blog.criminalip.io Open in urlscan Pro
192.0.78.12 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Submission: On November 06 via manual (November 6th 2022, 11:35:24 pm UTC) from PH — Scanned from DE

Summary HTTP 61 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 7 domains to perform 61 HTTP transactions. The main IP is 192.0.78.12, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is blog.criminalip.io.
TLS certificate: Issued by R3 on November 4th 2022. Valid for: 3 months.

This is the only time blog.criminalip.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	192.0.78.12 192.0.78.12	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
17	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
8	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
8	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.32 192.0.78.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
61	11

18 192.0.78.12 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.criminalip.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

jetpack.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	wp.com i0.wp.com — Cisco Umbrella Rank: 3805 s0.wp.com — Cisco Umbrella Rank: 7623 stats.wp.com — Cisco Umbrella Rank: 3367 pixel.wp.com — Cisco Umbrella Rank: 2816	669 KB
18	criminalip.io blog.criminalip.io	689 KB
8	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2624 1.gravatar.com — Cisco Umbrella Rank: 10160 0.gravatar.com — Cisco Umbrella Rank: 9955	23 KB
3	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2041 www.google-analytics.com — Cisco Umbrella Rank: 97	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 121	119 KB
1	wordpress.com jetpack.wordpress.com — Cisco Umbrella Rank: 16802	8 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 4088
61	7

	Domain	Requested by
18	blog.criminalip.io	blog.criminalip.io
17	i0.wp.com	blog.criminalip.io
8	s0.wp.com	blog.criminalip.io jetpack.wordpress.com s0.wp.com
4	secure.gravatar.com	blog.criminalip.io secure.gravatar.com
3	0.gravatar.com	jetpack.wordpress.com 0.gravatar.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	pixel.wp.com	blog.criminalip.io
2	www.googletagmanager.com	blog.criminalip.io www.googletagmanager.com
1	1.gravatar.com	jetpack.wordpress.com
1	region1.google-analytics.com	www.googletagmanager.com
1	jetpack.wordpress.com	blog.criminalip.io
1	stats.wp.com	blog.criminalip.io
1	js.hs-scripts.com	blog.criminalip.io
61	13

This site contains links to these domains. Also see Links.

Domain
www.criminalip.io
i0.wp.com
msrc-blog.microsoft.com
www.microsoft.com
www.gteltsc.vn
www.facebook.com
twitter.com
reddit.com
www.linkedin.com
www.tumblr.com
pinterest.com
vk.com
cert.bournemouth.ac.uk
websitecyber.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2022-11-04` - `2023-02-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-23` - `2023-11-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-21` - `2023-11-21`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Frame ID: 1FE15A500AF8B706472010ADBB3DA795
Requests: 45 HTTP requests in this frame

Frame: https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/
Frame ID: 89552D47F96B6033FF9CD4B98224EFAA
Requests: 8 HTTP requests in this frame

Frame: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Frame ID: 8A2626C4198C125F09FBA0891558E119
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Detecting MS Exchange Zero-day Vulnerabilities with Security OSINT Tools | CIP Blog

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

61
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

13
Subdomains

11
IPs

3
Countries

1535 kB
Transfer

4575 kB
Size

5
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.criminalip.io/
Title: Go to Criminal IP

Search URL Search Domain Scan URL

URL: https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/search_tip_1014.png?fit=1093%2C620&ssl=1
Title: View Larger Image

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Title: new vulnerabilities discovered in Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019

Search URL Search Domain Scan URL

URL: https://www.criminalip.io/asset/search?query=cve_id:CVE-2022-41082
Title: CVE-2022-41082

Search URL Search Domain Scan URL

URL: https://www.criminalip.io/asset/search?query=cve_id:CVE-2022-41040
Title: CVE-2022-41040

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
Title: Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

Search URL Search Domain Scan URL

URL: https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
Title: GTSC, a Vietnamese cybersecurity company

Search URL Search Domain Scan URL

URL: https://www.criminalip.io)/
Title: https://www.criminalip.io)

Search URL Search Domain Scan URL

URL: https://www.criminalip.io/asset/search?query=cve_id:%20cve-2022-41082
Title: CVE-2022-41082 vulnerabilities

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&t=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&text=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools
Title: Twitter

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/&title=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&title=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools&summary=On%20September%2030%2C%202022%2C%20Microsoft%20announced%20the%20results%20of%20the%20MS%20Exchange%20Zero%20Day%20vulnerability.%20This%20was%20due%20to%20the%20new%20vulnerabilities%20discovered%20in%20Microsoft%20Exchange%20Server%202013%2C%20Exchange%20Server%202016%2C%20and%20Exchange%20Server%202019.This%20article%20discusses%20ho
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&name=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools&description=On%20September%2030%2C%202022%2C%20Microsoft%20announced%20the%20results%20of%20the%20MS%20Exchange%20Zero%20Day%20vulnerability.%20This%20was%20due%20to%20the%20new%20vulnerabilities%20discovered%20in%20Microsoft%20Exchange%20Server%202013%2C%20Exchange%20Server%202016%2C%20and%20Exchange%20Server%202019.This%20article%20discusses%20how%20to%20use%20the%20Security%20OSINT%20tools%20to%20find%20servers%20with
Title: Tumblr

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&description=On%20September%2030%2C%202022%2C%20Microsoft%20announced%20the%20results%20of%20the%20MS%20Exchange%20Zero%20Day%20vulnerability.%20This%20was%20due%20to%20the%20new%20vulnerabilities%20discovered%20in%20Microsoft%20Exchange%20Server%202013%2C%20Exchange%20Server%202016%2C%20and%20Exchange%20Server%202019.This%20article%20discusses%20how%20to%20use%20the%20Security%20OSINT%20tools%20to%20find%20servers%20with&media=https%3A%2F%2Fi0.wp.com%2Fblog.criminalip.io%2Fwp-content%2Fuploads%2F2022%2F10%2Fsearch_tip_1014.png%3Ffit%3D1093%252C620%26ssl%3D1
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://vk.com/share.php?url=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&title=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools&description=On%20September%2030%2C%202022%2C%20Microsoft%20announced%20the%20results%20of%20the%20MS%20Exchange%20Zero%20Day%20vulnerability.%20This%20was%20due%20to%20the%20new%20vulnerabilities%20discovered%20in%20Microsoft%20Exchange%20Server%202013%2C%20Exchange%20Server%202016%2C%20and%20Exchange%20Server%202019.This%20article%20discusses%20how%20to%20use%20the%20Security%20OSINT%20tools%20to%20find%20servers%20with
Title: Vk

Search URL Search Domain Scan URL

URL: https://cert.bournemouth.ac.uk/government-servers-hacked-by-the-unseen-cryptojackers/

Search URL Search Domain Scan URL

URL: https://websitecyber.com/criminal-ip-threat-intelligence-reports/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/aispera

Search URL Search Domain Scan URL

URL: https://twitter.com/AISpera_JP

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/aispera

Search URL Search Domain Scan URL

URL: https://twitter.com/aispera
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/aispera/
Title: LinkedIn

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/ 150 KB
29 KB 948ms
899ms Document
text/html 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7627a0b6148e963e7011ae47a30ef3724df0a09086cdbb8b765956dc61536996

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 06 Nov 2022 23:35:19 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: WordPress.com
link: <https://wp.me/pcVAvW-2lb>; rel=shortlink
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 1.hhn _atomic_ams BYPASS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-pingback: https://blog.criminalip.io/xmlrpc.php

GET
H2 200 /
blog.criminalip.io/_static/ 2 MB
239 KB 276ms
276ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/_static/??-eJyNUkluwzAM/FBVWQiyHYpeCvQBfUCghbGV0KJgSk3z+8qOUyRptoMBjcQZzpDeRWEpJAhJRsy1DyxR7yknUXfeSU57hFfL/LKLwgeL2QHLDcsWnNeA0PbMUxALHTqBUGu7f219eMgub6f4lHNpzZJBsluWznM6mBPHO6H+dSpYWtTM3orUFHW+Jt5mcdTfRUstN/IbgqNO6pyo1Sl5KxP8pINNsfOuhiSG7oce401fc8u5MSxARIo5DpSCRyiuz7gvGlIWR5FC0eJxG8/M50/mA2LJAsH6Aj7pQzu3l18H6yZ7dGXdCfim7w2kqO1WtuRyz0G/BT7/LS4pSRuE2AGPIWCtM95da+PrBsuXfKjLowMxxBgN9iKNNau7TR9LWELqyutqKLvUyRFJO5brzJ7CcbnrtZpMjZ0s1GypF2axmLklaKWVqaZVNVH3Ql1OjhvdgRvm3x+Lk0fMVdmiZLJeo0Cqic/AM7373OO5L31v39RsNp/Pq0qpX0YGgSc=

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

167f65b46306576dc359e96e376fb800681654f0c03d7c475bade35e0f0efff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sun, 06 Nov 2022 21:26:51 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"1d03d1f2025228ad6a4d4699e8e76a3b"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 style.min.css
blog.criminalip.io/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/ 202 B
353 B 107ms
107ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ee14e1c34ca92b9c270bf567a0bb381f83c6151be2020a948547c3e9de2e9cd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams BYPASS
last-modified: Tue, 27 Sep 2022 17:46:23 GMT
server: nginx
etag: "633336ef-ca"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 202
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 videopress-token-bridge.js Show response
blog.criminalip.io/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/lib/ 715 B
455 B 107ms
107ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/lib/videopress-token-bridge.js?ver=0.6.5

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

35f3b38f42ed9ecf32c120ef441a4d4617f948bd7c95b4160181bc5ea0f4103c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 23 Aug 2022 16:08:48 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
etag: W/"6304fb90-2cb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
blog.criminalip.io/wp-includes/js/jquery/ 88 KB
31 KB 114ms
114ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
etag: W/"632879b8-15e54"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
blog.criminalip.io/_static/ 488 KB
145 KB 148ms
147ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/_static/??-eJx9jl0KwjAQhC/kdtFqoA/iWZp0KVvys2YTi7c3Sl4tDAwD8zGzC3B0vi6kuDU9K+V3Nwi85rnQEDgOm552AZdioVhQfF05KlqrQCBJqnzxFntqzRDSPyzTSz0vlFGq9exwVqXye5BtScnrweYRrKaDj3A/m9v1MpppnD5nRlWm

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5aa1bcb04fed9d8fab2ca9f1d3c3fc3d75895c9b34cc520f9e1569959611b89c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 03 Jun 2022 06:15:39 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"9100fc17b8fc03b67a7a76db906aacb1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 149ms
55ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-C04Q69H9KS

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f3fdb59a60b44629da9dc2038b7a6a997f81d8305603ae9851f40fb6bb0ec6c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77955
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Nov 2022 23:35:19 GMT

GET
H2 200 logo.png
blog.criminalip.io/wp-content/uploads/2022/05/ 1 KB
1 KB 112ms
108ms Image
image/png 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.criminalip.io/wp-content/uploads/2022/05/logo.png

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4fa3b4a5e9667c74b4dc68573c9ca9d44fc192d6a1148a81808d2ad28e358b3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams BYPASS
last-modified: Wed, 25 May 2022 07:21:29 GMT
server: nginx
etag: "628dd8f9-575"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 1397
expires: Sun, 13 Nov 2022 23:35:19 GMT

GET
H2 200 blog_bn-1.png
blog.criminalip.io/wp-content/uploads/2022/05/ 2 KB
3 KB 113ms
109ms Image
image/png 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.criminalip.io/wp-content/uploads/2022/05/blog_bn-1.png

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

980d0a141c6494a366b4cc502a9d7e277915ea290e715c907eedf1011013a96a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams BYPASS
last-modified: Wed, 25 May 2022 07:22:33 GMT
server: nginx
etag: "628dd939-9d9"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 2521
expires: Sun, 13 Nov 2022 23:35:19 GMT

GET
H2 200 search_tip_1014.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 145 KB
146 KB 40ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/search_tip_1014.png?fit=1093%2C620&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

521684e147e76e0972eb998b2be7a1bbb2a41961fa325cf9539afb1d9b67b911

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 08:55:21 GMT
server: nginx
etag: "b66da0f9941b1a1e"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/search_tip_1014.png>; rel="canonical"
content-length: 148668
expires: Sun, 13 Oct 2024 20:55:21 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_1.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 7 KB
8 KB 39ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_1.png?resize=800%2C317&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

d43660e535e5354a7f36750ded6f7d7c926c806678bac6cd2fb140626757d481

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 11:30:29 GMT
server: nginx
etag: "1c88a3da224612c3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_1.png>; rel="canonical"
content-length: 7608
expires: Sun, 13 Oct 2024 23:30:29 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_2.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 22 KB
22 KB 42ms
10ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_2.png?resize=800%2C397&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a8b840e8f531911d0f57ea998c32597529de9da5041cbc9dfd71eedf8c851877

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 11:30:29 GMT
server: nginx
etag: "d1ec1e8915ea9ce3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_2.png>; rel="canonical"
content-length: 22770
expires: Sun, 13 Oct 2024 23:30:29 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_3.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 58 KB
58 KB 41ms
10ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_3.png?resize=800%2C353&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

265b1e4aa2bded593ccc4cee7e39b67c25a6ef27104d803b4e8ab25d8cd09d42

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 11:30:41 GMT
server: nginx
etag: "630a7516ec2eb534"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_3.png>; rel="canonical"
content-length: 59070
expires: Sun, 13 Oct 2024 23:30:41 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_4.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 65 KB
65 KB 41ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_4.png?resize=800%2C551&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b63d0fbd78e10b153027ac19dce1922479e3b8ae8d062fe4cbdbebd37f021dd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 11:30:29 GMT
server: nginx
etag: "2cf7cf1b1a9aba36"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_4.png>; rel="canonical"
content-length: 66334
expires: Sun, 13 Oct 2024 23:30:29 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_5.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 7 KB
8 KB 42ms
11ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_5.png?fit=419%2C428&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

230b0564deba2dd32bb7baa00743a2779a8584a65d52c209e0bf1f477c0e2c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 17:00:27 GMT
server: nginx
etag: "a90b81b293f56b60"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_5.png>; rel="canonical"
content-length: 7548
expires: Mon, 14 Oct 2024 05:00:27 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_6.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 28 KB
28 KB 20ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_6.png?resize=800%2C400&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e486a47ef5f19f869314d50481b5f4df719bb5f516de0e89c4f341333c4f70ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 11:30:29 GMT
server: nginx
etag: "6eb295445fe593f2"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_6.png>; rel="canonical"
content-length: 28746
expires: Sun, 13 Oct 2024 23:30:29 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_7.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 56 KB
56 KB 20ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_7.png?resize=800%2C573&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

f4d76bc26b771a281c3f323822add16afedb4b60a1a0669689f78354250f6adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 17:00:28 GMT
server: nginx
etag: "e807188c1952246f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_7.png>; rel="canonical"
content-length: 57176
expires: Mon, 14 Oct 2024 05:00:28 GMT

GET
H2 200 MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_8.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 48 KB
48 KB 21ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_8.png?resize=800%2C316&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

24e72dd93b8210dff7475896b2f8994560ff8fae4535d526f6d74ae743fbac89

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Oct 2022 11:30:29 GMT
server: nginx
etag: "001c6a3b775da076"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/MS-Exchange-%EC%A0%9C%EB%A1%9C%EB%8D%B0%EC%9D%B4-%EC%B7%A8%EC%95%BD%EC%A0%90_8.png>; rel="canonical"
content-length: 49342
expires: Sun, 13 Oct 2024 23:30:29 GMT

GET
H2 200 4834575322dba4509f57b68ea7871f0b
secure.gravatar.com/avatar/ 3 KB
3 KB 9ms
6ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/4834575322dba4509f57b68ea7871f0b?s=72&d=mm&r=g
Requested by: Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: bec0a832bedf990b6f0ac07a0c830bd223ea5bc9c2a6cd1900acf351baacb0fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
last-modified: Mon, 17 Jan 2022 07:20:55 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="4834575322dba4509f57b68ea7871f0b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/4834575322dba4509f57b68ea7871f0b?s=72&d=mm&r=g>; rel="canonical"
content-length: 2731
expires: Sun, 06 Nov 2022 23:40:19 GMT

GET
H2 200 CIP_blacklist_11%E1%84%8B%E1%85%AF%E1%86%AF1%E1%84%8C%E1%85%AE%E1%84%8E%E1%85%A1_%E1%84%8B%E1%85%A7%E1%86%BC%E1%84%86%E1%85%AE%E1%86%AB.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/11/ 29 KB
29 KB 21ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/11/CIP_blacklist_11%E1%84%8B%E1%85%AF%E1%86%AF1%E1%84%8C%E1%85%AE%E1%84%8E%E1%85%A1_%E1%84%8B%E1%85%A7%E1%86%BC%E1%84%86%E1%85%AE%E1%86%AB.png?resize=300%2C170&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

791ed5c179842d65a59128888dbf934e35e20ec748428802c46599d8fe589c17

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Nov 2022 12:17:19 GMT
server: nginx
etag: "fe371203f8de9b0b"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/11/CIP_blacklist_11%E1%84%8B%E1%85%AF%E1%86%AF1%E1%84%8C%E1%85%AE%E1%84%8E%E1%85%A1_%E1%84%8B%E1%85%A7%E1%86%BC%E1%84%86%E1%85%AE%E1%86%AB.png>; rel="canonical"
content-length: 29534
expires: Fri, 01 Nov 2024 00:17:19 GMT

GET
H2 200 %EB%8B%A4%ED%81%AC%EC%9B%B9-%EC%A0%91%EC%86%8D-%EB%B0%A9%EB%B2%95.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 41 KB
41 KB 21ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/%EB%8B%A4%ED%81%AC%EC%9B%B9-%EC%A0%91%EC%86%8D-%EB%B0%A9%EB%B2%95.png?resize=300%2C170&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7af791f8a68f38e40485c31dcfb96d31bd0bf2a3b6a23a12d07956669ee20ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Oct 2022 05:50:15 GMT
server: nginx
etag: "5da6d870fb10997a"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/%EB%8B%A4%ED%81%AC%EC%9B%B9-%EC%A0%91%EC%86%8D-%EB%B0%A9%EB%B2%95.png>; rel="canonical"
content-length: 42010
expires: Sun, 27 Oct 2024 17:50:15 GMT

GET
H2 200 CIP_blacklist_10%EC%9B%944%EC%A3%BC%EC%B0%A8_%EC%98%81%EB%AC%B8.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 29 KB
29 KB 22ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/CIP_blacklist_10%EC%9B%944%EC%A3%BC%EC%B0%A8_%EC%98%81%EB%AC%B8.png?resize=300%2C170&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

75ba69348abe303d2a523630cb7ffac1b0b71eb69674166b469b272edd98ab51

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Oct 2022 07:26:27 GMT
server: nginx
etag: "aef2708bec50d8fe"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/CIP_blacklist_10%EC%9B%944%EC%A3%BC%EC%B0%A8_%EC%98%81%EB%AC%B8.png>; rel="canonical"
content-length: 29456
expires: Thu, 24 Oct 2024 19:26:27 GMT

GET
H2 200 search_tip_1021.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 26 KB
26 KB 22ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/search_tip_1021.png?resize=300%2C170&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

af95791fd7c0a8f99de5521d249f4409d82d10b543e694f0f3ae121c543decb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Oct 2022 08:21:23 GMT
server: nginx
etag: "a576b35ad6ce1345"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/search_tip_1021.png>; rel="canonical"
content-length: 26518
expires: Sun, 20 Oct 2024 20:21:23 GMT

GET
H2 200 CIP_blacklist_10%E1%84%8B%E1%85%AF%E1%86%AF3%E1%84%8C%E1%85%AE%E1%84%8E%E1%85%A1_%E1%84%8B%E1%85%A7%E1%86%BC%E1%84%86%E1%85%AE%E1%86%AB.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 29 KB
29 KB 23ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/CIP_blacklist_10%E1%84%8B%E1%85%AF%E1%86%AF3%E1%84%8C%E1%85%AE%E1%84%8E%E1%85%A1_%E1%84%8B%E1%85%A7%E1%86%BC%E1%84%86%E1%85%AE%E1%86%AB.png?resize=300%2C170&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4af50e69104475c18e57e4bcb4d76d25e859b90524d96603fe925e3b394463f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 Oct 2022 07:04:57 GMT
server: nginx
etag: "a48ab8efbb842631"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/CIP_blacklist_10%E1%84%8B%E1%85%AF%E1%86%AF3%E1%84%8C%E1%85%AE%E1%84%8E%E1%85%A1_%E1%84%8B%E1%85%A7%E1%86%BC%E1%84%86%E1%85%AE%E1%86%AB.png>; rel="canonical"
content-length: 29524
expires: Fri, 18 Oct 2024 19:04:57 GMT

GET
H2 200 CIP_blacklist_10%EC%9B%942%EC%A3%BC%EC%B0%A8_%EC%98%81%EB%AC%B8.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/ 29 KB
29 KB 23ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/10/CIP_blacklist_10%EC%9B%942%EC%A3%BC%EC%B0%A8_%EC%98%81%EB%AC%B8.png?resize=300%2C170&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

38228e483ace1fda02b7235b11de4a9bdf8c375bc20841bab66f602e633ff536

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Oct 2022 06:27:20 GMT
server: nginx
etag: "b5f525b74f817ff4"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/10/CIP_blacklist_10%EC%9B%942%EC%A3%BC%EC%B0%A8_%EC%98%81%EB%AC%B8.png>; rel="canonical"
content-length: 29532
expires: Fri, 11 Oct 2024 18:27:20 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 7 KB
3 KB 41ms
7ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202244
Requested by: Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e9885e4aea54f587ccabce165b42e0b3cd097030a72d4153b6eff6362d4f9bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:19 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
etag: W/"63443f58-1a42"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 31 Oct 2023 00:00:00 GMT

GET
H2 200 /
blog.criminalip.io/_static/ 129 KB
20 KB 119ms
119ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/_static/??-eJyVjUsKwzAMRC9UV6QQp5vSs/gjilJZNpaNye2TQHOAbmfemxnFhCwNpUHh/iFRWLEVF76QcuyMCsHV3BUZdFDBanyXyHgPqrfxh/0rzBVcAySBezxJVYikDTzng2Py1dUNtG3HWyI5hXd6Tdba5THPz2kH9xVGwg==

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

66b13a344f82ebc4507599e4af11ceb6b24c6b772ec3c6a73e809338a10be5c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 25 Oct 2022 19:19:41 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"c0cd5e13e792ae56e6461bd97ed1e365"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 / Show response
blog.criminalip.io/_static/ 20 KB
7 KB 114ms
113ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/_static/??-eJyVzV0KwjAQBOALmaaiVl/Eo0j+TLdNdtNmQ/X2RqggvhUWBob52CUJQ8gOWaZQPGCWg+OkzCjvgEbqAsHK1BMTrtFEwGbIuyWJugjFumrqTcXNrzWaB83xZ/j/w5AOZMYsLWT+6G8hFEJUDLRdBvA9a3puhr4WFd3idd915+Pl1B7aNwFaaYA=

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5a910b497038ac02a90713c76625397a21161b3c76210d4310d124b91ab27c0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 03 Nov 2022 14:17:10 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"bd73c5908f151d22919570de9368a7c0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 404 19623735.js
js.hs-scripts.com/ 0
0 171ms
128ms Script
application/json 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/19623735.js?integration=WordPress&ver=9.0.338
Requested by: Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 23 KB
7 KB 29ms
6ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202244
Requested by: Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a72c573becfb1e8529cc987d0508245574afed28a710b3ca816d0f52028c66d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
content-encoding: br
last-modified: Thu, 15 Sep 2022 11:48:47 GMT
server: nginx
etag: W/"6323111f-5deb"
content-type: application/javascript
cache-control: max-age=604800
expires: Sun, 13 Nov 2022 23:35:19 GMT

GET
H2 200 / Show response
blog.criminalip.io/_static/ 458 KB
124 KB 137ms
132ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/_static/??-eJytV9tu2zAM/aEpwQa02x6GYS97LtAPKGSZsZhIpirKcb2vH+3EQ+d2WisbSALYEo+OyMNL+qAMtQnatA+ua7Dl/RFS0Oa091R3DnjfhyaSpd2RP/RBYWtcV8vrI+8NeS+WKkJww85j+9oeh6EiHetn68sTLTbWyTdh28hiDapyJAw0M6QJJURk/07rqkNXj8bWVA9sIob0Cj95BF9Bjt7skAexu6IaHaljcPOaml9kYPRJ7gDpAnN9UIc47aoXNsmCF34/zrrW+z90HVazT+SYkb28iToOY6wgtvgr/uPsQ8dIrZrIQ3zm2BGngRaidvMmQ67zsrdR6HUDK5kZ5k4XYvxNbCWRiihxijrs5KdlTJtCErmEYSXe8bGDOOwmLf2MUN+LnjZBBM2SHNtgHTCdseaNwBw8sUPR5DZ4OBWCip62gfNjTvcWtopDcNqAJbfZfRN1xt73GErTdJH78NhppyyMXlwb4iukiAVIXc/ZhuXKIC/Q1uXuAoytjmMf2kyCnNCcBnXCtBLvjB7ozukhr73Xb6fHtTmI6iB1rxxFJNYmTEOpvYnEfNDS56f+lJVpDke6NZisV3PWSVeseqwbKIbog88mRM42wllxGlz59R2eQXygo7HFkbjMf6WFYpE62kEsFfkCanVbWY5E83RX6Kg6UlA19dmBI6s2kk+2ROWsLej/uCJnLSHuinNMYlDp+A6RvpytZHQn5zgUF4w3AbxdDBE4kAyQkj5pCNQIR7sR9IXpGG3dGksbqXcu242j6kULLvmHMLV0wfnuv328vf18c/P15tOX31JhaFY=

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

abf3baed5d5320ecc04a54d8b7d3c5a21d37db474a926053de12682ebaa7a48b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 04 Nov 2022 10:58:48 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
x-page-optimize: uncached
etag: W/"fddb080aa3e13de0bebd9f5e6fd72bea"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 sharing.min.js Show response
blog.criminalip.io/wp-content/plugins/jetpack/_inc/build/sharedaddy/ 8 KB
3 KB 111ms
107ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=11.6-a.1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9eff412c1198930f1d219490894e17733ccd8b992e9ddb7546971f783c00431e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 31 May 2022 10:02:50 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
etag: W/"6295e7ca-2145"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202244.js Show response
stats.wp.com/ 9 KB
3 KB 36ms
2ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202244.js
Requested by: Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sun, 06 Nov 2022 23:35:19 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sat, 21 Oct 2023 06:38:30 GMT

GET
H2 200 va9E4kDNxMZdWfMOD5Vvl4jL.woff2
blog.criminalip.io/wp-content/uploads/fusion-gfonts/ 22 KB
22 KB 130ms
130ms Font
application/font-woff2 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/uploads/fusion-gfonts/va9E4kDNxMZdWfMOD5Vvl4jL.woff2

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/_static/??-eJyNUkluwzAM/FBVWQiyHYpeCvQBfUCghbGV0KJgSk3z+8qOUyRptoMBjcQZzpDeRWEpJAhJRsy1DyxR7yknUXfeSU57hFfL/LKLwgeL2QHLDcsWnNeA0PbMUxALHTqBUGu7f219eMgub6f4lHNpzZJBsluWznM6mBPHO6H+dSpYWtTM3orUFHW+Jt5mcdTfRUstN/IbgqNO6pyo1Sl5KxP8pINNsfOuhiSG7oce401fc8u5MSxARIo5DpSCRyiuz7gvGlIWR5FC0eJxG8/M50/mA2LJAsH6Aj7pQzu3l18H6yZ7dGXdCfim7w2kqO1WtuRyz0G/BT7/LS4pSRuE2AGPIWCtM95da+PrBsuXfKjLowMxxBgN9iKNNau7TR9LWELqyutqKLvUyRFJO5brzJ7CcbnrtZpMjZ0s1GypF2axmLklaKWVqaZVNVH3Ql1OjhvdgRvm3x+Lk0fMVdmiZLJeo0Cqic/AM7373OO5L31v39RsNp/Pq0qpX0YGgSc=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.criminalip.io/_static/??-eJyNUkluwzAM/FBVWQiyHYpeCvQBfUCghbGV0KJgSk3z+8qOUyRptoMBjcQZzpDeRWEpJAhJRsy1DyxR7yknUXfeSU57hFfL/LKLwgeL2QHLDcsWnNeA0PbMUxALHTqBUGu7f219eMgub6f4lHNpzZJBsluWznM6mBPHO6H+dSpYWtTM3orUFHW+Jt5mcdTfRUstN/IbgqNO6pyo1Sl5KxP8pINNsfOuhiSG7oce401fc8u5MSxARIo5DpSCRyiuz7gvGlIWR5FC0eJxG8/M50/mA2LJAsH6Aj7pQzu3l18H6yZ7dGXdCfim7w2kqO1WtuRyz0G/BT7/LS4pSRuE2AGPIWCtM95da+PrBsuXfKjLowMxxBgN9iKNNau7TR9LWELqyutqKLvUyRFJO5brzJ7CcbnrtZpMjZ0s1GypF2axmLklaKWVqaZVNVH3Ql1OjhvdgRvm3x+Lk0fMVdmiZLJeo0Cqic/AM7373OO5L31v39RsNp/Pq0qpX0YGgSc=
Origin: https://blog.criminalip.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams BYPASS
last-modified: Fri, 04 Nov 2022 11:09:54 GMT
server: nginx
etag: "6364f302-5840"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 22592
expires: Sun, 13 Nov 2022 23:35:19 GMT

GET
H2 200 awb-icons.woff
blog.criminalip.io/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/ 20 KB
20 KB 114ms
111ms Font
application/font-woff 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

370c8c8b69b06cb4193000e87c36d9efb2d55dcf1ef270cdea0ecc47d1aa3a61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.criminalip.io/_static/??-eJyNUkluwzAM/FBVWQiyHYpeCvQBfUCghbGV0KJgSk3z+8qOUyRptoMBjcQZzpDeRWEpJAhJRsy1DyxR7yknUXfeSU57hFfL/LKLwgeL2QHLDcsWnNeA0PbMUxALHTqBUGu7f219eMgub6f4lHNpzZJBsluWznM6mBPHO6H+dSpYWtTM3orUFHW+Jt5mcdTfRUstN/IbgqNO6pyo1Sl5KxP8pINNsfOuhiSG7oce401fc8u5MSxARIo5DpSCRyiuz7gvGlIWR5FC0eJxG8/M50/mA2LJAsH6Aj7pQzu3l18H6yZ7dGXdCfim7w2kqO1WtuRyz0G/BT7/LS4pSRuE2AGPIWCtM95da+PrBsuXfKjLowMxxBgN9iKNNau7TR9LWELqyutqKLvUyRFJO5brzJ7CcbnrtZpMjZ0s1GypF2axmLklaKWVqaZVNVH3Ql1OjhvdgRvm3x+Lk0fMVdmiZLJeo0Cqic/AM7373OO5L31v39RsNp/Pq0qpX0YGgSc=
Origin: https://blog.criminalip.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams BYPASS
last-modified: Fri, 04 Nov 2022 10:58:48 GMT
server: nginx
etag: "6364f068-4f70"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 20336
expires: Sun, 13 Nov 2022 23:35:19 GMT

GET
H2 200 flUhRqu5zY00QEpyWJYWN58AfvNeKBM.woff2
blog.criminalip.io/wp-content/uploads/fusion-gfonts/ 16 KB
16 KB 159ms
157ms Font
application/font-woff2 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/uploads/fusion-gfonts/flUhRqu5zY00QEpyWJYWN58AfvNeKBM.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ac18987cef2dfbd1ea55976ac083ef9337f34a08f63f7f41be13ce60b45ca9e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.criminalip.io/_static/??-eJyNUkluwzAM/FBVWQiyHYpeCvQBfUCghbGV0KJgSk3z+8qOUyRptoMBjcQZzpDeRWEpJAhJRsy1DyxR7yknUXfeSU57hFfL/LKLwgeL2QHLDcsWnNeA0PbMUxALHTqBUGu7f219eMgub6f4lHNpzZJBsluWznM6mBPHO6H+dSpYWtTM3orUFHW+Jt5mcdTfRUstN/IbgqNO6pyo1Sl5KxP8pINNsfOuhiSG7oce401fc8u5MSxARIo5DpSCRyiuz7gvGlIWR5FC0eJxG8/M50/mA2LJAsH6Aj7pQzu3l18H6yZ7dGXdCfim7w2kqO1WtuRyz0G/BT7/LS4pSRuE2AGPIWCtM95da+PrBsuXfKjLowMxxBgN9iKNNau7TR9LWELqyutqKLvUyRFJO5brzJ7CcbnrtZpMjZ0s1GypF2axmLklaKWVqaZVNVH3Ql1OjhvdgRvm3x+Lk0fMVdmiZLJeo0Cqic/AM7373OO5L31v39RsNp/Pq0qpX0YGgSc=
Origin: https://blog.criminalip.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams BYPASS
last-modified: Fri, 04 Nov 2022 11:09:55 GMT
server: nginx
etag: "6364f303-4168"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 16744
expires: Sun, 13 Nov 2022 23:35:19 GMT

GET
H2 200 / Show response
blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/ Frame 8955 22 KB
7 KB 713ms
712ms Document
text/html 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

226181629978fc2c626c9cd276d378aa39ad06b56e0109b56006462b26e7bdc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 06 Nov 2022 23:35:20 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: WordPress.com
last-modified: Sun, 06 Nov 2022 23:35:20 GMT
link: <https://wp.me/pcVAvW-1eL>; rel=shortlink
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 1.hhn _atomic_ams BYPASS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-nananana: Batcache-Set
x-pingback: https://blog.criminalip.io/xmlrpc.php
x-wp-embed: true

GET
H2 200 / Show response
jetpack.wordpress.com/jetpack-comment/ Frame 8A26 26 KB
8 KB 290ms
269ms Document
text/html 192.0.78.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6fdbd5aaf5237daf81b6414a825bf130b68225d63b5424606283d53e44456269

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://blog.criminalip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 06 Nov 2022 23:35:20 GMT
host-header: WordPress.com
server: nginx
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-ac: 2.hhn _dfw BYPASS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://blog.criminalip.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 g.gif
pixel.wp.com/ 50 B
116 B 12ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=191041092&post=9001&tz=9&srv=blog.criminalip.io&hp=atomic&ac=2&amp=0&j=1%3A11.6-a.1&host=blog.criminalip.io&ref=&fcp=1456&rand=0.7543684662759564
Requested by: Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/10/14/ms-exchange-zero-day-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 06 Nov 2022 23:35:20 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 hovercard.min.css
secure.gravatar.com/dist/css/ 8 KB
2 KB 6ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202244
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202244
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Sun, 13 Nov 2022 23:35:20 GMT

GET
H2 200 services.min.css
secure.gravatar.com/dist/css/ 3 KB
582 B 7ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/services.min.css?ver=202244
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202244
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Sun, 13 Nov 2022 23:35:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-187116226-2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C04Q69H9KS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b9d82b4e186505bdff7d863742ae6c3751bd48aeba248666ed2d9546973214b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43673
x-xss-protection: 0
last-modified: Sun, 06 Nov 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 06 Nov 2022 23:35:20 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
349 B 111ms
39ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-C04Q69H9KS&gtm=2oeb20&_p=2089228208&cid=1167868040.1667777720&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1667777720&sct=1&seg=0&dl=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&dt=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools%20%7C%20CIP%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C04Q69H9KS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Nov 2022 23:35:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.criminalip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 8A26 19 KB
4 KB 20ms
7ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
x-ac: 2.hhn _dfw
last-modified: Tue, 23 Nov 2021 21:55:38 GMT
server: nginx
etag: W/"619d635a-4b6b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 23 Nov 2022 21:55:42 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ Frame 8A26 15 KB
3 KB 19ms
6ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1663315160h&cssminify=yes
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 8e657c0ef1763965fb05ff2d31c111675fc2869e3b32b2cb09ba9a0dacc34c76

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
x-ac: 2.hhn _dfw
server: nginx
etag: W/"63242ce6-45a9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 16 Sep 2023 07:59:40 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ Frame 8A26 439 B
628 B 13ms
7ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: d3ddd29db765914b449b4573e5a3c24e1982838d9f55befd894cb73333f8149a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 06 Nov 2022 23:35:20 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="ad516503a11cd5ca435acc9bb6523536.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25>; rel="canonical"
content-length: 439
expires: Sun, 06 Nov 2022 23:40:20 GMT

GET
H2 200 gprofiles.js Show response
0.gravatar.com/js/ Frame 8A26 23 KB
7 KB 12ms
6ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/gprofiles.js?ver=202244z
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a72c573becfb1e8529cc987d0508245574afed28a710b3ca816d0f52028c66d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
last-modified: Thu, 15 Sep 2022 11:48:47 GMT
server: nginx
etag: W/"6323111f-5deb"
content-type: application/javascript
cache-control: max-age=604800
expires: Sun, 13 Nov 2022 23:35:20 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ Frame 8A26 868 B
452 B 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240h
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
x-ac: 2.hhn _dfw
server: nginx
etag: W/"5ffc31a9-465"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 8A26 41 KB
11 KB 7ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
x-ac: 2.hhn _dfw
last-modified: Wed, 14 Sep 2022 07:43:47 GMT
server: nginx
etag: W/"63218633-a4f5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:43:50 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 8A26 30 KB
8 KB 9ms
8ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9i0EOwjAMBD+Ea1BFe0I8BZnEgJvYlDhRv0/EgRNiT6PVDG4rhKdVtoraYM3tLuaYJbHjq3HjB1nMXIbFd/hbpqhicKWCSl65dIJaKCT/FyVx5QrjsMeLWPget/KRY2/PejpMfeM0z8flDaXAPmE=
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4a90b6f1b193a43f8fb0876eadfb461f18b0705a73bec227b0c41a5d87ed9230

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Mon, 24 Oct 2022 18:39:41 GMT
server: nginx
etag: W/"6356dbed-785e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 24 Oct 2023 18:39:46 GMT

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ Frame 8A26 18 KB
5 KB 7ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1652185836h&ver=6.1-RC2-54694
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=191041092&postid=9001&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&jetpack_comments_nonce=8b3cdf010d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=11.6-a.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=10aaba38f226f21fc97967f4a49bc76f65d882a6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
etag: W/"627a5af9-48b9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 28 Oct 2023 16:40:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 192ms
38ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-187116226-2&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 06 Nov 2022 23:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1166
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 07 Nov 2022 01:15:54 GMT

GET
H2 200 button-back.gif
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ Frame 8A26 1 KB
1 KB 7ms
6ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1663315160h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1663315160h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
x-ac: 2.hhn _dfw
last-modified: Sat, 31 Dec 2016 05:45:43 GMT
server: nginx
etag: "58674607-4d0"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1232
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 hovercard.min.css
0.gravatar.com/dist/css/ Frame 8A26 8 KB
2 KB 6ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/hovercard.min.css?ver=202244z
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202244z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Sun, 13 Nov 2022 23:35:20 GMT

GET
H2 200 services.min.css
0.gravatar.com/dist/css/ Frame 8A26 3 KB
545 B 6ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/services.min.css?ver=202244z
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202244z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
content-encoding: br
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Sun, 13 Nov 2022 23:35:20 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 124ms
45ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=2089228208&t=pageview&_s=1&dl=https%3A%2F%2Fblog.criminalip.io%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&ul=en-us&de=UTF-8&dt=Detecting%20MS%20Exchange%20Zero-day%20Vulnerabilities%20with%20Security%20OSINT%20Tools%20%7C%20CIP%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=178511682&gjid=754941498&cid=1167868040.1667777720&tid=UA-187116226-2&_gid=838631050.1667777720&_r=1&gtm=2oub20&z=1969252817

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.criminalip.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 06 Nov 2022 23:35:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.criminalip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jetpack.css
blog.criminalip.io/wp-content/plugins/jetpack/css/ Frame 8955 84 KB
16 KB 111ms
110ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-content/plugins/jetpack/css/jetpack.css?m=1666705894

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

96852267480e97e11f1058af3c56a86368b3c6647c2c4de7a69de2a693be9f68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 25 Oct 2022 13:51:34 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
etag: W/"6357e9e6-14f92"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Cyber_security_220607_2.jpg
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/06/ Frame 8955 6 KB
6 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/06/Cyber_security_220607_2.jpg?resize=669%2C272&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

77209fbbc15fc2696fbb8cd1da6a43054ab32e02e3becea0391a58f27131335f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
x-content-type-options: nosniff
last-modified: Sat, 15 Oct 2022 00:00:30 GMT
server: nginx
etag: "679e391479743e64"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/06/Cyber_security_220607_2.jpg>; rel="canonical"
content-length: 6044
expires: Mon, 14 Oct 2024 12:00:30 GMT

GET
H2 200 cropped-favicon-e1642399702921.png
i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/01/ Frame 8955 796 B
982 B 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2022/01/cropped-favicon-e1642399702921.png?fit=32%2C32&ssl=1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

1e53a9d1bed6a4ccbc36bc6e942903f25a1c9f2691c11e07a26e0bd8adeb0b37

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 06 Nov 2022 23:35:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 03:13:02 GMT
server: nginx
etag: "0cf7a4049f2dd8a0"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.criminalip.io/wp-content/uploads/2022/01/cropped-favicon-e1642399702921.png>; rel="canonical"
content-length: 796
expires: Sat, 16 Mar 2024 15:13:02 GMT

GET
H2 200 wp-emoji-release.min.js Show response
blog.criminalip.io/wp-includes/js/ Frame 8955 18 KB
5 KB 109ms
108ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.criminalip.io/wp-includes/js/wp-emoji-release.min.js?ver=6.1

Requested by

Host: blog.criminalip.io
URL: https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/embed/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 23:35:20 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
server: nginx
x-ac: 1.hhn _atomic_ams BYPASS
etag: W/"62551487-48b9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 8955 196 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eab8de27de645e5b26b6cbd48545a6997f72956e40401714a0be09b2e2fa8d58

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ Frame 8955 397 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2021c9a3df6a24f3f9d63a0425d90a2bb24cd97de905abf230f13d4dbc46c147

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ Frame 8955 213 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f83bf22ed091fe689e0c008e1b85aea6c0a191f0d3ba62813def77ef7ce63e01

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 204 boom.gif
pixel.wp.com/ 0
37 B 6ms
6ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.106&largest_contentful_paint=1517&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&rtt=0&downlink=9300&host_name=blog.criminalip.io&url_path=%2F2022%2F10%2F14%2Fms-exchange-zero-day-vulnerability%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=34&nt_connectStart=34&nt_connectEnd=50&nt_secureConnectionStart=39&nt_requestStart=50&nt_responseStart=949&nt_responseEnd=958&nt_domLoading=952&nt_domInteractive=1695&nt_domContentLoadedEventStart=1697&nt_domContentLoadedEventEnd=1709&nt_domComplete=2343&nt_loadEventStart=2343&nt_loadEventEnd=2454&nt_redirectCount=0&nt_api_level=2&start_render=1456&first_contentful_paint=1456&resource_size=3767128&resource_transferred=1290808&js_size=1095127&js_transferred=321882&resource_cache_percent=0&js_cache_percent=0&last_resource_end=2196
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.criminalip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 06 Nov 2022 23:35:22 GMT
cache-control: no-cache
server: nginx

Verdicts & Comments Add Verdict or Comment

174 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blog.criminalip.io/	1969-12-31 23:59:59	Name: PHPSESSID Value: c897397003e62b9f5f6d3c0aeb6f1aab
.criminalip.io/	1970-01-20 16:52:17	Name: _ga_C04Q69H9KS Value: GS1.1.1667777720.1.0.1667777720.0.0.0
.criminalip.io/	1970-01-20 16:52:17	Name: _ga Value: GA1.2.1167868040.1667777720
.criminalip.io/	1970-01-20 07:17:44	Name: _gid Value: GA1.2.838631050.1667777720
.criminalip.io/	1970-01-20 07:16:17	Name: _gat_gtag_UA_187116226_2 Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://js.hs-scripts.com/19623735.js?integration=WordPress&ver=9.0.338 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
blog.criminalip.io
i0.wp.com
jetpack.wordpress.com
js.hs-scripts.com
pixel.wp.com
region1.google-analytics.com
s0.wp.com
secure.gravatar.com
stats.wp.com
www.google-analytics.com
www.googletagmanager.com
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.12
192.0.78.32
2001:4860:4802:34::36
2606:4700::6811:d5cc
2a00:1450:4001:803::2008
2a00:1450:4001:829::200e
2a04:fa87:fffe::c000:4902
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
167f65b46306576dc359e96e376fb800681654f0c03d7c475bade35e0f0efff6
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1a72c573becfb1e8529cc987d0508245574afed28a710b3ca816d0f52028c66d
1e53a9d1bed6a4ccbc36bc6e942903f25a1c9f2691c11e07a26e0bd8adeb0b37
2021c9a3df6a24f3f9d63a0425d90a2bb24cd97de905abf230f13d4dbc46c147
226181629978fc2c626c9cd276d378aa39ad06b56e0109b56006462b26e7bdc9
230b0564deba2dd32bb7baa00743a2779a8584a65d52c209e0bf1f477c0e2c59
24e72dd93b8210dff7475896b2f8994560ff8fae4535d526f6d74ae743fbac89
265b1e4aa2bded593ccc4cee7e39b67c25a6ef27104d803b4e8ab25d8cd09d42
35f3b38f42ed9ecf32c120ef441a4d4617f948bd7c95b4160181bc5ea0f4103c
370c8c8b69b06cb4193000e87c36d9efb2d55dcf1ef270cdea0ecc47d1aa3a61
38228e483ace1fda02b7235b11de4a9bdf8c375bc20841bab66f602e633ff536
4a90b6f1b193a43f8fb0876eadfb461f18b0705a73bec227b0c41a5d87ed9230
4af50e69104475c18e57e4bcb4d76d25e859b90524d96603fe925e3b394463f7
4fa3b4a5e9667c74b4dc68573c9ca9d44fc192d6a1148a81808d2ad28e358b3c
521684e147e76e0972eb998b2be7a1bbb2a41961fa325cf9539afb1d9b67b911
5a910b497038ac02a90713c76625397a21161b3c76210d4310d124b91ab27c0e
5aa1bcb04fed9d8fab2ca9f1d3c3fc3d75895c9b34cc520f9e1569959611b89c
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
66b13a344f82ebc4507599e4af11ceb6b24c6b772ec3c6a73e809338a10be5c3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fdbd5aaf5237daf81b6414a825bf130b68225d63b5424606283d53e44456269
7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b
75ba69348abe303d2a523630cb7ffac1b0b71eb69674166b469b272edd98ab51
7627a0b6148e963e7011ae47a30ef3724df0a09086cdbb8b765956dc61536996
77209fbbc15fc2696fbb8cd1da6a43054ab32e02e3becea0391a58f27131335f
791ed5c179842d65a59128888dbf934e35e20ec748428802c46599d8fe589c17
7af791f8a68f38e40485c31dcfb96d31bd0bf2a3b6a23a12d07956669ee20ae4
822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8e657c0ef1763965fb05ff2d31c111675fc2869e3b32b2cb09ba9a0dacc34c76
96852267480e97e11f1058af3c56a86368b3c6647c2c4de7a69de2a693be9f68
980d0a141c6494a366b4cc502a9d7e277915ea290e715c907eedf1011013a96a
9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087
9eff412c1198930f1d219490894e17733ccd8b992e9ddb7546971f783c00431e
a8b840e8f531911d0f57ea998c32597529de9da5041cbc9dfd71eedf8c851877
abf3baed5d5320ecc04a54d8b7d3c5a21d37db474a926053de12682ebaa7a48b
ac18987cef2dfbd1ea55976ac083ef9337f34a08f63f7f41be13ce60b45ca9e6
af95791fd7c0a8f99de5521d249f4409d82d10b543e694f0f3ae121c543decb5
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b63d0fbd78e10b153027ac19dce1922479e3b8ae8d062fe4cbdbebd37f021dd9
b9d82b4e186505bdff7d863742ae6c3751bd48aeba248666ed2d9546973214b1
bec0a832bedf990b6f0ac07a0c830bd223ea5bc9c2a6cd1900acf351baacb0fd
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d3ddd29db765914b449b4573e5a3c24e1982838d9f55befd894cb73333f8149a
d43660e535e5354a7f36750ded6f7d7c926c806678bac6cd2fb140626757d481
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e486a47ef5f19f869314d50481b5f4df719bb5f516de0e89c4f341333c4f70ca
e9885e4aea54f587ccabce165b42e0b3cd097030a72d4153b6eff6362d4f9bc4
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671
eab8de27de645e5b26b6cbd48545a6997f72956e40401714a0be09b2e2fa8d58
ee14e1c34ca92b9c270bf567a0bb381f83c6151be2020a948547c3e9de2e9cd3
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3fdb59a60b44629da9dc2038b7a6a997f81d8305603ae9851f40fb6bb0ec6c2
f4d76bc26b771a281c3f323822add16afedb4b60a1a0669689f78354250f6adf
f83bf22ed091fe689e0c008e1b85aea6c0a191f0d3ba62813def77ef7ce63e01

blog.criminalip.io Open in urlscan Pro 192.0.78.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

61 Requests

100 %HTTPS

50 %IPv6

7 Domains

13 Subdomains

11 IPs

3 Countries

1535 kBTransfer

4575 kBSize

5 Cookies

23 Outgoing links

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.criminalip.io Open in urlscan Pro
192.0.78.12 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

13
Subdomains

11
IPs

3
Countries

1535 kB
Transfer

4575 kB
Size

5
Cookies

61 HTTP transactions
4 data transactions