therecord.media Open in urlscan Pro
2606:4700::6812:721 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8...
Effective URL:
https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RN...
Submission: On May 18 via api (May 18th 2021, 12:47:14 am UTC) from SG

Summary HTTP 147 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 27 IPs in 4 countries across 22 domains to perform 147 HTTP transactions. The main IP is 2606:4700::6812:721, located in United States and belongs to CLOUDFLARENET, US. The main domain is therecord.media.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 18th 2020. Valid for: a year.

This is the only time therecord.media was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	199.60.103.2 199.60.103.2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
45	2606:4700::68... 2606:4700::6812:721	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
11	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2600:9000:219... 2600:9000:2190:1800:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
2	18.196.53.208 18.196.53.208	16509 (AMAZON-02) (AMAZON-02)
3	23.79.145.42 23.79.145.42	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
7	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	185.33.220.241 185.33.220.241	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:44b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
10	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
3	104.244.43.131 104.244.43.131	54113 (FASTLY) (FASTLY)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
147	27

2 199.60.103.2 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

go.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2606:4700::6812:721 (United States)

ASN13335 (CLOUDFLARENET, US)

therecord.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:1800:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.77.48 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.53.208 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-53-208.eu-central-1.compute.amazonaws.com

recordedfuture.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.79.145.42 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-145-42.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.241 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.43.131 (United States)

ASN54113 (FASTLY, US)

abs-0.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	twitter.com platform.twitter.com syndication.twitter.com analytics.twitter.com	927 KB
45	therecord.media therecord.media	1 MB
13	twimg.com cdn.syndication.twimg.com abs-0.twimg.com pbs.twimg.com	276 KB
7	gstatic.com fonts.gstatic.com	109 KB
4	facebook.com www.facebook.com	526 B
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	2 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	8 KB
3	w.org s.w.org	2 KB
3	matomo.cloud cdn.matomo.cloud recordedfuture.matomo.cloud	55 KB
3	facebook.net connect.facebook.net	169 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	googletagmanager.com www.googletagmanager.com	68 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	recordedfuture.com 1 redirects go.recordedfuture.com	4 KB
1	hubspot.com track.hubspot.com	781 B
1	hs-analytics.net js.hs-analytics.net	19 KB
1	hs-banner.com js.hs-banner.com	15 KB
1	adnxs.com secure.adnxs.com	710 B
1	t.co t.co	454 B
1	gravatar.com secure.gravatar.com	4 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	hs-scripts.com js.hs-scripts.com	882 B
147	22

	Domain	Requested by
45	therecord.media	go.recordedfuture.com therecord.media
42	platform.twitter.com	therecord.media platform.twitter.com
7	pbs.twimg.com	therecord.media platform.twitter.com
7	syndication.twitter.com	platform.twitter.com therecord.media
7	fonts.gstatic.com	fonts.googleapis.com
4	www.facebook.com	therecord.media connect.facebook.net
3	abs-0.twimg.com	therecord.media
3	cdn.syndication.twimg.com	platform.twitter.com
3	s.w.org	therecord.media
3	connect.facebook.net	therecord.media connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	recordedfuture.matomo.cloud	cdn.matomo.cloud
2	px.ads.linkedin.com	2 redirects
2	www.googletagmanager.com	therecord.media
2	fonts.googleapis.com	therecord.media
2	go.recordedfuture.com	1 redirects
1	track.hubspot.com
1	analytics.twitter.com	static.ads-twitter.com
1	b.6sc.co	therecord.media
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	secure.adnxs.com	j.6sc.co
1	c.6sc.co	j.6sc.co
1	t.co	therecord.media
1	j.6sc.co	go.recordedfuture.com
1	secure.gravatar.com	therecord.media
1	cdn.matomo.cloud	therecord.media
1	static.ads-twitter.com	therecord.media
1	px4.ads.linkedin.com	therecord.media
1	www.linkedin.com	1 redirects
1	js.hs-scripts.com	therecord.media
147	31

This site contains links to these domains. Also see Links.

Domain
isc.sans.edu
www.zerodayinitiative.com
blog.talosintelligence.com
msrc.microsoft.com
msrc-blog.microsoft.com
twitter.com
www.linkedin.com
www.instagram.com
recordedfuture.com

Subject Issuer	Validity	Valid
go.recordedfuture.com Cloudflare Inc ECC CA-3	`2020-08-16` - `2021-08-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-18` - `2021-08-18`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
cdn.matomo.cloud Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
*.matomo.cloud R3	`2021-04-12` - `2021-07-11`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Frame ID: 9F35C0C97D609AC236D5B2AA0B23F30A
Requests: 87 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Ftherecord.media
Frame ID: 9C45CC1C717F6633EAB15CD7E95E4DD1
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 5513D4AE3AB5425CC4D7A2F9D3F99969
Requests: 20 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: A6565590C7F1631E68B859953FAD194B
Requests: 16 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 4DC08E546F77E24968E4237A734EF3F3
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53... Page URL
https://go.recordedfuture.com/events/public/v1/track/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V... HTTP 307
https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

147
Requests

100 %
HTTPS

62 %
IPv6

22
Domains

31
Subdomains

27
IPs

4
Countries

2968 kB
Transfer

6860 kB
Size

16
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://isc.sans.edu/diary/rss/27408
Title: security researchers

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/blog/2021/5/11/the-may-2021-security-update-review
Title: security

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2021/05/microsoft-patch-tuesday-for-may-2021.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29
Title: firms

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166
Title: security advisory

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2019/06/14/prevent-the-impact-of-a-linux-worm-by-updating-exim-cve-2019-10149/
Title: In June 2019

Search URL Search Domain Scan URL

URL: https://twitter.com/campuscodi

Search URL Search Domain Scan URL

URL: https://twitter.com/TheRecord_Media

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/the-record-by-recorded-future

Search URL Search Domain Scan URL

URL: https://www.instagram.com/therecord_media/

Search URL Search Domain Scan URL

URL: https://recordedfuture.com/?__hstc=156209188.a227c06026963e85ae8ce280c8932add.1621298818255.1621298818255.1621298818255.1&__hssc=156209188.1.1621298818255&__hsfp=2736934676
Title: Recorded Future

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1 Page URL
https://go.recordedfuture.com/events/public/v1/track/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1?_ud=163aa78e-1d38-4fdf-b6f9-4f4dcee61618&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://px.ads.linkedin.com/collect/?pid=26800&conversionId=3121601&fmt=gif HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D26800%26conversionId%3D3121601%26fmt%3Dgif%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?pid=26800&conversionId=3121601&fmt=gif&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?pid=26800&conversionId=3121601&fmt=gif&liSync=true&e_ipv6=AQJ1JwOT3oC2MAAAAXl88Kp1UqUHamwMMjXmYGApRNT66TL01X-EHcjUyOWta88mIna3g9Td

147 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDb... Show response
go.recordedfuture.com/e2t/tc/ 9 KB
3 KB 201ms
122ms Document
text/html 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99b79d1c94eba72703a1bc2a5b368a25028c6c2a4f2ec0791ff80306238adb95

Request headers

:method: GET
:authority: go.recordedfuture.com
:scheme: https
:path: /e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:55 GMT
content-type: text/html;charset=utf-8
cf-ray: 6511123edce910c5-CPH
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 0a1e89bb46000010c5e7031000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-hubspot-correlation-id: 95316d0c-4195-4d3e-ba33-307e5f61dd4b
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6L%2FmB7ta8le5ZyjryOEbMWc3JmwLCXXlowLodGmPftJcNvM7aZZQNW7P42Q3xXQ%2B7fAzKayxbyXem1C4vOX32REBwZ652%2Fsqf%2F%2BtTaRLP9cr%2F7hvLMs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=9ce5b57e54e41e87ddb66bb119d397a2af4dd3ed-1621298815; path=/; domain=.go.recordedfuture.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request / Show response
therecord.media/poc-released-for-wormable-windows-iis-bug/
Redirect Chain

https://go.recordedfuture.com/events/public/v1/track/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W2...
https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2i...

51 KB
13 KB

851ms
826ms

Document
text/html

2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email

Requested by

Host: go.recordedfuture.com
URL: https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7d1a3faaf917a6aadd36b0bc36005b1d2f76550280fe31b60fe93f8694331cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: therecord.media
:scheme: https
:path: /poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1

Response headers

date: Tue, 18 May 2021 00:46:56 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=600
cf-edge-cache: cache,platform=wordpress
link: <https://therecord.media/wp-json/>; rel="https://api.w.org/" <https://therecord.media/wp-json/wp/v2/posts/4064>; rel="alternate"; type="application/json" <https://therecord.media/?p=4064>; rel=shortlink
set-cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc; path=/; secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-pantheon-styx-hostname: styx-fe2-b-d65d59d6b-568bv
x-styx-req-id: 8be31cf8-b772-11eb-ab43-d22b8ecde9c3
x-served-by: cache-mdw17381-MDW, cache-bwi5063-BWI
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1621298817.544115,VS0,VE254
vary: Accept-Encoding, Cookie, Cookie
age: 0
via: 1.1 varnish, 1.1 varnish
cf-cache-status: DYNAMIC
cf-request-id: 0a1e89bc9f00004edf200be000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65111240ff5b4edf-FRA
content-encoding: gzip

Redirect headers

date: Tue, 18 May 2021 00:46:56 GMT
location: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
cf-ray: 6511123fad4110c5-CPH
link: <https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 0a1e89bbc8000010c5bf886000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-hubspot-correlation-id: 90307230-86c3-4678-97a5-da4efef711c0
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Wo4DjxJGqAzqiTKhjmrUTDmfNHfB2Ry4CV8lTGtOp31JUsLeaRPYEFAcA1G1bj%2B4I5PZfuDz%2Byt68EEVdareEfFOunsPC2F2fSbB76YGMnakjcOOYH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 2 KB
644 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400&display=swap&ver=1621289766

Requested by

Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 23:54:30 GMT
server: ESF
date: Tue, 18 May 2021 00:46:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 May 2021 00:46:56 GMT

GET
H2 200 sbi-styles.min.css
therecord.media/wp-content/plugins/instagram-feed/css/ 16 KB
4 KB 16ms
13ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.5.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df15236d4098113e3479fc540a9bd1046ca6029f5508098e9c4245a0e12fab05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.5.4
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-sf5c8
x-cache: MISS, HIT
content-length: 3472
cf-request-id: 0a1e89bfe400004edf5cb66000000001
x-served-by: cache-mdw17375-MDW, cache-bwi5068-BWI
last-modified: Fri, 16 Apr 2021 16:08:26 GMT
server: cloudflare
x-timer: S1619154955.174109,VS0,VE1
etag: W/"6079b67a-41cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d5c4edf-FRA
x-styx-req-id: b71b4e65-9f42-11eb-a383-b63712820397
x-cache-hits: 0, 1

GET
H2 200 shared-counts.min.css
therecord.media/wp-content/plugins/shared-counts/assets/css/ 26 KB
4 KB 23ms
21ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/shared-counts/assets/css/shared-counts.min.css?ver=1.3.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5883c6bf2740258844b5842dd9abd83e95cb62019fb0bafdc68f226be50ec9bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/plugins/shared-counts/assets/css/shared-counts.min.css?ver=1.3.0
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-tq8lg
x-cache: MISS, HIT
content-length: 3541
cf-request-id: 0a1e89bfe400004edf5483d000000001
x-served-by: cache-mdw17344-MDW, cache-bwi5057-BWI
last-modified: Fri, 16 Apr 2021 09:46:24 GMT
server: cloudflare
x-timer: S1619154955.189680,VS0,VE1
etag: W/"60795cf0-685e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d5d4edf-FRA
x-styx-req-id: 5c9e462d-9ec2-11eb-a35a-36059c50631c
x-cache-hits: 0, 1

GET
H2 200 style.min.css
therecord.media/wp-includes/css/dist/block-library/ 57 KB
11 KB 24ms
21ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/css/dist/block-library/style.min.css?ver=5.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2141963
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-bqkgj
x-cache: MISS, HIT
content-length: 10983
cf-request-id: 0a1e89bfe400004edf2804c000000001
x-served-by: cache-mdw17335-MDW, cache-bwi5036-BWI
last-modified: Wed, 21 Apr 2021 13:54:55 GMT
server: cloudflare
x-timer: S1619156855.750699,VS0,VE1
etag: W/"60802eaf-e358"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d5f4edf-FRA
x-styx-req-id: 63304a1c-a332-11eb-8427-0afe979746e3
x-cache-hits: 0, 1

GET
H2 200 theme.min.css
therecord.media/wp-includes/css/dist/block-library/ 3 KB
1 KB 25ms
22ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/css/dist/block-library/theme.min.css?ver=5.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ee638689e343730a82027d03714f274b6c665cf7e3bf60b5208a3a0cdb3581d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/css/dist/block-library/theme.min.css?ver=5.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-cg5nl
x-cache: MISS, HIT
content-length: 820
cf-request-id: 0a1e89bfe600004edf069da000000001
x-served-by: cache-mdw17331-MDW, cache-bwi5083-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619154842.707994,VS0,VE1
etag: W/"6078f1fc-a9a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d614edf-FRA
x-styx-req-id: 5c9d98c5-9ec2-11eb-919a-ba872d4eec77
x-cache-hits: 0, 1

GET
H2 200 my_switcher.css
therecord.media/wp-content/themes/papr/assets/css/ 1 KB
825 B 16ms
13ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/my_switcher.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d7b7c989e40d891aba2f1fd2643bc0c141f07af5bc3f2fd3e8904d5a5570750

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/my_switcher.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: MISS, HIT
content-length: 584
cf-request-id: 0a1e89bfe500004edf3dbce000000001
x-served-by: cache-mdw17375-MDW, cache-bwi5024-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619154842.723066,VS0,VE1
etag: W/"6078f1fc-52e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d624edf-FRA
x-styx-req-id: 5c9ed60a-9ec2-11eb-81ff-be70de1f414b
x-cache-hits: 0, 1

GET
H2 200 fontawesome-all.min.css
therecord.media/wp-content/themes/papr/assets/css/ 59 KB
14 KB 18ms
15ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a194d83b67af534cc6ed520d864bb551208f62fad994af2a1b1e9259c4baca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-vlnb9
x-cache: MISS, HIT
content-length: 14368
cf-request-id: 0a1e89bfe500004edf3d26f000000001
x-served-by: cache-mdw17354-MDW, cache-bwi5073-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.182320,VS0,VE1
etag: W/"60795cf1-eda4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d634edf-FRA
x-styx-req-id: 5ca348a0-9ec2-11eb-8824-125b7f64732b
x-cache-hits: 0, 1

GET
H2 200 css
fonts.googleapis.com/ 31 KB
1 KB 18ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%7CRoboto%3A300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i%2C900%2C900%26display%3Dswap&subset=latin%2Clatin-ext&ver=5.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

117e2a91923708b07d59a27a53355a64a439390de0c6967010d99f8447d9d3d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 18 May 2021 00:03:50 GMT
server: ESF
date: Tue, 18 May 2021 00:46:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 May 2021 00:46:57 GMT

GET
H2 200 plyr.css
therecord.media/wp-content/themes/papr/assets/css/ 24 KB
5 KB 16ms
14ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/plyr.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

615634720325377624eb3e7eb0b9c3f7480594a0115b38c3c164a745e6f40132

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/plyr.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
content-length: 5283
cf-request-id: 0a1e89bfe500004edf2b367000000001
x-served-by: cache-mdw17381-MDW, cache-bwi5050-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.190177,VS0,VE1
etag: W/"60795cf1-6135"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d644edf-FRA
x-styx-req-id: 5ca498a0-9ec2-11eb-82e7-4a50bbdae7ad
x-cache-hits: 0, 1

GET
H2 200 iconfont.css
therecord.media/wp-content/themes/papr/assets/css/ 13 KB
3 KB 17ms
14ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/iconfont.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d68a005b62c790914390c7e0597962f0a2ce46a3118dacee8c9ffc496ae78d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/iconfont.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-vlnb9
x-cache: MISS, HIT
content-length: 2694
cf-request-id: 0a1e89bfe500004edf3823d000000001
x-served-by: cache-mdw17375-MDW, cache-bwi5058-BWI
last-modified: Wed, 21 Apr 2021 13:54:54 GMT
server: cloudflare
x-timer: S1619154955.180716,VS0,VE1
etag: W/"60802eae-35e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d664edf-FRA
x-styx-req-id: a02647e3-a35b-11eb-8824-125b7f64732b
x-cache-hits: 0, 1

GET
H2 200 animate.css
therecord.media/wp-content/themes/papr/assets/css/ 87 KB
8 KB 15ms
13ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/animate.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799bf3bfa27a6391a622a80e7389f7a7a0db1a1f21de22411b05d6757ce4d123

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/animate.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
content-length: 7454
cf-request-id: 0a1e89bfe500004edf5b1a6000000001
x-served-by: cache-mdw17327-MDW, cache-bwi5049-BWI
last-modified: Fri, 16 Apr 2021 16:08:28 GMT
server: cloudflare
x-timer: S1619154955.187891,VS0,VE1
etag: W/"6079b67c-15c4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d684edf-FRA
x-styx-req-id: b720a5e3-9f42-11eb-82e7-4a50bbdae7ad
x-cache-hits: 0, 1

GET
H2 200 bootstrap.min.css
therecord.media/wp-content/themes/papr/assets/css/ 150 KB
30 KB 17ms
15ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/bootstrap.min.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2b7173a1423e70e09f4bf05e5e5436c29fc4154ef85f8b481e76288030ff8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/bootstrap.min.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: MISS, HIT
content-length: 30752
cf-request-id: 0a1e89bfe500004edffe2d9000000001
x-served-by: cache-mdw17381-MDW, cache-bwi5034-BWI
last-modified: Fri, 16 Apr 2021 16:08:28 GMT
server: cloudflare
x-timer: S1619154955.189647,VS0,VE1
etag: W/"6079b67c-25635"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d694edf-FRA
x-styx-req-id: 143574d1-9ed4-11eb-81ff-be70de1f414b
x-cache-hits: 0, 1

GET
H2 200 style.css
therecord.media/wp-content/themes/papr/assets/css/ 335 KB
65 KB 22ms
21ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/style.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f62c06b02b5623cd1e434dd222b1f32ea09649408f625918a1f2c6604e5018d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/style.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-cg5nl
x-cache: MISS, HIT
content-length: 66141
cf-request-id: 0a1e89bfe600004edfefb33000000001
x-served-by: cache-mdw17362-MDW, cache-bwi5034-BWI
last-modified: Fri, 16 Apr 2021 16:08:28 GMT
server: cloudflare
x-timer: S1619154955.193834,VS0,VE0
etag: W/"6079b67c-53d0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d6a4edf-FRA
x-styx-req-id: 14364514-9ed4-11eb-919a-ba872d4eec77
x-cache-hits: 0, 2

GET
H2 200 dark.css
therecord.media/wp-content/themes/papr/assets/css/ 18 KB
3 KB 27ms
25ms Stylesheet
text/css 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/css/dark.css?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27feaf48b317d189270af96f3fd5ba377b44ead58a161d9cb65067860b9fea35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/css/dark.css?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-sf5c8
x-cache: MISS, HIT
content-length: 3266
cf-request-id: 0a1e89bfea00004edf2e2bd000000001
x-served-by: cache-mdw17334-MDW, cache-bwi5048-BWI
last-modified: Fri, 16 Apr 2021 16:08:28 GMT
server: cloudflare
x-timer: S1619154842.708037,VS0,VE1
etag: W/"6079b67c-4819"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112463d6d4edf-FRA
x-styx-req-id: 29af58c7-9ed2-11eb-a383-b63712820397
x-cache-hits: 0, 1

GET
H2 200 jquery.min.js Show response
therecord.media/wp-includes/js/jquery/ 87 KB
35 KB 26ms
25ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: MISS, HIT
content-length: 36073
cf-request-id: 0a1e89bfeb00004edf11978000000001
x-served-by: cache-mdw17362-MDW, cache-bwi5076-BWI
last-modified: Fri, 16 Apr 2021 02:10:05 GMT
server: cloudflare
x-timer: S1619154842.712813,VS0,VE1
etag: W/"6078f1fd-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112464d7a4edf-FRA
x-styx-req-id: da36cbdc-9ec1-11eb-81ff-be70de1f414b
x-cache-hits: 0, 1

GET
H2 200 jquery-migrate.min.js Show response
therecord.media/wp-includes/js/jquery/ 11 KB
5 KB 22ms
21ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-t75zf
x-cache: MISS, HIT
content-length: 4565
cf-request-id: 0a1e89bfeb00004edff83e3000000001
x-served-by: cache-mdw17369-MDW, cache-bwi5033-BWI
last-modified: Fri, 16 Apr 2021 09:46:26 GMT
server: cloudflare
x-timer: S1619154955.200121,VS0,VE1
etag: W/"60795cf2-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112464d7b4edf-FRA
x-styx-req-id: da38c707-9ec1-11eb-8abe-d21340ba0358
x-cache-hits: 0, 1

GET
H2 200 frontend.js Show response
therecord.media/wp-content/plugins/stop-user-enumeration/frontend/js/ 414 B
494 B 26ms
25ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.25

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c1d5efcfedce06258ef9376165421ab41a9e867bc1dee1024093652f01cb020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.25
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: HIT, HIT
content-length: 262
cf-request-id: 0a1e89bfeb00004edf2bac7000000001
x-served-by: cache-mdw17379-MDW, cache-bwi5049-BWI
last-modified: Fri, 16 Apr 2021 09:46:24 GMT
server: cloudflare
x-timer: S1619154955.210112,VS0,VE1
etag: W/"60795cf0-19e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112464d7d4edf-FRA
x-styx-req-id: 5ca0b060-9ec2-11eb-81ff-be70de1f414b
x-cache-hits: 1, 1

GET
H2 200 popper.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 19 KB
8 KB 22ms
21ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/popper.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10c84c9009726b2489264cde13e1c0a3f33b420b153c936c043f17fa12811d62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/popper.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-tq8lg
x-cache: MISS, HIT
content-length: 7632
cf-request-id: 0a1e89bfeb00004edffa9bc000000001
x-served-by: cache-mdw17340-MDW, cache-bwi5033-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.212845,VS0,VE1
etag: W/"60795cf1-4b5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112464d7e4edf-FRA
x-styx-req-id: da407eb6-9ec1-11eb-a35a-36059c50631c
x-cache-hits: 0, 1

GET
H2 200 252628.js Show response
js.hs-scripts.com/ 987 B
882 B 496ms
446ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/252628.js
Requested by: Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff567278a3fca3c3bd14feb8fe4e8d502a89af75fd6e3346f060ee57a06c3b73

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 090e60f2-d23a-4497-bb51-2cef1d6d013c
cf-request-id: 0a1e89c06000004e4317b5d000000001
server: cloudflare
x-trace: 2B112606076AAF23B18D9D2F8F17BE53F7598C1A7A000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://therecord.media
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 65111246feec4e43-FRA
expires: Tue, 18 May 2021 00:47:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 22ms
17ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-9153858-16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b6dd9f9f395c5e6bad57736b0f842a5f91f080996d8e782e2cb135ed7f0a2907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35636
x-xss-protection: 0
last-modified: Tue, 18 May 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 18 May 2021 00:46:57 GMT

GET
H2 200 The-Record-logo-horizontal.png
therecord.media/wp-content/uploads/2021/01/ 7 KB
8 KB 38ms
34ms Image
image/png 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/01/The-Record-logo-horizontal.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ed16cc13dbbf0ea3fff2cef7cec717e06bcf8208e5b4776eb2dfc6b4e175a85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/uploads/2021/01/The-Record-logo-horizontal.png
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-pvs6z
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7570
cf-request-id: 0a1e89c03500004edf6e03c000000001
x-served-by: cache-mdw17321-MDW, cache-bwi5081-BWI
last-modified: Tue, 05 Jan 2021 18:06:09 GMT
server: cloudflare
x-timer: S1619154842.719006,VS0,VE1
etag: "5ff4aa91-1d92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 5d470fd4-9ec2-11eb-8502-ead38c586752
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246be024edf-FRA
x-cache-hits: 0, 1

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 10ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674D) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/674D)
Age: 946
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 freelancer-ad-lg.jpg
therecord.media/wp-content/uploads/2020/10/ 25 KB
25 KB 41ms
36ms Image
image/jpeg 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2020/10/freelancer-ad-lg.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0a68a655403be38865c2364723afd653992aac0866116c4f86bdb9a73022fb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/uploads/2020/10/freelancer-ad-lg.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2316963
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
cf-bgj: h2pri
content-length: 25134
cf-request-id: 0a1e89c03500004edf1a05a000000001
x-served-by: cache-mdw17344-MDW, cache-bwi5073-BWI
last-modified: Thu, 01 Oct 2020 18:18:10 GMT
server: cloudflare
x-timer: S1618981854.381084,VS0,VE1
etag: "5f761d62-622e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 143c63b6-9ed4-11eb-82e7-4a50bbdae7ad
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246be034edf-FRA
x-cache-hits: 0, 1

GET
H2 200 the-record-footer-logo.png
therecord.media/wp-content/uploads/2020/07/ 8 KB
9 KB 18ms
14ms Image
image/png 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2020/07/the-record-footer-logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

282c69325f8c89038a525c70d7d791e011934f48da2313abb3911306f087cc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/uploads/2020/07/the-record-footer-logo.png
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 8689
cf-request-id: 0a1e89c03500004edf200eb000000001
x-served-by: cache-mdw17382-MDW, cache-bwi5022-BWI
last-modified: Wed, 05 Aug 2020 18:26:21 GMT
server: cloudflare
x-timer: S1619154842.707294,VS0,VE1
etag: "5f2af9cd-21f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 5d4960cc-9ec2-11eb-82e7-4a50bbdae7ad
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246be044edf-FRA
x-cache-hits: 0, 1

GET
H2 200 shared-counts.min.js Show response
therecord.media/wp-content/plugins/shared-counts/assets/js/ 2 KB
1 KB 16ms
16ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/plugins/shared-counts/assets/js/shared-counts.min.js?ver=1.3.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79148d3b353f75f4b122ec75e03dd4470a1878599a5f148123f103cfdae350ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/plugins/shared-counts/assets/js/shared-counts.min.js?ver=1.3.0
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
content-length: 961
cf-request-id: 0a1e89c01c00004edffcab6000000001
x-served-by: cache-mdw17336-MDW, cache-bwi5026-BWI
last-modified: Fri, 16 Apr 2021 02:10:03 GMT
server: cloudflare
x-timer: S1619154955.231125,VS0,VE1
etag: W/"6078f1fb-943"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112468dcc4edf-FRA
x-styx-req-id: da9928b5-9ec1-11eb-82e7-4a50bbdae7ad
x-cache-hits: 0, 1

GET
H2 200 bootstrap.min.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 50 KB
16 KB 15ms
15ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/bootstrap.min.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5447ba13480eca4513d5e82c4528dd6e9bc2236b4dd0c11bff070315ad1fe38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/bootstrap.min.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-bqkgj
x-cache: MISS, HIT
content-length: 16204
cf-request-id: 0a1e89c01900004edf09aee000000001
x-served-by: cache-mdw17356-MDW, cache-bwi5074-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619154955.224286,VS0,VE1
etag: W/"6078f1fc-c7cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112468dcf4edf-FRA
x-styx-req-id: da9be434-9ec1-11eb-8427-0afe979746e3
x-cache-hits: 0, 1

GET
H2 200 theia-sticky-sidebar.min.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 5 KB
2 KB 18ms
12ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/theia-sticky-sidebar.min.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb242b5f299cd08ee579ad1b46e13cb235bb595dd10b03fab7dfadfc61103be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/theia-sticky-sidebar.min.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-pvs6z
x-cache: MISS, HIT
content-length: 1955
cf-request-id: 0a1e89c03200004edf3c107000000001
x-served-by: cache-mdw17379-MDW, cache-bwi5028-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.236755,VS0,VE1
etag: W/"60795cf1-1537"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bded4edf-FRA
x-styx-req-id: daa365c6-9ec1-11eb-8502-ead38c586752
x-cache-hits: 0, 1

GET
H2 200 jquery.nav.min.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 2 KB
1 KB 20ms
14ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/jquery.nav.min.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fdebf6b7c1ba29dafcb14b5c0880e6547282dbcd95405508fedbd1eff3538f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/jquery.nav.min.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-tq8lg
x-cache: MISS, HIT
content-length: 1105
cf-request-id: 0a1e89c03200004edfefb37000000001
x-served-by: cache-mdw17371-MDW, cache-bwi5052-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619154842.707042,VS0,VE1
etag: W/"6078f1fc-9ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdef4edf-FRA
x-styx-req-id: daa0f104-9ec1-11eb-a35a-36059c50631c
x-cache-hits: 0, 1

GET
H2 200 jquery.sticky-kit.min.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 3 KB
2 KB 47ms
41ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/jquery.sticky-kit.min.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a8717b1c866759c800df22bdc5b34545730d2790473892a4cf31dce49bf1170

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/jquery.sticky-kit.min.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-vlnb9
x-cache: MISS, HIT
content-length: 1351
cf-request-id: 0a1e89c03200004edf49267000000001
x-served-by: cache-mdw17324-MDW, cache-bwi5067-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.245486,VS0,VE1
etag: W/"60795cf1-af7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf04edf-FRA
x-styx-req-id: daa0b785-9ec1-11eb-8824-125b7f64732b
x-cache-hits: 0, 1

GET
H2 200 plyr.polyfilled.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 178 KB
65 KB 22ms
17ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/plyr.polyfilled.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

259408ba84c511e2ce559b41f9befbcf42240dcc4c38a7fcd3b2042825500ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/plyr.polyfilled.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 1051458
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: MISS, HIT
content-length: 65788
cf-request-id: 0a1e89c03200004edf1c9e1000000001
x-served-by: cache-mdw17359-MDW, cache-bwi5065-BWI
last-modified: Wed, 05 May 2021 20:09:45 GMT
server: cloudflare
x-timer: S1620247359.422128,VS0,VE2
etag: W/"6092fb89-2c704"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf14edf-FRA
x-styx-req-id: 09e41c6d-adde-11eb-af83-be70de1f414b
x-cache-hits: 0, 1

GET
H2 200 css-vars-ponyfill@2.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 21 KB
8 KB 42ms
36ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/css-vars-ponyfill@2.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5b298070b2cfac1c085a3d3e34c4bc77e95751b0a580278a2af9e257524f771

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/css-vars-ponyfill@2.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-pvs6z
x-cache: MISS, MISS
content-length: 7974
cf-request-id: 0a1e89c03300004edf373c1000000001
x-served-by: cache-mdw17362-MDW, cache-bwi5025-BWI
last-modified: Thu, 22 Apr 2021 10:26:41 GMT
server: cloudflare
x-timer: S1619154955.235849,VS0,VE35
etag: W/"60814f61-5229"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf24edf-FRA
x-styx-req-id: faf236da-a3f2-11eb-8502-ead38c586752
x-cache-hits: 0, 0

GET
H2 200 easing-1.3.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 3 KB
1 KB 19ms
13ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/easing-1.3.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a53341f5523f65602a0bd713a64df14bdd29783e1d9c5f077d81be0b9cf6e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/easing-1.3.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: MISS, HIT
content-length: 923
cf-request-id: 0a1e89c03300004edf06028000000001
x-served-by: cache-mdw17356-MDW, cache-bwi5065-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154842.722172,VS0,VE1
etag: W/"60795cf1-de8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf44edf-FRA
x-styx-req-id: db3b0dec-9ec1-11eb-81ff-be70de1f414b
x-cache-hits: 0, 1

GET
H2 200 jquery.nicescroll.min.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 59 KB
20 KB 18ms
12ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/jquery.nicescroll.min.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90416a7cc6359148ba877ac607904a24a0c394efacbcd05f737c6df991b442d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/jquery.nicescroll.min.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-8hzrq
x-cache: MISS, HIT
content-length: 20135
cf-request-id: 0a1e89c03300004edf421fe000000001
x-served-by: cache-mdw17377-MDW, cache-bwi5059-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154842.715876,VS0,VE1
etag: W/"60795cf1-ea6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf54edf-FRA
x-styx-req-id: db62fb78-9ec1-11eb-8b42-de61b68c4983
x-cache-hits: 0, 1

GET
H2 200 imagesloaded.min.js Show response
therecord.media/wp-includes/js/ 5 KB
2 KB 42ms
36ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/js/imagesloaded.min.js?ver=4.1.4
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-tq8lg
x-cache: HIT, HIT
content-length: 2009
cf-request-id: 0a1e89c03300004edf42a4b000000001
x-served-by: cache-mdw17365-MDW, cache-bwi5063-BWI
last-modified: Fri, 16 Apr 2021 02:10:05 GMT
server: cloudflare
x-timer: S1619154955.233130,VS0,VE1
etag: W/"6078f1fd-15fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf74edf-FRA
x-styx-req-id: db6f6b6d-9ec1-11eb-a35a-36059c50631c
x-cache-hits: 1, 1

GET
H2 200 isotope.pkgd.min.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 40 KB
13 KB 20ms
15ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/isotope.pkgd.min.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57a45007f24b920e1cb59467217fd99f6b7aca9806c31fd2fbdf8ba38df471b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/isotope.pkgd.min.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-bqkgj
x-cache: MISS, HIT
content-length: 13274
cf-request-id: 0a1e89c03300004edf4f882000000001
x-served-by: cache-mdw17370-MDW, cache-bwi5050-BWI
last-modified: Wed, 21 Apr 2021 13:54:55 GMT
server: cloudflare
x-timer: S1619154955.230068,VS0,VE1
etag: W/"60802eaf-9f9a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf84edf-FRA
x-styx-req-id: 63c7eade-a332-11eb-8427-0afe979746e3
x-cache-hits: 0, 1

GET
H2 200 plugins.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 3 KB
1 KB 47ms
41ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/plugins.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9df07cae9221a9eb9b76e0e2e0241700c5fff03d00fe4a0f08c907b463dfd641

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/plugins.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
content-length: 1070
cf-request-id: 0a1e89c03400004edf123c9000000001
x-served-by: cache-mdw17376-MDW, cache-bwi5073-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.233052,VS0,VE1
etag: W/"60795cf1-a4d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdf94edf-FRA
x-styx-req-id: db7d0d84-9ec1-11eb-82e7-4a50bbdae7ad
x-cache-hits: 0, 1

GET
H2 200 js.cookie.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 4 KB
2 KB 21ms
15ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/js.cookie.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7abfcffcbae9a6a8d7b7a2e3ccf5dd58988ede6d7987528e2a097e2063fb0f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/js.cookie.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-tq8lg
x-cache: MISS, HIT
content-length: 1579
cf-request-id: 0a1e89c03400004edf5e9fd000000001
x-served-by: cache-mdw17381-MDW, cache-bwi5066-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619154842.739644,VS0,VE1
etag: W/"6078f1fc-ef9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdfa4edf-FRA
x-styx-req-id: db78b5f0-9ec1-11eb-a35a-36059c50631c
x-cache-hits: 0, 1

GET
H2 200 main.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 21 KB
6 KB 17ms
11ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/main.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ea5256ef9076fd8d3ea0b3939fcf064e197006ed6ed71bb793c852737921439

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/main.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-zgt68
x-cache: MISS, HIT
content-length: 5718
cf-request-id: 0a1e89c03400004edf1197b000000001
x-served-by: cache-mdw17356-MDW, cache-bwi5032-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154842.708449,VS0,VE0
etag: W/"60795cf1-5441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdfd4edf-FRA
x-styx-req-id: db81e675-9ec1-11eb-82e7-4a50bbdae7ad
x-cache-hits: 0, 2

GET
H2 200 jquery.style.switcher.js Show response
therecord.media/wp-content/themes/papr/assets/js/ 12 KB
4 KB 40ms
35ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/js/jquery.style.switcher.js?ver=1.2.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f074d6d6260e8e71fd892ac03bfa5f6810d51ae2b67a3f55f67a95deacff5c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/themes/papr/assets/js/jquery.style.switcher.js?ver=1.2.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-cg5nl
x-cache: MISS, HIT
content-length: 3986
cf-request-id: 0a1e89c03400004edfecae8000000001
x-served-by: cache-mdw17347-MDW, cache-bwi5079-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619154955.233993,VS0,VE1
etag: W/"60795cf1-3023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246bdfe4edf-FRA
x-styx-req-id: db7e8fb8-9ec1-11eb-919a-ba872d4eec77
x-cache-hits: 0, 1

GET
H2 200 wp-embed.min.js Show response
therecord.media/wp-includes/js/ 1 KB
1 KB 46ms
41ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/wp-embed.min.js?ver=5.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143862
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-bqkgj
x-cache: MISS, HIT
content-length: 779
cf-request-id: 0a1e89c03500004edf449d5000000001
x-served-by: cache-mdw17376-MDW, cache-bwi5044-BWI
last-modified: Fri, 16 Apr 2021 02:10:05 GMT
server: cloudflare
x-timer: S1619154955.253667,VS0,VE1
etag: W/"6078f1fd-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246be014edf-FRA
x-styx-req-id: dbc1c460-9ec1-11eb-8427-0afe979746e3
x-cache-hits: 0, 1

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=26800&conversionId=3121601&fmt=gif
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D26800%26conversionId%3D3121601%26fmt%3Dgif%26liSync%3Dtrue
https://px.ads.linkedin.com/collect?pid=26800&conversionId=3121601&fmt=gif&liSync=true
https://px4.ads.linkedin.com/collect?pid=26800&conversionId=3121601&fmt=gif&liSync=true&e_ipv6=AQJ1JwOT3oC2MAAAAXl88Kp1UqUHamwMMjXmYGApRNT66TL01X-EHcjUyOWta88mIna3g9Td

43 B
166 B

419ms
419ms

Image
image/gif

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=26800&conversionId=3121601&fmt=gif&liSync=true&e_ipv6=AQJ1JwOT3oC2MAAAAXl88Kp1UqUHamwMMjXmYGApRNT66TL01X-EHcjUyOWta88mIna3g9Td
Requested by: Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
server: Play
linkedin-action: 1
vary: Accept-Encoding
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: image/gif
content-length: 65
x-li-uuid: vdn4Uq8CgBbg/+69eisAAA==

Redirect headers

date: Tue, 18 May 2021 00:46:57 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?pid=26800&conversionId=3121601&fmt=gif&liSync=true&e_ipv6=AQJ1JwOT3oC2MAAAAXl88Kp1UqUHamwMMjXmYGApRNT66TL01X-EHcjUyOWta88mIna3g9Td
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: QXOWQ68CgBYwAHBzxyoAAA==

GET
H2 200 wp-emoji-release.min.js Show response
therecord.media/wp-includes/js/ 14 KB
5 KB 38ms
34ms Script
application/x-javascript 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-includes/js/wp-emoji-release.min.js?ver=5.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.7
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2143976
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-sf5c8
x-cache: MISS, HIT
content-length: 5269
cf-request-id: 0a1e89c03600004edf500ad000000001
x-served-by: cache-mdw17351-MDW, cache-bwi5038-BWI
last-modified: Fri, 16 Apr 2021 09:46:26 GMT
server: cloudflare
x-timer: S1619154842.695498,VS0,VE1
etag: W/"60795cf2-3795"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246be054edf-FRA
x-styx-req-id: dbca98d0-9ec1-11eb-a383-b63712820397
x-cache-hits: 0, 1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 48ms
2ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23959
x-fb-rlafr: 0
pragma: public
x-fb-debug: A8/WHWZbt1iZOQLKc+6H6Nb9uB/47x+/TwHx+m+z82W4bpJUbhwnBqHzZm04rdkHG++QsX21sbR+B7ZHaGYySw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 18 May 2021 00:46:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 137ms
43ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 2851
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1621298817.194398,VS0,VE0
x-served-by: cache-fra19174-FRA

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 189 KB
55 KB 62ms
12ms Script
application/javascript 2600:9000:2190:1800:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Requested by: Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c6896cc2ff0265426475dc3ad4ddc73516fa80ff8440739bf7efcabb1d3be92f

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 11 May 2021 21:14:27 GMT
content-encoding: gzip
last-modified: Sun, 18 Apr 2021 23:19:56 GMT
server: AmazonS3
age: 531151
etag: W/"4cab91962477b7e8b746d923db071ae7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 6H8SSdPaAmLWDA1IYMCwZSQDqfgpGZnmD_EITZ2mbTsJdiK6zpepyA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 86 KB
33 KB 22ms
18ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PVJ5W86

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9304a42699e5984d4023da276789e75184c069999500b97a5c635f60f807c15a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33582
x-xss-protection: 0
last-modified: Tue, 18 May 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 18 May 2021 00:46:57 GMT

GET
H2 200 Windows-10.png
therecord.media/wp-content/uploads/2021/05/ 42 KB
42 KB 41ms
41ms Image
image/png 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/05/Windows-10.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcff066c4253fe497412f59899a87195193db530ae953ae48eb9942edcca3dca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/uploads/2021/05/Windows-10.png
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 46227
x-pantheon-styx-hostname: styx-fe2-a-576dd86754-swfkk
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 42975
cf-request-id: 0a1e89c03c00004edf2293b000000001
x-served-by: cache-mdw17375-MDW, cache-bwi5020-BWI
last-modified: Mon, 17 May 2021 11:54:10 GMT
server: cloudflare
x-timer: S1621252591.621283,VS0,VE1
etag: "60a25962-a7df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: b1e12217-b706-11eb-8f48-2e705eee618f
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246ce0e4edf-FRA
x-cache-hits: 0, 1

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%7CRoboto%3A300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i%2C900%2C900%26display%3Dswap&subset=latin%2Clatin-ext&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:12:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 2086
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
expires: Wed, 18 May 2022 00:12:11 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 428605
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 13 May 2022 01:43:32 GMT

GET
H2 200 fa-regular-400.woff2
therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/ 107 KB
108 KB 34ms
32ms Font
font/woff2 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/fa-regular-400.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3cc49fc5ded58b415e3f3fd2f07cff4f18da9e1e09602b5085fcd3f0cc85a486

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-fetch-mode: cors
origin: https://therecord.media
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
:path: /wp-content/themes/papr/assets/fonts/font-awesome/fa-regular-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: therecord.media
referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://therecord.media
Referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2142621
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 110020
cf-request-id: 0a1e89c03d00004edf2b36c000000001
x-served-by: cache-mdw17361-MDW, cache-bwi5041-BWI
last-modified: Wed, 21 Apr 2021 13:54:57 GMT
server: cloudflare
x-timer: S1619156196.364578,VS0,VE1
etag: "60802eb1-1adc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246ce114edf-FRA
x-styx-req-id: 93da5e9f-a349-11eb-81ff-be70de1f414b
x-cache-hits: 1, 1

GET
H2 200 fa-light-300.woff2
therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/ 115 KB
116 KB 38ms
37ms Font
font/woff2 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/fa-light-300.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fc5ace475076f454c946a32e61011a7b8b0ab6fadfb98a73756906b94a5588d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-fetch-mode: cors
origin: https://therecord.media
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
:path: /wp-content/themes/papr/assets/fonts/font-awesome/fa-light-300.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: therecord.media
referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://therecord.media
Referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2142621
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-pvs6z
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 117936
cf-request-id: 0a1e89c03d00004edf38241000000001
x-served-by: cache-mdw17326-MDW, cache-bwi5030-BWI
last-modified: Wed, 21 Apr 2021 13:54:57 GMT
server: cloudflare
x-timer: S1619156196.367987,VS0,VE1
etag: "60802eb1-1ccb0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 65111246ce124edf-FRA
x-styx-req-id: 94b7984e-a349-11eb-8502-ead38c586752
x-cache-hits: 0, 1

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 378688
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:29 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
age: 378685
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:32 GMT

GET
H2 200 pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
9 KB 12ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fe15236efa2c9099b9216ffaf5156f07b4cf03aea8b8ff25a94b514f3773341

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:44:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:01:38 GMT
server: sffe
age: 378177
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8700
x-xss-protection: 0
expires: Fri, 13 May 2022 15:44:00 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 13ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:43:44 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
age: 378193
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
expires: Fri, 13 May 2022 15:43:44 GMT

GET
H2 200 rats.jpg
therecord.media/wp-content/uploads/2021/05/ 320 KB
320 KB 15ms
14ms Image
image/jpeg 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/05/rats.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d06dc5ae630d2f114d48b814864af9d7e44dedd85a4218188bfb53f0fcdafc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/uploads/2021/05/rats.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 54943
x-pantheon-styx-hostname: styx-fe2-a-576dd86754-d4scp
x-cache: MISS, HIT
cf-bgj: h2pri
content-length: 327260
cf-request-id: 0a1e89c0be00004edf23228000000001
x-served-by: cache-mdw17360-MDW, cache-bwi5077-BWI
last-modified: Mon, 17 May 2021 09:22:13 GMT
server: cloudflare
x-timer: S1621243874.375239,VS0,VE1
etag: "60a235c5-4fe5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 60448937-b6f2-11eb-802b-16d95c1b4906
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112479f174edf-FRA
x-cache-hits: 0, 1

GET
H2 200 Eufy.jpg
therecord.media/wp-content/uploads/2021/05/ 114 KB
114 KB 20ms
20ms Image
image/jpeg 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://therecord.media/wp-content/uploads/2021/05/Eufy.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31f8e9e3966813743e7db61324821c27a86a66d31a1189bc04e2154d8ba6d98d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:path: /wp-content/uploads/2021/05/Eufy.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: therecord.media
referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 23797
x-pantheon-styx-hostname: styx-fe2-b-d65d59d6b-zdbfl
x-cache: MISS, HIT
cf-bgj: h2pri
content-length: 116506
cf-request-id: 0a1e89c0be00004edf09af4000000001
x-served-by: cache-mdw17355-MDW, cache-bwi5046-BWI
last-modified: Mon, 17 May 2021 18:03:26 GMT
server: cloudflare
x-timer: S1621275021.819488,VS0,VE0
etag: "60a2afee-1c71a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: f6379d50-b73a-11eb-85c2-d2b9b30b8f04
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112479f184edf-FRA
x-cache-hits: 0, 2

GET
H2 200 fa-brands-400.woff2
therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/ 64 KB
64 KB 18ms
18ms Font
font/woff2 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/fa-brands-400.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799c126cfbfd39ec8b8d4aae428e39e0b189dfedb025dfbda40fbb385feb2bc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-fetch-mode: cors
origin: https://therecord.media
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
:path: /wp-content/themes/papr/assets/fonts/font-awesome/fa-brands-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: therecord.media
referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://therecord.media
Referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2142621
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-t75zf
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 65384
cf-request-id: 0a1e89c0be00004edf3c10f000000001
x-served-by: cache-mdw17331-MDW, cache-bwi5080-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619156196.369466,VS0,VE1
etag: "6078f1fc-ff68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112479f194edf-FRA
x-styx-req-id: daea7b3e-9ec1-11eb-8abe-d21340ba0358
x-cache-hits: 0, 1

GET
H2 200 fa-solid-900.woff2
therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/ 90 KB
90 KB 12ms
11ms Font
font/woff2 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/fonts/font-awesome/fa-solid-900.woff2

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a238cffffbfea4c2868fca1b142a3a9690574537a38c857dbe309ec27b033eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-fetch-mode: cors
origin: https://therecord.media
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
:path: /wp-content/themes/papr/assets/fonts/font-awesome/fa-solid-900.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: therecord.media
referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://therecord.media
Referer: https://therecord.media/wp-content/themes/papr/assets/css/fontawesome-all.min.css?ver=1.2.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2142621
x-pantheon-styx-hostname: styx-fe2-a-957558ff8-pvs6z
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 91792
cf-request-id: 0a1e89c0be00004edfefb3d000000001
x-served-by: cache-mdw17332-MDW, cache-bwi5082-BWI
last-modified: Fri, 16 Apr 2021 02:10:04 GMT
server: cloudflare
x-timer: S1619156196.367446,VS0,VE0
etag: "6078f1fc-16690"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112479f1b4edf-FRA
x-styx-req-id: 89fb6280-9ec2-11eb-8502-ead38c586752
x-cache-hits: 0, 2

GET
H2 200 feather.woff
therecord.media/wp-content/themes/papr/assets/fonts/ 29 KB
29 KB 19ms
18ms Font
font/woff 2606:4700::6812:721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://therecord.media/wp-content/themes/papr/assets/fonts/feather.woff?t=1525787366991

Requested by

Host: therecord.media
URL: https://therecord.media/wp-content/themes/papr/assets/css/iconfont.css?ver=1.2.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef3c47cb702e040372a3a4bce66d5e0ecc46c56325ec40f8c00b91da0d1d3f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-fetch-mode: cors
origin: https://therecord.media
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: wordpress_google_apps_login=a2cd5c3f75bbf5b88308ae5524c5b7fc
:path: /wp-content/themes/papr/assets/fonts/feather.woff?t=1525787366991
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: therecord.media
referer: https://therecord.media/wp-content/themes/papr/assets/css/iconfont.css?ver=1.2.7
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://therecord.media
Referer: https://therecord.media/wp-content/themes/papr/assets/css/iconfont.css?ver=1.2.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2142621
x-pantheon-styx-hostname: styx-fe2-b-57d995db58-kcb5s
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 29500
cf-request-id: 0a1e89c0be00004edf0d8a3000000001
x-served-by: cache-mdw17342-MDW, cache-bwi5066-BWI
last-modified: Fri, 16 Apr 2021 09:46:25 GMT
server: cloudflare
x-timer: S1619156196.372660,VS0,VE1
etag: "60795cf1-733c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
expires: Thu, 19 May 2022 00:46:57 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 651112479f1c4edf-FRA
x-styx-req-id: dac7988c-9ec1-11eb-81ff-be70de1f414b
x-cache-hits: 0, 1

GET
H3-29 200 pxiEyp8kv8JHgFVrJJbecmNE.woff2
fonts.gstatic.com/s/poppins/v15/ 39 KB
39 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJbecmNE.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f492372f1ac1ce4caf9876f04e9d463dd300c05d88ef8839e7f64a295d46b592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://therecord.media
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:44:26 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:01:53 GMT
server: sffe
age: 378151
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39624
x-xss-protection: 0
expires: Fri, 13 May 2022 15:44:26 GMT

GET
H2 200 5fcff613fdfb0dbe15ddb3c49d4f54cd
secure.gravatar.com/avatar/ 4 KB
4 KB 9ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/5fcff613fdfb0dbe15ddb3c49d4f54cd?s=105&d=blank&r=g
Requested by: Host: therecord.media
URL: https://therecord.media/poc-released-for-wormable-windows-iis-bug/?utm_medium=email&_hsmi=127826602&_hsenc=p2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg&utm_content=127826602&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 7ab033d924a13c57cbdff0285e95526d16b83e980cf1fbbb8df85dcebabac0b9

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 18 May 2021 00:46:57 GMT
last-modified: Fri, 05 Mar 2021 15:49:20 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="5fcff613fdfb0dbe15ddb3c49d4f54cd.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/5fcff613fdfb0dbe15ddb3c49d4f54cd?s=105&d=blank&r=g>; rel="canonical"
content-length: 3830
expires: Tue, 18 May 2021 00:51:57 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 9C45 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Ftherecord.media
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://therecord.media/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://therecord.media/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 355160
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 18 May 2021 00:46:57 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 1f631.svg
s.w.org/images/core/emoji/13.0.1/svg/ 2 KB
988 B 123ms
40ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/1f631.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

c050671286ff22d29215d2ecf081a85337b164bdc007e6d342b47f39ef11a339

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:31 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f486-1f3fb-200d-2642-fe0f.svg
s.w.org/images/core/emoji/13.0.1/svg/ 3 KB
936 B 123ms
40ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/1f486-1f3fb-200d-2642-fe0f.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

3148d6f31758ea6c9a845310897e70f05595108097759f6992cb416021a93a6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f525.svg
s.w.org/images/core/emoji/13.0.1/svg/ 822 B
520 B 123ms
40ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/1f525.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

4fa646a4dbc10513ddeb70561789483638faf456e15186f4eb7291c5c455cbb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 781647205981775 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 14ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/781647205981775?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ebda42e9095078fad27fb85df9ab2ee552916dc05ad5ec4858c2bb435e483a96

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74072
x-fb-rlafr: 0
pragma: public
x-fb-debug: uenGpCE9aDJw8UXVFCVSKK8FnJJoKSAWFKoEPWT9uZjfIySPeKAVXsoLW7HSsQhQ3LFYPumy9Z88bl2Bl1koXg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 18 May 2021 00:46:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H/1.1 204
No Response matomo.php
recordedfuture.matomo.cloud/ 0
246 B 241ms
72ms Ping
text/plain 18.196.53.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=therecord.media%2FPoC%20released%20for%20wormable%20Windows%20IIS%20bug%20%7C%20The%20Record%20by%20Recorded%20Future&idsite=2&rec=1&r=998731&h=2&m=46&s=57&url=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email&_id=aebad43622381e5f&_idn=1&_rcn=hs_email&_refts=1621298817&send_image=0&cookie=1&res=1600x1200&pv_id=PFALfT&fa_pv=1&fa_fp[0][fa_vid]=5jERI4&fa_fp[0][fa_id]=search&fa_fp[0][fa_fv]=1&pf_net=24.639997631311417&pf_srv=826.054997742176&pf_tfr=0.8300021290779114
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.53.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-53-208.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

Access-Control-Allow-Origin: https://therecord.media
Date: Tue, 18 May 2021 00:46:57 GMT
Access-Control-Allow-Credentials: true
Server: Apache
Vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 15 KB
7 KB 144ms
47ms Script
application/javascript 23.79.145.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: go.recordedfuture.com
URL: https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.145.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-145-42.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7f072dbb779b20cea6866f3f8d398af9cafe418e7e038aa0702feddf741f040c

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 06:46:48 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6018f558-3ab9"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 6144

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4621
date: Mon, 17 May 2021 23:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Tue, 18 May 2021 01:29:56 GMT

GET
H/1.1 200
OK configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
360 B 168ms
53ms Script
application/javascript 18.196.53.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=2&trackerid=RJspRh&url=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.53.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-53-208.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 00d204ce3099149a22353e67223c9529ab04c0da23e4df8b8b08a93d5f98008d

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Server: Apache
Content-Length: 118
Vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
Content-Type: application/javascript

GET
H2 200 adsct
t.co/i/ 43 B
454 B 267ms
163ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nv0r6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:57 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 77f1c5ab877c9e861e0a90735f394c205829d3f7ace03aca7e902c290bf5b734
x-transaction: 44403c93ba32678c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 9C45 256 B
442 B 271ms
164ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=c997c9e1c51724f126032ee273d4f0cabcebf2f5

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Ftherecord.media

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: gzip
last-modified: Tue, 18 May 2021 00:46:57 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
content-length: 176

GET
H3-29 200 347498706286814 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/347498706286814?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

64d255f57fcb051e9f2ce34c110d8a33da1fb3362b5c6647527eda24ea323005

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74027
x-fb-rlafr: 0
pragma: public
x-fb-debug: PugfDLU7g2k1ghJvFQrlH/lRq91F9m1xrOlzw9NbltGRQPjwVs9ys426yzZBVxo4ssBlXX+6YHpXNIrPYyA1XA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 18 May 2021 00:46:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 18ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=781647205981775&ev=PageView&dl=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email&rl=&if=false&ts=1621298817416&sw=1600&sh=1200&v=2.9.39&r=stable&ec=0&o=30&fbp=fb.1.1621298817415.1570928582&it=1621298817335&coo=false&exp=l1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 18 May 2021 00:46:57 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1878120455&t=pageview&_s=1&dl=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=PoC%20released%20for%20wormable%20Windows%20IIS%20bug%20%7C%20The%20Record%20by%20Recorded%20Future&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=8421243&gjid=185691849&cid=823716375.1621298817&tid=UA-9153858-16&_gid=1525750536.1621298817&_r=1&gtm=2ou5c1&z=2091131839

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 18 May 2021 00:46:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://therecord.media
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=347498706286814&ev=PageView&dl=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email&rl=&if=false&ts=1621298817445&sw=1600&sh=1200&v=2.9.39&r=stable&ec=0&o=30&fbp=fb.1.1621298817415.1570928582&it=1621298817335&coo=false&exp=l1&rqm=GET

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Tue, 18 May 2021 00:46:57 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
371 B 137ms
45ms XHR
text/plain 23.79.145.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.145.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-145-42.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fc98a0af3b383a9e6440e3fcd2750f662de7dfebd40b558607c6c5916751074a

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://therecord.media
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
710 B 139ms
47ms XHR
application/json 185.33.220.241
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 May 2021 00:46:57 GMT
X-Proxy-Origin: 37.120.194.228; 37.120.194.228; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.138:80
AN-X-Request-Uuid: b6bb4431-4a20-403e-887f-a3b2be0cd8a8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://therecord.media
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 252628.js Show response
js.hs-banner.com/ 60 KB
15 KB 35ms
19ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40a89043951076b9f32488d5cafd64711df1e623e2123ba0ffd14899de55306c

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: br
cf-cache-status: HIT
age: 27
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: K185BA3QQNK8EBCD
x-amz-id-2: aRU2YJfX3Z0xaL6B+rEQEjJFHI5NjU3Z2pqcxyfpjGRcDUaghXqa6zKpy2FNq7+AC1cEoYHFzVY=
timing-allow-origin: *
last-modified: Wed, 12 May 2021 18:54:36 GMT
server: cloudflare
etag: W/"9955f9ead941290c90d89e6adbee9fba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: 719cpcKwQtpvtW6qfmqcj6xaJQ_zU6Vv
access-control-allow-origin: https://therecord.media
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-request-id: 0a1e89c23100004db87cafb000000001
cf-ray: 65111249ecc34db8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 18 May 2021 00:51:30 GMT

GET
H2 200 252628.js Show response
js.hs-analytics.net/analytics/1621298700000/ 63 KB
19 KB 31ms
14ms Script
text/javascript 2606:4700::6811:44b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1621298700000/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fd9ef4e5f96881b0e06393b01a1be3d5bc305fcd5db934f11cbf624f597a59a

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:57 GMT
content-encoding: br
cf-cache-status: HIT
age: 55
x-amz-server-side-encryption: AES256
x-amz-request-id: 4ZWV85G2R8H7V7AC
x-amz-id-2: P1U9zqP+w+bXpMvoMS5TzDvRO7RvizS3rfAau5C9s41UaarcJeYjGg0dPDrdrQKMx/Cnm6PnLC8=
last-modified: Wed, 12 May 2021 18:57:36 GMT
server: cloudflare
etag: W/"8b75207fa99f9374d95a48051c8d7d92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-request-id: 0a1e89c23100004ec72a2ca000000001
cf-ray: 65111249e9aa4ec7-FRA
expires: Tue, 18 May 2021 00:51:02 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 368ms
264ms Image
image/gif 23.79.145.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=ec641102f6430000810ea360f30100008ea11100&visitor=40df96cf-5bb7-4932-8305-2507a6d472c7&session=62b79605-886e-4cf6-868b-3d09ffda9b6c&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22A%20security%20researcher%20has%20published%20over%20the%20weekend%20proof-of-concept%20exploit%20code%20for%20a%20wormable%20Windows%20IIS%20server%20vulnerability.%20Tracked%20as%20CVE-2021-31166%2C%20the%20vulnerability%20was%20discovered%20internally%20by%20Microsoft%27s%20staff%20and%20patched%20last%20week%20in%20the%20May%202021%20Patch%20Tuesday.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PoC%20released%20for%20wormable%20Windows%20IIS%20bug%20%7C%20The%20Record%20by%20Recorded%20Future%22%7D&cb=98817662&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.79.145.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-79-145-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:58 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:51:25 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e5026ad-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK horizon_tweet.2bd42981e3af03ce9186a5655508da28.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.2bd42981e3af03ce9186a5655508da28.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/669E)
Age: 355161
Etag: "43544c32afe87494042045e40e7b3213+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2436

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 5513 487 B
971 B 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: 6a76f4bba8f5f4895c3aa44d243a16e8b3ae0d9b53a2cefa06b10480c5df6575

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://therecord.media/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://therecord.media/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 920
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Tue, 18 May 2021 00:46:57 GMT
Etag: "269cf10e2a7312e6a00f34db0a9547f0"
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6724)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame A656 487 B
971 B 12ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: 6a76f4bba8f5f4895c3aa44d243a16e8b3ae0d9b53a2cefa06b10480c5df6575

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://therecord.media/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://therecord.media/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 920
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Tue, 18 May 2021 00:46:57 GMT
Etag: "269cf10e2a7312e6a00f34db0a9547f0"
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6724)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 4DC0 487 B
971 B 18ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: 6a76f4bba8f5f4895c3aa44d243a16e8b3ae0d9b53a2cefa06b10480c5df6575

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://therecord.media/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://therecord.media/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 920
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Tue, 18 May 2021 00:46:57 GMT
Etag: "269cf10e2a7312e6a00f34db0a9547f0"
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6724)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK embed.runtime.e903d38956688915ba03.js Show response
platform.twitter.com/embed/ Frame 5513 8 KB
4 KB 16ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 7b5a69f728a7160605b396d9e4411856db9e4d9bbcd4b830cd946da9aee455af

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/6713)
Age: 355161
Etag: "327f4c83fe34cb71a7f1d17e1ecff998+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3500

GET
H/1.1 200
OK embed.modules.ff962fc355c6a950595b.js Show response
platform.twitter.com/embed/ Frame 5513 501 KB
160 KB 17ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6772) /
Resource Hash: 7519e61aea4f2c775a819496a69370040c9fdbf229fd19e5be139e79be481a23

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/6772)
Age: 355160
Etag: "a66126f3a79b85f4c0c4507611cea855+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163501

GET
H/1.1 200
OK embed.i18n.7474183ca0815ae94d99.js Show response
platform.twitter.com/embed/ Frame 5513 146 B
651 B 17ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.7474183ca0815ae94d99.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: db75b790206a2694094f8cae3da3176a7086f929e4f41c3fafe6e07490dc4a87

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67DF)
Age: 355161
Etag: "e6c6cbe873374a156f56ded129f56d5f"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.1f1e232812574df49967.js Show response
platform.twitter.com/embed/ Frame 5513 15 KB
6 KB 23ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.1f1e232812574df49967.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669F) /
Resource Hash: ce609a18ff66b8f8d0318be227f176f99e3de7ee383253b1b4e9a1caa230afac

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/669F)
Age: 355161
Etag: "fbf967b3f220fece471a4e4129f0cc4f+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5558

GET
H/1.1 200
OK embed.runtime.e903d38956688915ba03.js Show response
platform.twitter.com/embed/ Frame A656 8 KB
4 KB 18ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 7b5a69f728a7160605b396d9e4411856db9e4d9bbcd4b830cd946da9aee455af

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/6713)
Age: 355161
Etag: "327f4c83fe34cb71a7f1d17e1ecff998+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3500

GET
H/1.1 200
OK embed.modules.ff962fc355c6a950595b.js Show response
platform.twitter.com/embed/ Frame A656 501 KB
160 KB 19ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6772) /
Resource Hash: 7519e61aea4f2c775a819496a69370040c9fdbf229fd19e5be139e79be481a23

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/6772)
Age: 355160
Etag: "a66126f3a79b85f4c0c4507611cea855+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163501

GET
H/1.1 200
OK embed.i18n.7474183ca0815ae94d99.js Show response
platform.twitter.com/embed/ Frame A656 146 B
651 B 18ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.7474183ca0815ae94d99.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: db75b790206a2694094f8cae3da3176a7086f929e4f41c3fafe6e07490dc4a87

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67DF)
Age: 355161
Etag: "e6c6cbe873374a156f56ded129f56d5f"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.1f1e232812574df49967.js Show response
platform.twitter.com/embed/ Frame A656 15 KB
6 KB 18ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.1f1e232812574df49967.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669F) /
Resource Hash: ce609a18ff66b8f8d0318be227f176f99e3de7ee383253b1b4e9a1caa230afac

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/669F)
Age: 355161
Etag: "fbf967b3f220fece471a4e4129f0cc4f+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5558

GET
H/1.1 200
OK embed.runtime.e903d38956688915ba03.js Show response
platform.twitter.com/embed/ Frame 4DC0 8 KB
4 KB 17ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 7b5a69f728a7160605b396d9e4411856db9e4d9bbcd4b830cd946da9aee455af

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/6713)
Age: 355161
Etag: "327f4c83fe34cb71a7f1d17e1ecff998+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3500

GET
H/1.1 200
OK embed.modules.ff962fc355c6a950595b.js Show response
platform.twitter.com/embed/ Frame 4DC0 501 KB
160 KB 22ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6772) /
Resource Hash: 7519e61aea4f2c775a819496a69370040c9fdbf229fd19e5be139e79be481a23

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/6772)
Age: 355160
Etag: "a66126f3a79b85f4c0c4507611cea855+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163501

GET
H/1.1 200
OK embed.i18n.7474183ca0815ae94d99.js Show response
platform.twitter.com/embed/ Frame 4DC0 146 B
651 B 22ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.7474183ca0815ae94d99.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: db75b790206a2694094f8cae3da3176a7086f929e4f41c3fafe6e07490dc4a87

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67DF)
Age: 355161
Etag: "e6c6cbe873374a156f56ded129f56d5f"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.1f1e232812574df49967.js Show response
platform.twitter.com/embed/ Frame 4DC0 15 KB
6 KB 23ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.1f1e232812574df49967.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669F) /
Resource Hash: ce609a18ff66b8f8d0318be227f176f99e3de7ee383253b1b4e9a1caa230afac

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/669F)
Age: 355161
Etag: "fbf967b3f220fece471a4e4129f0cc4f+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5558

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.1b1ac18d747389819c25.js Show response
platform.twitter.com/embed/ Frame 5513 21 KB
7 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.1b1ac18d747389819c25.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: d309618347368b498f6cd50c4110fbaaafafed5ba9fd992ff1bbcf45df8a0b2d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/6763)
Age: 355161
Etag: "38647a0ff28c7b912391b716ba0f8c16+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7047

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.cb63759befa0dfd78a30.js Show response
platform.twitter.com/embed/ Frame 5513 4 KB
2 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.cb63759befa0dfd78a30.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: e0cdcd18df62db5dab7fc26e2f03e5835191e4015f30c7b27783c49c9023273e

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/674C)
Age: 355161
Etag: "616b7fcc3d03d63c086daa26449f6e1c+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1631

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.1b1ac18d747389819c25.js Show response
platform.twitter.com/embed/ Frame A656 21 KB
7 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.1b1ac18d747389819c25.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: d309618347368b498f6cd50c4110fbaaafafed5ba9fd992ff1bbcf45df8a0b2d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/6763)
Age: 355161
Etag: "38647a0ff28c7b912391b716ba0f8c16+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7047

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.cb63759befa0dfd78a30.js Show response
platform.twitter.com/embed/ Frame A656 4 KB
2 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.cb63759befa0dfd78a30.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: e0cdcd18df62db5dab7fc26e2f03e5835191e4015f30c7b27783c49c9023273e

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/674C)
Age: 355161
Etag: "616b7fcc3d03d63c086daa26449f6e1c+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1631

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.1b1ac18d747389819c25.js Show response
platform.twitter.com/embed/ Frame 4DC0 21 KB
7 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.1b1ac18d747389819c25.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: d309618347368b498f6cd50c4110fbaaafafed5ba9fd992ff1bbcf45df8a0b2d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/6763)
Age: 355161
Etag: "38647a0ff28c7b912391b716ba0f8c16+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7047

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.cb63759befa0dfd78a30.js Show response
platform.twitter.com/embed/ Frame 4DC0 4 KB
2 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.cb63759befa0dfd78a30.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: e0cdcd18df62db5dab7fc26e2f03e5835191e4015f30c7b27783c49c9023273e

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/674C)
Age: 355161
Etag: "616b7fcc3d03d63c086daa26449f6e1c+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1631

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.a5abf0628fba95cb8815.js Show response
platform.twitter.com/embed/ Frame 5513 8 KB
3 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.a5abf0628fba95cb8815.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: 2e84aaf06139c7610a7c716bb9fd310dea3e427aa77c678719f34b8d14d569ef

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67A7)
Age: 355161
Etag: "d35adddaf762aff633594466ee574ed5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2872

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.Tweet.bc5c84d1d066f0f68a3e.js Show response
platform.twitter.com/embed/ Frame 5513 50 KB
15 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.Tweet.bc5c84d1d066f0f68a3e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 8a533b2f001d4d30d190e2cbf285dc6ca675eb533976ac5f22f165ba24fce6bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/674C)
Age: 355161
Etag: "ad23ef62af2a45b4d83cc9a361ec2bfb+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14567

GET
H/1.1 200
OK embed.vendors~loader.UserAvatar~ondemand.Tweet.a1f0e159954fc47fc771.js Show response
platform.twitter.com/embed/ Frame 5513 25 KB
9 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loader.UserAvatar~ondemand.Tweet.a1f0e159954fc47fc771.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C1) /
Resource Hash: f061c6836f4de43ab0b492cce4b4a22af4ea18b03c195343cbb447ebb2b167f7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/67C1)
Age: 355161
Etag: "bd7d724b5ac47ef77222a8eb6b034c62+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8215

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.aa2683674807aadbdc67.js Show response
platform.twitter.com/embed/ Frame 5513 52 KB
15 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.aa2683674807aadbdc67.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/673A) /
Resource Hash: 23da523a0ffff334fe2ed33b683579bc44b55c457ab79e4934a1873c7e5e0541

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/673A)
Age: 355161
Etag: "75f6870caaa381ebd7edd1fc5b3e57b9+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14477

GET
H/1.1 200
OK embed.ondemand.Tweet.8cdfb8847ece18c4acd4.js Show response
platform.twitter.com/embed/ Frame 5513 58 KB
14 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.8cdfb8847ece18c4acd4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: acc146648ca4f22a5e4083944c3eb3962982ac57cb5043ee75b78edaa987d1ff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393330628708417538&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/669E)
Age: 355160
Etag: "286fa669ad82b8498fb87084901ca093+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 13932

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.a5abf0628fba95cb8815.js Show response
platform.twitter.com/embed/ Frame A656 8 KB
3 KB 8ms
8ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.a5abf0628fba95cb8815.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: 2e84aaf06139c7610a7c716bb9fd310dea3e427aa77c678719f34b8d14d569ef

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67A7)
Age: 355161
Etag: "d35adddaf762aff633594466ee574ed5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2872

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.Tweet.bc5c84d1d066f0f68a3e.js Show response
platform.twitter.com/embed/ Frame A656 50 KB
15 KB 12ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.Tweet.bc5c84d1d066f0f68a3e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 8a533b2f001d4d30d190e2cbf285dc6ca675eb533976ac5f22f165ba24fce6bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/674C)
Age: 355161
Etag: "ad23ef62af2a45b4d83cc9a361ec2bfb+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14567

GET
H/1.1 200
OK embed.vendors~loader.UserAvatar~ondemand.Tweet.a1f0e159954fc47fc771.js Show response
platform.twitter.com/embed/ Frame A656 25 KB
9 KB 12ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loader.UserAvatar~ondemand.Tweet.a1f0e159954fc47fc771.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C1) /
Resource Hash: f061c6836f4de43ab0b492cce4b4a22af4ea18b03c195343cbb447ebb2b167f7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/67C1)
Age: 355161
Etag: "bd7d724b5ac47ef77222a8eb6b034c62+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8215

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.aa2683674807aadbdc67.js Show response
platform.twitter.com/embed/ Frame A656 52 KB
15 KB 13ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.aa2683674807aadbdc67.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/673A) /
Resource Hash: 23da523a0ffff334fe2ed33b683579bc44b55c457ab79e4934a1873c7e5e0541

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/673A)
Age: 355161
Etag: "75f6870caaa381ebd7edd1fc5b3e57b9+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14477

GET
H/1.1 200
OK embed.ondemand.Tweet.8cdfb8847ece18c4acd4.js Show response
platform.twitter.com/embed/ Frame A656 58 KB
14 KB 13ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.8cdfb8847ece18c4acd4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: acc146648ca4f22a5e4083944c3eb3962982ac57cb5043ee75b78edaa987d1ff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1392211087601410054&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/669E)
Age: 355160
Etag: "286fa669ad82b8498fb87084901ca093+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 13932

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.a5abf0628fba95cb8815.js Show response
platform.twitter.com/embed/ Frame 4DC0 8 KB
3 KB 12ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.a5abf0628fba95cb8815.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: 2e84aaf06139c7610a7c716bb9fd310dea3e427aa77c678719f34b8d14d569ef

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67A7)
Age: 355161
Etag: "d35adddaf762aff633594466ee574ed5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2872

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.Tweet.bc5c84d1d066f0f68a3e.js Show response
platform.twitter.com/embed/ Frame 4DC0 50 KB
15 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.Tweet.bc5c84d1d066f0f68a3e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 8a533b2f001d4d30d190e2cbf285dc6ca675eb533976ac5f22f165ba24fce6bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/674C)
Age: 355161
Etag: "ad23ef62af2a45b4d83cc9a361ec2bfb+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14567

GET
H/1.1 200
OK embed.vendors~loader.UserAvatar~ondemand.Tweet.a1f0e159954fc47fc771.js Show response
platform.twitter.com/embed/ Frame 4DC0 25 KB
9 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loader.UserAvatar~ondemand.Tweet.a1f0e159954fc47fc771.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C1) /
Resource Hash: f061c6836f4de43ab0b492cce4b4a22af4ea18b03c195343cbb447ebb2b167f7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/67C1)
Age: 355161
Etag: "bd7d724b5ac47ef77222a8eb6b034c62+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8215

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.aa2683674807aadbdc67.js Show response
platform.twitter.com/embed/ Frame 4DC0 52 KB
15 KB 11ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.aa2683674807aadbdc67.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/673A) /
Resource Hash: 23da523a0ffff334fe2ed33b683579bc44b55c457ab79e4934a1873c7e5e0541

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/673A)
Age: 355161
Etag: "75f6870caaa381ebd7edd1fc5b3e57b9+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14477

GET
H/1.1 200
OK embed.ondemand.Tweet.8cdfb8847ece18c4acd4.js Show response
platform.twitter.com/embed/ Frame 4DC0 58 KB
14 KB 12ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.8cdfb8847ece18c4acd4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: acc146648ca4f22a5e4083944c3eb3962982ac57cb5043ee75b78edaa987d1ff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:57 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/669E)
Age: 355160
Etag: "286fa669ad82b8498fb87084901ca093+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 13932

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 5513 2 KB
1 KB 38ms
17ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_tweet_embed_clickability_12102%3Acontrol&id=1393330628708417538&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lcy/1D27) / Express

Resource Hash

4c4c6e5c1a5adc12e909b66adf2c4e5b409b96330c1cbb7b38bc073eca47dbdf

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"6a1-2PsdFIMFzIMJZqP8ggnNbbeLGyA"
age: 34
x-powered-by: Express
x-cache: HIT
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 817
x-xss-protection: 0
last-modified: Tue, 18 May 2021 00:46:23 GMT
server: ECS (lcy/1D27)
x-frame-options: SAMEORIGIN
date: Tue, 18 May 2021 00:46:57 GMT
vary: Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: c5cd77c39c35a3b7ee077094ae8d81763cd952b99940f68478ab1abb4f018f51
accept-ranges: bytes
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame A656 943 B
772 B 27ms
18ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lcy/1D42) / Express

Resource Hash

6fe24a6eeaa200510dc512c5fc4f0d50f3f0e9f5fae988f92639d9e786e11872

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"3af-/BjvKQhLt03ub0zajTfjYZ6V2j8"
age: 34
x-powered-by: Express
x-cache: HIT
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 622
x-xss-protection: 0
x-response-time: 153
last-modified: Tue, 18 May 2021 00:45:11 GMT
server: ECS (lcy/1D42)
x-frame-options: SAMEORIGIN
date: Tue, 18 May 2021 00:46:57 GMT
vary: Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: a4ce9f84b0dd9c3b6fde68810702ffb8
accept-ranges: bytes
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 4DC0 1 KB
860 B 26ms
18ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lcy/1D6A) / Express

Resource Hash

565a731052a5f4c60c202f2d0dc81033f0d16de579ceae34efee2716d3a34438

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"533-y4S/haT7u4oWItvIym7DluZFizk"
age: 34
x-powered-by: Express
x-cache: HIT
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 721
x-xss-protection: 0
x-response-time: 146
last-modified: Tue, 18 May 2021 00:46:23 GMT
server: ECS (lcy/1D6A)
x-frame-options: SAMEORIGIN
date: Tue, 18 May 2021 00:46:57 GMT
vary: Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: 380fa609b6819db35587cf15dedd7359
accept-ranges: bytes
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 6ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5PBLMO5saun50wRw

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 18 May 2021 00:46:57 GMT
content-type: text/plain
access-control-allow-origin: https://therecord.media
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 jot
syndication.twitter.com/i/ Frame 5513 43 B
375 B 162ms
162ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621298817988%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22TheRecord_Media%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22campuscodi%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%220be74e80%3A1620761712411%22%2C%22item_ids%22%3A%5B%221393330628708417538%22%5D%2C%22item_details%22%3A%7B%221393330628708417538%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
x-transaction: d972d1cf5933eac7
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK embed.vendors~ondemand.TweetVideo.3c032c04b56c9f7a86e6.js Show response
platform.twitter.com/embed/ Frame 4DC0 178 KB
47 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TweetVideo.3c032c04b56c9f7a86e6.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: 45a87095cd83714673208e7b8b1aafdadfa4ef4898044dea56135d9faba6aa64

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:58 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67C2)
Age: 355161
Etag: "13721ed6bbf5be70832283d0a1d5108e+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 47445

GET
H/1.1 200
OK embed.ondemand.TweetVideo.6ad139cbd5678dcb33e7.js Show response
platform.twitter.com/embed/ Frame 4DC0 2 KB
1 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.TweetVideo.6ad139cbd5678dcb33e7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: 722120b3a4b0aa8f8c03765a247157fe356f12e1899bbc2acb3362485b0935bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:58 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:46 GMT
Server: ECS (frb/67F2)
Age: 355162
Etag: "20a4910316176b419b4ec266300204b0+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 916

GET
H2 200 jot
syndication.twitter.com/i/ Frame 4DC0 43 B
118 B 174ms
174ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621298818023%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-2%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22TheRecord_Media%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22campuscodi%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%220be74e80%3A1620761712411%22%2C%22item_ids%22%3A%5B%221393970836302811138%22%5D%2C%22item_details%22%3A%7B%221393970836302811138%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
x-transaction: e0039cc6fae0f7d6
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame A656 43 B
118 B 172ms
172ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621298818086%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22TheRecord_Media%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22campuscodi%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%220be74e80%3A1620761712411%22%2C%22item_ids%22%3A%5B%221392211087601410054%22%5D%2C%22item_details%22%3A%7B%221392211087601410054%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
x-transaction: 8d03f509d16a4376
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 1f631.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 5513 2 KB
1 KB 100ms
31ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f631.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c050671286ff22d29215d2ecf081a85337b164bdc007e6d342b47f39ef11a339

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
timing-server-allow: https://twitter.com;https:///mobile.twitter.com
server-timing: x-cache;desc=HIT, HIT, x-tw-cdn;desc=FT
content-length: 788
x-served-by: cache-atl6226-ATL, cache-cph20651-CPH
last-modified: Wed, 21 Feb 2018 22:31:09 GMT
etag: "gRlamEekWay7K2gKcDV3KA=="
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
tw-cdn: FT
date: Tue, 18 May 2021 00:46:58 GMT
expires: Wed, 22 Jan 2020 12:46:41 GMT

GET
H2 200 1f486-1f3fb-200d-2642-fe0f.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 5513 3 KB
1 KB 101ms
32ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f486-1f3fb-200d-2642-fe0f.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3148d6f31758ea6c9a845310897e70f05595108097759f6992cb416021a93a6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
timing-server-allow: https://twitter.com;https:///mobile.twitter.com
server-timing: x-cache;desc=HIT, HIT, x-tw-cdn;desc=FT
content-length: 889
x-served-by: cache-fty21358-FTY, cache-cph20651-CPH
last-modified: Wed, 21 Feb 2018 22:31:03 GMT
etag: "dw3GmzbeLpeezxNuFy6vcg=="
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
date: Tue, 18 May 2021 00:46:58 GMT
expires: Thu, 03 Mar 2022 11:46:14 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 69ms
69ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryGuOhMHY7LJ2wY6IA

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 18 May 2021 00:46:58 GMT
content-type: text/plain
access-control-allow-origin: https://therecord.media
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 1f525.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 4DC0 822 B
637 B 93ms
31ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f525.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4fa646a4dbc10513ddeb70561789483638faf456e15186f4eb7291c5c455cbb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
timing-server-allow: https://twitter.com;https:///mobile.twitter.com
server-timing: x-cache;desc=HIT, HIT, x-tw-cdn;desc=FT
content-length: 496
x-served-by: cache-fty21345-FTY, cache-cph20651-CPH
last-modified: Wed, 21 Feb 2018 22:31:06 GMT
etag: "ZwaaE+AGNFzijsxYHy7RYg=="
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
date: Tue, 18 May 2021 00:46:58 GMT
expires: Thu, 26 Aug 2021 17:28:22 GMT

GET
H2 200 YAMtIV_2_normal.jpg
pbs.twimg.com/profile_images/1326466985258086405/ Frame 5513 2 KB
2 KB 9ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1326466985258086405/YAMtIV_2_normal.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6724) /

Resource Hash

96b98029e7f5f6da84f1a964d9ba759af3a7f6c94c5459807f37aee40f1230d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 587799
x-cache: HIT
content-length: 1807
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/2 profile_images/1326466985258086405
last-modified: Wed, 11 Nov 2020 10:07:08 GMT
server: ECS (frb/6724)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f8a12ba76c90c0e6402ba9978aedca79f9a26fdcd94a48ca8e5012a03f366b3b
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 E1Ya0i3XIAAr9RM
pbs.twimg.com/media/ Frame 5513 17 KB
17 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/E1Ya0i3XIAAr9RM?format=jpg&name=360x360

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6793) /

Resource Hash

d2487430c6774a4281f18f4b59a3e3211be1e62fbc717721bea809cb5e3ffb97

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 267930
x-cache: HIT
content-length: 17114
surrogate-key: media media/bucket/9 media/1393330624732274688
last-modified: Fri, 14 May 2021 22:19:22 GMT
server: ECS (frb/6793)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7c003b9540d4bd029de000937eea5828589e2d47c7509b7015882f3d8293c4ab
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 E1Ya0ivWYAg0ayM
pbs.twimg.com/media/ Frame 5513 20 KB
20 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/E1Ya0ivWYAg0ayM?format=jpg&name=360x360

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6731) /

Resource Hash

258b127e4eb9e53b133dfb338b4427092f9bbb3a7168a225201fd701c753dc14

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 267930
x-cache: HIT
content-length: 20465
surrogate-key: media media/bucket/1 media/1393330624698671112
last-modified: Fri, 14 May 2021 22:19:22 GMT
server: ECS (frb/6731)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 589d9997db333d4b2222aa126c8a4c7b67c55b6df0e6e82504253f57e5dd21a4
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 G9mVbzoN_normal.png
pbs.twimg.com/profile_images/1248777897617195008/ Frame 4DC0 6 KB
6 KB 6ms
6ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1248777897617195008/G9mVbzoN_normal.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6727) /

Resource Hash

eb9315f962903cb24ab239dcdae975290ddcf3a6c74292bfc2ac207a91a7cd5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 109900
x-cache: HIT
content-length: 6063
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/9 profile_images/1248777897617195008
last-modified: Sat, 11 Apr 2020 00:58:26 GMT
server: ECS (frb/6727)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c5ade57c2f4d174f220248f47a809a7b5df374ad116542a3df6575ef54fe0675
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 cRr36VVW_normal.jpg
pbs.twimg.com/profile_images/1384772727123349505/ Frame A656 2 KB
2 KB 6ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1384772727123349505/cRr36VVW_normal.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67F2) /

Resource Hash

88f3ef61bab8f818fe354512e8f02d6052c53ee4cb954a824ffcd43a1ca9b970

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 493856
x-cache: HIT
content-length: 2263
x-response-time: 117
surrogate-key: profile_images profile_images/bucket/6 profile_images/1384772727123349505
last-modified: Wed, 21 Apr 2021 07:33:20 GMT
server: ECS (frb/67F2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3f20102e94469b9c9754cd178fd8d29b0f1569a860a38ef9ad75b7e83d26f431
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK embed.vendors~loaders.video.VideoPlayerDefaultUI.9b7027d000c21593bcd8.js Show response
platform.twitter.com/embed/ Frame 4DC0 132 KB
32 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~loaders.video.VideoPlayerDefaultUI.9b7027d000c21593bcd8.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e903d38956688915ba03.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67AA) /
Resource Hash: 6d5adcbf950fefdb94dc0bc4becc0c6204a6fec560adb3665b803b2124c9476e

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=campuscodi&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1393970836302811138&lang=en&origin=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&sessionId=c997c9e1c51724f126032ee273d4f0cabcebf2f5&siteScreenName=TheRecord_Media&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 00:46:58 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 20:52:47 GMT
Server: ECS (frb/67AA)
Age: 355161
Etag: "a06f590c1e94adff87f0d2a13aad449c+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 32011

GET
H2 200 E1hhFO_VcAIYdpS.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 4DC0 111 KB
111 KB 6ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/E1hhFO_VcAIYdpS.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BA) /

Resource Hash

5ea079e618336d0992da0cdc0497b4a697215879d7a207697080c90225acce15

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 115294
x-cache: HIT
content-length: 113717
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/0 tweet_video_thumb/1393970827222151170
last-modified: Sun, 16 May 2021 16:43:18 GMT
server: ECS (frb/67BA)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ad76f10db4aada4b51e06cc88e9605ee86180bbca6d8ec6d28abbb30bff3cf0c
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 jot
syndication.twitter.com/i/ Frame 4DC0 43 B
117 B 161ms
160ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621298818181%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-2%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22TheRecord_Media%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22campuscodi%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%220be74e80%3A1620761712411%22%2C%22item_ids%22%3A%5B%221393970836302811138%22%5D%2C%22item_details%22%3A%7B%221393970836302811138%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A483.4199994802475%7D&dnt=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
x-transaction: 5f1a7eeb4919ae72
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 E1hhFO_VcAIYdpS.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 4DC0 111 KB
111 KB 6ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/E1hhFO_VcAIYdpS.jpg

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.ff962fc355c6a950595b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BA) /

Resource Hash

5ea079e618336d0992da0cdc0497b4a697215879d7a207697080c90225acce15

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
x-content-type-options: nosniff
age: 115294
x-cache: HIT
content-length: 113717
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/0 tweet_video_thumb/1393970827222151170
last-modified: Sun, 16 May 2021 16:43:18 GMT
server: ECS (frb/67BA)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ad76f10db4aada4b51e06cc88e9605ee86180bbca6d8ec6d28abbb30bff3cf0c
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
657 B 277ms
168ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nv0r6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 731184ad93e5dba9c1caccf6ac317f5a1e6ce112d13d58a83caa7aaae39e31d2
x-transaction: 69d949b11542950c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
781 B 52ms
36ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=252628&rcu=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F&pu=https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%3Futm_medium%3Demail%26_hsmi%3D127826602%26_hsenc%3Dp2ANqtz-_7-RNdMa-R5-aSIJLGnF21vslzlMimvsk1I76p5O_HKvRLJS0ITtwTQOr4wBzG6pqyJ2pX9jfPraX0sV2ikcCTdELotg%26utm_content%3D127826602%26utm_source%3Dhs_email&t=PoC+released+for+wormable+Windows+IIS+bug+%7C+The+Record+by+Recorded+Future&cts=1621298818257&vi=a227c06026963e85ae8ce280c8932add&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://therecord.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 7cb5f464-fddd-4acd-a4b8-5c50234b74ef
cf-ray: 6511124e3ad91f41-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1e89c4e500001f41a58b5000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YibhJ3qsqHhmB2Z979URfcuouRRiOoK0eGIN5dgBOy68icVve%2FQW7TV1KB5lU3cOQiFHVCudydo4RR1gQxVjt9Mtmr%2BZRMqfRrPjh2ZdFik6L7UYs3tepsTTwj4SaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 jot
syndication.twitter.com/i/ Frame 5513 43 B
117 B 168ms
167ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621298818295%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22TheRecord_Media%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22campuscodi%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%220be74e80%3A1620761712411%22%2C%22item_ids%22%3A%5B%221393330628708417538%22%5D%2C%22item_details%22%3A%7B%221393330628708417538%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A587.7950005233288%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
x-transaction: 005876fa40d21da1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame A656 43 B
117 B 160ms
160ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621298818295%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftherecord.media%2Fpoc-released-for-wormable-windows-iis-bug%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22TheRecord_Media%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22campuscodi%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%220be74e80%3A1620761712411%22%2C%22item_ids%22%3A%5B%221392211087601410054%22%5D%2C%22item_details%22%3A%7B%221392211087601410054%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A587.3650014400482%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 00:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 18 May 2021 00:46:58 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 998a8af525b2b4d5d29d3d2a7767d5a403812675fce1c27cb0b843afdc6106b1
x-transaction: c0370c82de007581
expires: Tue, 31 Mar 1981 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.therecord.media/	1970-01-19 18:21:40	Name: __hssc Value: 156209188.1.1621298818255
.therecord.media/	1970-01-20 03:43:14	Name: hubspotutk Value: a227c06026963e85ae8ce280c8932add
.therecord.media/	1970-01-20 03:43:14	Name: __hstc Value: 156209188.a227c06026963e85ae8ce280c8932add.1621298818255.1621298818255.1621298818255.1
therecord.media/	1970-01-20 11:52:50	Name: _gd_visitor Value: 40df96cf-5bb7-4932-8305-2507a6d472c7
.therecord.media/	1970-01-19 22:44:26	Name: _pk_ref.2.de70 Value: %5B%22hs_email%22%2C%22%22%2C1621298817%2C%22%22%5D
therecord.media/	1970-01-19 18:31:43	Name: _an_uid Value: 0
therecord.media/	1970-01-19 18:21:53	Name: _gd_session Value: 62b79605-886e-4cf6-868b-3d09ffda9b6c
therecord.media/	1970-01-20 11:52:50	Name: _gd_svisitor Value: ec641102f6430000810ea360f30100008ea11100
.therecord.media/	1970-01-19 20:31:14	Name: _fbp Value: fb.1.1621298817415.1570928582
.therecord.media/	1970-01-19 18:21:38	Name: _gat_gtag_UA_9153858_16 Value: 1
.therecord.media/	1970-01-20 11:52:50	Name: _ga Value: GA1.2.823716375.1621298817
.therecord.media/	1970-01-19 18:21:40	Name: _pk_ses.2.de70 Value: 1
.therecord.media/	1970-01-19 18:23:05	Name: _gid Value: GA1.2.1525750536.1621298817
.therecord.media/	1970-01-20 03:47:34	Name: _pk_id.2.de70 Value: aebad43622381e5f.1621298817.
.therecord.media/	1969-12-31 23:59:59	Name: __hssrc Value: 1
therecord.media/	1969-12-31 23:59:59	Name: wordpress_google_apps_login Value: a2cd5c3f75bbf5b88308ae5524c5b7fc

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://go.recordedfuture.com/e2t/tc/VWvw5b4L5C_VN6drRJksFscVW6D6W6y4rK291N6R-BZh3lGn5V1-WJV7CgKH8W155yV53p6X35W7S8NdX8ZfcPWW8RZ5P-7z9KRgW2MXtWd5XdVC4W6tBbzg7rwtT9W8X4yzR1FyJN3W20Pvxb1WZCfjW81zF9m2_pCbgW13fgSj2764HNW4c4rVM539cPVN7GcDbXkNLgwW5GYfy_2gZCdzVrkWW097mRZkN2TZvsdJZN5DW1GZlPd7WcPkvW8HPscd5DNHkxW6B2LMR6XqxMhMk1n2JvgqS3W6lk4R485qBmSW8l3Cyj548LT-W4jK0qm3d3Lp9W6FNVjS3H3NBgW6yxkV_48MvRYW5fLK7G6tnBsW32ps1(Line 13) Message: toS
console-api	log	URL: https://therecord.media/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs-0.twimg.com
analytics.twitter.com
b.6sc.co
c.6sc.co
cdn.matomo.cloud
cdn.syndication.twimg.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
go.recordedfuture.com
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
pbs.twimg.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
recordedfuture.matomo.cloud
s.w.org
secure.adnxs.com
secure.gravatar.com
static.ads-twitter.com
syndication.twitter.com
t.co
therecord.media
track.hubspot.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
104.244.42.136
104.244.42.5
104.244.42.67
104.244.43.131
108.174.10.14
151.101.12.157
18.196.53.208
185.33.220.241
192.0.77.48
199.60.103.2
23.79.145.42
2600:9000:2190:1800:c:7d55:b3c0:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:2800:234:59:254c:406:2366:268c
2606:4700::6811:44b0
2606:4700::6811:d4cc
2606:4700::6812:14bf
2606:4700::6812:721
2606:4700::6813:9a53
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::200a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:fa87:fffe::c000:4902
00d204ce3099149a22353e67223c9529ab04c0da23e4df8b8b08a93d5f98008d
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10c84c9009726b2489264cde13e1c0a3f33b420b153c936c043f17fa12811d62
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
117e2a91923708b07d59a27a53355a64a439390de0c6967010d99f8447d9d3d7
1d68a005b62c790914390c7e0597962f0a2ce46a3118dacee8c9ffc496ae78d8
1fe15236efa2c9099b9216ffaf5156f07b4cf03aea8b8ff25a94b514f3773341
23d06dc5ae630d2f114d48b814864af9d7e44dedd85a4218188bfb53f0fcdafc
23da523a0ffff334fe2ed33b683579bc44b55c457ab79e4934a1873c7e5e0541
258b127e4eb9e53b133dfb338b4427092f9bbb3a7168a225201fd701c753dc14
259408ba84c511e2ce559b41f9befbcf42240dcc4c38a7fcd3b2042825500ae1
263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38
27feaf48b317d189270af96f3fd5ba377b44ead58a161d9cb65067860b9fea35
282c69325f8c89038a525c70d7d791e011934f48da2313abb3911306f087cc07
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2e84aaf06139c7610a7c716bb9fd310dea3e427aa77c678719f34b8d14d569ef
2ea5256ef9076fd8d3ea0b3939fcf064e197006ed6ed71bb793c852737921439
2fc5ace475076f454c946a32e61011a7b8b0ab6fadfb98a73756906b94a5588d
3148d6f31758ea6c9a845310897e70f05595108097759f6992cb416021a93a6e
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
31f8e9e3966813743e7db61324821c27a86a66d31a1189bc04e2154d8ba6d98d
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
3a8717b1c866759c800df22bdc5b34545730d2790473892a4cf31dce49bf1170
3cc49fc5ded58b415e3f3fd2f07cff4f18da9e1e09602b5085fcd3f0cc85a486
3ee638689e343730a82027d03714f274b6c665cf7e3bf60b5208a3a0cdb3581d
40a89043951076b9f32488d5cafd64711df1e623e2123ba0ffd14899de55306c
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
45a87095cd83714673208e7b8b1aafdadfa4ef4898044dea56135d9faba6aa64
4a194d83b67af534cc6ed520d864bb551208f62fad994af2a1b1e9259c4baca1
4c1d5efcfedce06258ef9376165421ab41a9e867bc1dee1024093652f01cb020
4c4c6e5c1a5adc12e909b66adf2c4e5b409b96330c1cbb7b38bc073eca47dbdf
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4ed16cc13dbbf0ea3fff2cef7cec717e06bcf8208e5b4776eb2dfc6b4e175a85
4fa646a4dbc10513ddeb70561789483638faf456e15186f4eb7291c5c455cbb6
4fdebf6b7c1ba29dafcb14b5c0880e6547282dbcd95405508fedbd1eff3538f6
5447ba13480eca4513d5e82c4528dd6e9bc2236b4dd0c11bff070315ad1fe38c
565a731052a5f4c60c202f2d0dc81033f0d16de579ceae34efee2716d3a34438
57a45007f24b920e1cb59467217fd99f6b7aca9806c31fd2fbdf8ba38df471b4
5883c6bf2740258844b5842dd9abd83e95cb62019fb0bafdc68f226be50ec9bc
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5ea079e618336d0992da0cdc0497b4a697215879d7a207697080c90225acce15
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
615634720325377624eb3e7eb0b9c3f7480594a0115b38c3c164a745e6f40132
64d255f57fcb051e9f2ce34c110d8a33da1fb3362b5c6647527eda24ea323005
6a76f4bba8f5f4895c3aa44d243a16e8b3ae0d9b53a2cefa06b10480c5df6575
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d5adcbf950fefdb94dc0bc4becc0c6204a6fec560adb3665b803b2124c9476e
6d7b7c989e40d891aba2f1fd2643bc0c141f07af5bc3f2fd3e8904d5a5570750
6fe24a6eeaa200510dc512c5fc4f0d50f3f0e9f5fae988f92639d9e786e11872
722120b3a4b0aa8f8c03765a247157fe356f12e1899bbc2acb3362485b0935bc
7519e61aea4f2c775a819496a69370040c9fdbf229fd19e5be139e79be481a23
79148d3b353f75f4b122ec75e03dd4470a1878599a5f148123f103cfdae350ec
799bf3bfa27a6391a622a80e7389f7a7a0db1a1f21de22411b05d6757ce4d123
799c126cfbfd39ec8b8d4aae428e39e0b189dfedb025dfbda40fbb385feb2bc4
7a53341f5523f65602a0bd713a64df14bdd29783e1d9c5f077d81be0b9cf6e32
7ab033d924a13c57cbdff0285e95526d16b83e980cf1fbbb8df85dcebabac0b9
7b5a69f728a7160605b396d9e4411856db9e4d9bbcd4b830cd946da9aee455af
7f072dbb779b20cea6866f3f8d398af9cafe418e7e038aa0702feddf741f040c
88f3ef61bab8f818fe354512e8f02d6052c53ee4cb954a824ffcd43a1ca9b970
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a533b2f001d4d30d190e2cbf285dc6ca675eb533976ac5f22f165ba24fce6bc
8fd9ef4e5f96881b0e06393b01a1be3d5bc305fcd5db934f11cbf624f597a59a
90416a7cc6359148ba877ac607904a24a0c394efacbcd05f737c6df991b442d7
9304a42699e5984d4023da276789e75184c069999500b97a5c635f60f807c15a
96b98029e7f5f6da84f1a964d9ba759af3a7f6c94c5459807f37aee40f1230d5
99b79d1c94eba72703a1bc2a5b368a25028c6c2a4f2ec0791ff80306238adb95
9df07cae9221a9eb9b76e0e2e0241700c5fff03d00fe4a0f08c907b463dfd641
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a238cffffbfea4c2868fca1b142a3a9690574537a38c857dbe309ec27b033eb3
a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05
a5b298070b2cfac1c085a3d3e34c4bc77e95751b0a580278a2af9e257524f771
a7d1a3faaf917a6aadd36b0bc36005b1d2f76550280fe31b60fe93f8694331cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acc146648ca4f22a5e4083944c3eb3962982ac57cb5043ee75b78edaa987d1ff
b6dd9f9f395c5e6bad57736b0f842a5f91f080996d8e782e2cb135ed7f0a2907
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c050671286ff22d29215d2ecf081a85337b164bdc007e6d342b47f39ef11a339
c6896cc2ff0265426475dc3ad4ddc73516fa80ff8440739bf7efcabb1d3be92f
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce609a18ff66b8f8d0318be227f176f99e3de7ee383253b1b4e9a1caa230afac
d2487430c6774a4281f18f4b59a3e3211be1e62fbc717721bea809cb5e3ffb97
d309618347368b498f6cd50c4110fbaaafafed5ba9fd992ff1bbcf45df8a0b2d
db75b790206a2694094f8cae3da3176a7086f929e4f41c3fafe6e07490dc4a87
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcff066c4253fe497412f59899a87195193db530ae953ae48eb9942edcca3dca
de2b7173a1423e70e09f4bf05e5e5436c29fc4154ef85f8b481e76288030ff8d
df15236d4098113e3479fc540a9bd1046ca6029f5508098e9c4245a0e12fab05
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0a68a655403be38865c2364723afd653992aac0866116c4f86bdb9a73022fb2
e0cdcd18df62db5dab7fc26e2f03e5835191e4015f30c7b27783c49c9023273e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7abfcffcbae9a6a8d7b7a2e3ccf5dd58988ede6d7987528e2a097e2063fb0f6
eb9315f962903cb24ab239dcdae975290ddcf3a6c74292bfc2ac207a91a7cd5b
ebda42e9095078fad27fb85df9ab2ee552916dc05ad5ec4858c2bb435e483a96
ef3c47cb702e040372a3a4bce66d5e0ecc46c56325ec40f8c00b91da0d1d3f46
f061c6836f4de43ab0b492cce4b4a22af4ea18b03c195343cbb447ebb2b167f7
f074d6d6260e8e71fd892ac03bfa5f6810d51ae2b67a3f55f67a95deacff5c87
f492372f1ac1ce4caf9876f04e9d463dd300c05d88ef8839e7f64a295d46b592
f62c06b02b5623cd1e434dd222b1f32ea09649408f625918a1f2c6604e5018d3
fb242b5f299cd08ee579ad1b46e13cb235bb595dd10b03fab7dfadfc61103be6
fc98a0af3b383a9e6440e3fcd2750f662de7dfebd40b558607c6c5916751074a
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ff567278a3fca3c3bd14feb8fe4e8d502a89af75fd6e3346f060ee57a06c3b73

therecord.media Open in urlscan Pro 2606:4700::6812:721 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

147 Requests

100 %HTTPS

62 %IPv6

22 Domains

31 Subdomains

27 IPs

4 Countries

2968 kBTransfer

6860 kBSize

16 Cookies

10 Outgoing links

Page URL History

Redirected requests

147 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

therecord.media Open in urlscan Pro
2606:4700::6812:721 Public Scan

Screenshot
Live screenshot

Full Image

147
Requests

100 %
HTTPS

62 %
IPv6

22
Domains

31
Subdomains

27
IPs

4
Countries

2968 kB
Transfer

6860 kB
Size

16
Cookies

147 HTTP transactions
0 data transactions