93d9f17e89269c96b64bb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:30:59 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 14:03:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd70399c70cba8-VIE
content-length: 99583
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:00:59 GMT

GET
H2 200 image_1.jpg
www.emanueledelucia.net/site/files/2019/08/ 47 KB
47 KB 607ms
606ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_1.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

857090f9f8b6a82e91506efdbd5e33e6cfde9599bcbba97bf45eaa4a5f1b6c78

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:30:59 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 19:10:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd70399c74cba8-VIE
content-length: 47849
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:00:59 GMT

GET
H2 200 image_2.jpg
www.emanueledelucia.net/site/files/2019/08/ 67 KB
67 KB 541ms
540ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_2.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b095170c9022158870e711f35b6f643b329707c4218857af0771e654ac0eedea

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:30:59 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 19:19:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd7039ac76cba8-VIE
content-length: 68450
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:00:59 GMT

GET
H2 200 image_3.jpg
www.emanueledelucia.net/site/files/2019/08/ 63 KB
63 KB 363ms
363ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_3.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f30b0dae813bcd7b57f42325f2616b3690bea8dcb8e3eaa0674554b7d1f7603

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:30:59 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 19:58:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd703cde0dcba8-VIE
content-length: 64218
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:00:59 GMT

GET
H2 200 image_4-1024x211.jpg
www.emanueledelucia.net/site/files/2019/08/ 35 KB
36 KB 1018ms
1018ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_4-1024x211.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5faa4c54da81bb1021de19612ab058a133dcca4dcef76d35870c997900c47e49

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:31:00 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 20:07:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd703d0e80cba8-VIE
content-length: 36266
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:01:00 GMT

GET
H2 200 image_5-1024x384.jpg
www.emanueledelucia.net/site/files/2019/08/ 105 KB
105 KB 963ms
963ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_5-1024x384.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76c70d3a60ba8644f70564f853afbd65ab1bd8cba5f4a2e938b5272eaa8507d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:31:00 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 20:21:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd703d6f93cba8-VIE
content-length: 107551
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:01:00 GMT

GET
H2 200 image_6-1024x78.jpg
www.emanueledelucia.net/site/files/2019/08/ 21 KB
21 KB 688ms
687ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_6-1024x78.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ce6d8699852ff489514534a79f5d575b0c9fc4213e996148ab3fe978e22c23a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:31:00 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 21:01:24 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd703f0c2ccba8-VIE
content-length: 21225
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:01:00 GMT

GET
H2 200 image_7-1024x79.jpg
www.emanueledelucia.net/site/files/2019/08/ 15 KB
16 KB 667ms
667ms Image
image/jpeg 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.emanueledelucia.net/site/files/2019/08/image_7-1024x79.jpg

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

976cdb74969409e747b26bf0b83794a919cc5b26252a3826fa5cf3fde6c39728

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:31:00 GMT
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2019 21:11:33 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 50fd703f2c78cba8-VIE
content-length: 15740
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:01:00 GMT

GET
H2 200 comment-reply.min.js Show response
www.emanueledelucia.net/site/libs/js/ 757 B
441 B 867ms
866ms Script
application/javascript 2606:4700:30::681b:ab1f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.emanueledelucia.net/site/libs/js/comment-reply.min.js

Requested by

Host: www.emanueledelucia.net
URL: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:ab1f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 06:30:59 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Tue, 03 Feb 2015 00:48:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: public, max-age=1800
cf-ray: 50fd70399c73cba8-VIE
x-xss-protection: 1; mode=block
expires: Mon, 02 Sep 2019 07:00:59 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| addComment

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.emanueledelucia.net
2606:4700:30::681b:ab1f
5faa4c54da81bb1021de19612ab058a133dcca4dcef76d35870c997900c47e49
6a4c679cb85b918a8e1a4e24e5714d192d887c12b8249308902b044c4c5ae6d2
6ce6d8699852ff489514534a79f5d575b0c9fc4213e996148ab3fe978e22c23a
857090f9f8b6a82e91506efdbd5e33e6cfde9599bcbba97bf45eaa4a5f1b6c78
8f30b0dae813bcd7b57f42325f2616b3690bea8dcb8e3eaa0674554b7d1f7603
976cdb74969409e747b26bf0b83794a919cc5b26252a3826fa5cf3fde6c39728
9a921e2f4c9bd099991e4e59e446a37991606a1595b93d9f17e89269c96b64bb
b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0
b095170c9022158870e711f35b6f643b329707c4218857af0771e654ac0eedea
c3b529126e3d84776ed1386cd61257d8c14b1c96b24562cfbc42633af6a4e085
c76c70d3a60ba8644f70564f853afbd65ab1bd8cba5f4a2e938b5272eaa8507d

www.emanueledelucia.net Open in urlscan Pro 2606:4700:30::681b:ab1f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

462 kBTransfer

487 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.emanueledelucia.net Open in urlscan Pro
2606:4700:30::681b:ab1f Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

462 kB
Transfer

487 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions