itnerd.blog Open in urlscan Pro
192.0.78.25 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Submission: On April 04 via api (April 4th 2022, 2:10:46 pm UTC) from US — Scanned from DE

Summary HTTP 60 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 21 IPs in 5 countries across 16 domains to perform 60 HTTP transactions. The main IP is 192.0.78.25, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is itnerd.blog.
TLS certificate: Issued by R3 on February 24th 2022. Valid for: 3 months.

This is the only time itnerd.blog was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC)
23	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
4	176.34.151.72 176.34.151.72	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	104.76.200.196 104.76.200.196	16625 (AKAMAI-AS) (AKAMAI-AS)
1	192.0.78.18 192.0.78.18	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.77.38 192.0.77.38	2635 (AUTOMATTIC) (AUTOMATTIC)
1	184.30.25.51 184.30.25.51	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.102.28.254 104.102.28.254	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.255.84.150 185.255.84.150	200271 (IGUANE-) (IGUANE-)
1	54.36.109.183 54.36.109.183	16276 (OVH) (OVH)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
1	63.32.97.205 63.32.97.205	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
60	21

3 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

itnerd.blog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 176.34.151.72 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com

s.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.200.196 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-196.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.18 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

r-login.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.38 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.25.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-51.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.28.254 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-254.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.150 (France)

ASN200271 (IGUANE-, FR)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.109.183 (France)

ASN16276 (OVH, FR)
PTR: p08.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.97.205 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-97-205.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	wp.com s0.wp.com — Cisco Umbrella Rank: 6262 stats.wp.com — Cisco Umbrella Rank: 2718 widgets.wp.com — Cisco Umbrella Rank: 10541 pixel.wp.com — Cisco Umbrella Rank: 2543	158 KB
6	pubmine.com s.pubmine.com — Cisco Umbrella Rank: 10220 c0.pubmine.com — Cisco Umbrella Rank: 30486	156 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 389 mug.criteo.com — Cisco Umbrella Rank: 2685	1 KB
4	gravatar.com 1.gravatar.com — Cisco Umbrella Rank: 7293 0.gravatar.com — Cisco Umbrella Rank: 7071	12 KB
3	wordpress.com r-login.wordpress.com — Cisco Umbrella Rank: 23320 public-api.wordpress.com — Cisco Umbrella Rank: 7353	4 KB
3	itnerd.blog itnerd.blog	23 KB
2	gstatic.com fonts.gstatic.com	70 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 326	541 B
1	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 1694	334 B
1	rlcdn.com api.rlcdn.com — Cisco Umbrella Rank: 801	325 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 607	529 B
1	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 4064	526 B
1	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 453	55 KB
1	teads.tv a.teads.tv — Cisco Umbrella Rank: 1194	5 KB
1	pinterest.com api.pinterest.com — Cisco Umbrella Rank: 2530	438 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	1 KB
60	16

	Domain	Requested by
20	s0.wp.com	itnerd.blog s0.wp.com widgets.wp.com public-api.wordpress.com
5	pixel.wp.com	itnerd.blog
4	s.pubmine.com	itnerd.blog c0.pubmine.com
3	widgets.wp.com	itnerd.blog s0.wp.com widgets.wp.com
3	0.gravatar.com	itnerd.blog 0.gravatar.com
3	itnerd.blog	s0.wp.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	c0.pubmine.com	itnerd.blog c0.pubmine.com
2	public-api.wordpress.com	s0.wp.com public-api.wordpress.com
2	fonts.gstatic.com	fonts.googleapis.com
1	match.adsrvr.org	ads.pubmatic.com
1	id.crwdcntrl.net	ads.pubmatic.com
1	api.rlcdn.com	ads.pubmatic.com
1	id5-sync.com	ads.pubmatic.com
1	hb-api.omnitagjs.com	c0.pubmine.com
1	ads.pubmatic.com	itnerd.blog
1	a.teads.tv	c0.pubmine.com
1	r-login.wordpress.com	itnerd.blog
1	api.pinterest.com	s0.wp.com
1	fonts.googleapis.com	s0.wp.com
1	stats.wp.com	itnerd.blog
1	1.gravatar.com	itnerd.blog
60	23

This site contains links to these domains. Also see Links.

Domain
news.sophos.com
twitter.com
digital.nhs.uk
kb.vmware.com
gurucul.com
gravatar.com
akismet.com
wordpress.com
itnerd.wordpress.com
wp.me
en.wordpress.com
subscribe.wordpress.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2022-02-24` - `2022-05-25`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
s.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-15` - `2022-10-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
c0.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-23` - `2023-04-23`	a year	crt.sh
teads.tv R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-24` - `2022-06-23`	a year	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Frame ID: FFD03477E71C6502CEF93DAF73B6F80E
Requests: 50 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20220105
Frame ID: 1325856A32B1BBE38222BEBB31B2F704
Requests: 3 HTTP requests in this frame

Frame: https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9pdG5lcmQuYmxvZw%3D%3D&wpcomid=2945587&time=1649081440
Frame ID: 0085914525DA219D6849963C97BFE49B
Requests: 1 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: DEE52524EE892740D14261B4B29FA91C
Requests: 3 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/index.html?ver=20220105
Frame ID: 9765DA6DF7691D89E68E9FC5DC16D1D6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log4Shell Exploited To Infect VMware Horizon Instances | The IT Nerd

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

60
Requests

97 %
HTTPS

20 %
IPv6

16
Domains

23
Subdomains

21
IPs

5
Countries

494 kB
Transfer

1617 kB
Size

9
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://news.sophos.com/en-us/2022/03/29/horde-of-miner-bots-and-backdoors-leveraged-log4j-to-attack-vmware-horizon-servers/
Title: warned

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1484145056198053891
Title: multiple reports

Search URL Search Domain Scan URL

URL: https://digital.nhs.uk/cyber-alerts/2022/cc-4002
Title: active exploitation

Search URL Search Domain Scan URL

URL: https://kb.vmware.com/s/article/87073
Title: has pushed out patched versions

Search URL Search Domain Scan URL

URL: https://gurucul.com/
Title: Gurucul

Search URL Search Domain Scan URL

URL: https://gravatar.com/site/signup/

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_blog
Title: Blog at WordPress.com.

Search URL Search Domain Scan URL

URL: https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Fitnerd.blog%252F2022%252F03%252F29%252Flog4shell-exploited-to-infect-vmware-horizon-instances%252F
Title: Log in now.

Search URL Search Domain Scan URL

URL: https://itnerd.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Fitnerd.wordpress.com%2F2022%2F03%2F29%2Flog4shell-exploited-to-infect-vmware-horizon-instances%2F
Title: Customize

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://wp.me/pcmht-mMR
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: http://en.wordpress.com/abuse/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://wordpress.com/read/blogs/2945587/posts/87597
Title: View post in Reader

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fitnerd.blog%2F&domain=itnerd.blog&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=8VPOvXxBUjFVdUszaDRHdDZNcElnc2wwV1IwZTFucDBDMFhRV2xZZys0QVdaRXBSRXFHVnNhdUQ1a2RYdW5QK0JPZUVONzRDKzlDcHNnV1ZTa0tzcy95V0UvZUJLQjAyV1g1WktqeGlkRko4a0JlRCtXWTl1Zjc0OU1EbVh5czVYZDNITVkwSFVubnlCcUljOFcyb2E1VSs0bHc0ejdDTGpOcGFLUitGNTIxQVptVVpjOEVmTytQamYwWGgrTGV6LzlMZUlHRlo1V2dteUt6aDBxNFJNTUN2NmJXY2FPMzcveEJGU2tpUkNOT3Q1UXowPXw&cppv=2

60 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/ 81 KB
22 KB 398ms
314ms Document
text/html 192.0.78.25
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

19aa560756e03c4d43e9a5f047cad42ad76185b787cc55ecc092ff11ef6dfae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:10:40 GMT
host-header: WordPress.com
link: <https://wp.me/pcmht-mMR>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.hhn _dfw
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-pingback: https://itnerd.blog/xmlrpc.php

GET
H2 200 /
s0.wp.com/_static/ 257 KB
30 KB 55ms
17ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNj1tuwyAQRTdUmNpJrPSj6lowjBDJ8BADidh9HatxXUdt+nk091wucE1Cx1AwFPBVJKrWBYZr0tEL9o6wbUhq5hdYaSNF+y3GbJRhsBRHRQ/Z1RMZSRU0IkUuG/pLI3dGhhOWpPRZzPQQv2dtnXDEbKdLRrh0vXyTrzBWR+Y2ey4Ys8oNuDTCpcgFTdXc3mHwaJxCQj8PWUEi1TALQqt0k96F5/p0W/MP6ffx89LVn1WLtQibndnM/ndFVsUFy090Hb+0XnZH2Ql2PhGKjBfZgXFcloRYij78ezfsj8NhP+z60yc7A+LR?cssminify=yes
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: da2bdcb3a3e13d551a1ec3641b12d134fbf93a34802b2a13bd0d22f96c94a06c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Wed, 30 Mar 2022 15:37:32 GMT
server: nginx
etag: W/"6244793c-40381"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Fri, 31 Mar 2023 17:41:53 GMT

GET
H2 200 /
s0.wp.com/_static/ 10 KB
3 KB 72ms
33ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9jcsKAjEMRX/IGAYq6kL8lrYTO9X0QZsy+PdG3CiKm3Dv5RyCawVfslAWTAMqjxBzR18a6Z6qFVQi0RwtMSXFtr73Df7W1qoOOFcb9Q56UxwJZFGxf3mvGetw6Nj6GzCJUFvIztjlzvTvU6ACXLyVWPJHgQvb2P6pjRyXoDGgUm/1KZ3TaTK7ozGH/WSuD9yBats=?cssminify=yes
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 841ed1020d669f6977519e5e7a07b4d21f705410a1a09bff5880e44c066f2e5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Sun, 19 Dec 2021 04:17:21 GMT
server: nginx
etag: W/"61beb251-29ea"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Wed, 25 Jan 2023 16:34:14 GMT

GET
H2 200 /
s0.wp.com/_static/ 29 KB
11 KB 72ms
34ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJxti0EKgCAQAD+UbVFGHaK3mJgaqyut0vejQ4eo0zAwA2cSmmI2MUMoImGxPjIk4iw2VP4Adurw0T6sNXMF/xeT9goFkqW3fKbsTDAMrgeLtCq8gyXM7dCNUjZy6vcLZTc31Q==?cssminify=yes
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 328fa5bc0f18f91f6d8e04da02ce1ce6ca437b5805dd5fc89841126f1d38c61a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Fri, 03 Dec 2021 16:56:38 GMT
server: nginx
etag: W/"61aa4c46-72e3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Sat, 03 Dec 2022 16:56:43 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 30 KB
7 KB 55ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJxdjEsOQiEMRTdkReOLxIFxLXwqgQAltOTp7sWJMQzv5xy1N3BUBauoxKqQjRlhMHYTZgexPumY+KD+fmVAyyPEyqpjNoIeGrEsaaWmvWeB1un1XjebKfycO3VvPIPLhhn5C7rSgGXYyT3K/Xy9aH3atptOHwYMRmE=
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 6cad3ad97594bc4b921116f65c172edd993615a2798e2dfbbd6c0b54d35f1626

Request headers

Referer: https://itnerd.blog/
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Sun, 19 Dec 2021 04:31:33 GMT
server: nginx
etag: W/"61beb5a5-7675"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Wed, 21 Dec 2022 09:47:48 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ 17 KB
3 KB 76ms
39ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1641292264h&cssminify=yes
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c19118188e47f6ed3a2cc3dc9ab3614b7fe0bcfb4919d7d643d21ccba846e2c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"61d421f2-53b9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Wed, 04 Jan 2023 10:31:18 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ 2 KB
2 KB 91ms
41ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f9425e0125b81c60d1ed89e9d1618e9ce16d19cc1661f156b9627ff10c056a8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 04 Apr 2022 14:10:40 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical"
content-length: 1658
expires: Mon, 04 Apr 2022 14:15:40 GMT

GET
H2 200 gprofiles.js Show response
0.gravatar.com/js/ 23 KB
7 KB 81ms
17ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/gprofiles.js?ver=202214z
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: b8ddfe2786718750e37a2a7d2841e4e6a110a1877e21a03675d47c591d4a7f03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Fri, 25 Feb 2022 16:03:16 GMT
server: nginx
etag: W/"6218fdc4-5df8"
content-type: application/javascript
cache-control: max-age=604800
expires: Mon, 11 Apr 2022 14:10:40 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 868 B
452 B 26ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240h
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087

Request headers

Referer: https://itnerd.blog/
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"5ffc31a9-465"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 44 KB
11 KB 19ms
15ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1645810379j
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f7e353eb1ac09e5d1ed5605e908a9fc18c07d59a56bee6be99285d1ad7377044

Request headers

Referer: https://itnerd.blog/
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Fri, 25 Feb 2022 17:33:12 GMT
server: nginx
etag: W/"621912d8-ae71"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Sat, 25 Feb 2023 17:33:19 GMT

GET
H2 200 wpcom-gray-white.png
s0.wp.com/i/logo/ 8 KB
8 KB 21ms
17ms Image
image/png 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/i/logo/wpcom-gray-white.png
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
x-ac: 2.hhn _dfw
last-modified: Sat, 31 Dec 2016 05:45:35 GMT
server: nginx
etag: "586745ff-200b"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 8203
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 loading.gif
s0.wp.com/wp-content/mu-plugins/post-flair/sharing/images/ 2 KB
3 KB 21ms
18ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/mu-plugins/post-flair/sharing/images/loading.gif
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
x-ac: 2.hhn _dfw
last-modified: Sat, 31 Dec 2016 05:45:40 GMT
server: nginx
etag: "58674604-9e2"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 2530
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 99 KB
29 KB 29ms
24ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9zkkOwjAMBdALkYYCqtggzuImpk3rDNgJw+0JEkWIRVe29P2frO9JmRgyhqwn0RZvzmB6NJNs9E/ki0pUBhdEk5tR9LVgwRGCJeTl2AVDxdawQiZ6X4uKMdGz8S78iz3F4WveI1uwogyByAfwqenL21/5BWyVVQ+sPUhGrpvKDGaWlVKKktWFwLGWEdiFYZm1dPantjvsd9tuf2ynF15eahE=
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cb431c51a6e7f778f9120e332a5e684f53189dd568aa2fd2dfc6713c0bcb8b2f

Request headers

Referer: https://itnerd.blog/
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Wed, 26 Jan 2022 14:13:06 GMT
server: nginx
etag: W/"61f156f2-18c23"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 26 Jan 2023 14:13:28 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 11 KB
4 KB 76ms
28ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?63
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 6927f01a13b3d278efcd7e1f9fae899d1b2da7e35c07a9efb4256b5cfb072c03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"61376814-2a40"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Thu, 10 Nov 2022 15:19:00 GMT

GET
H2 200 webfont.js Show response
s0.wp.com/wp-content/plugins/custom-fonts/js/ 12 KB
5 KB 21ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cb8943abdc046f98c2a74cbe013552f1ed2a5746fd76546ed63f60d32dd83615

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"60aef169-30cd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ 18 KB
5 KB 27ms
24ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1625065786h&ver=5.9.3-RC1
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"61beb200-4705"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Fri, 31 Mar 2023 11:36:48 GMT

GET
H/1.1 200
OK conf Show response
s.pubmine.com/ 1 KB
1 KB 1003ms
52ms Script
text/javascript 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/conf?gdpr=1&pp.pt=1&pp.ht=1&pp.tn=black-letterhead&pp.uloggedin=0&pp.amp=false&pp.consent=0&pp.gdpr_applies=true&pp.ad.label.text=Advertisements&pp.ad.reportAd.text=Report%20this%20ad&pp.ad.privacySettings.text=Privacy&pp.siteid=2945587&pp.js_hint=tcf2_test&rid=5462564687310&ref=https%3A%2F%2Fitnerd.blog%2F2022%2F03%2F29%2Flog4shell-exploited-to-infect-vmware-horizon-instances%2F&vp=1600x1200&cb=callback__l1ksifbg_1
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 71c8900510ed45baede166c73cf5b9a00b78fc2f8a249b2af504900c92f74ab2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:10:41 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8

GET
H2 200 button-back.gif
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ 1 KB
1 KB 17ms
16ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1641292264h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1641292264h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
x-ac: 2.hhn _dfw
last-modified: Sat, 31 Dec 2016 05:45:43 GMT
server: nginx
etag: "58674607-4d0"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1232
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 85ms
30ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Merriweather+Sans:r%7CMerriweather+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9d13e8a0057fd70ca9b7fe86581fc260d7f14ea54c8c3aec12b94d32f1769433

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 13:55:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 14:10:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 14:10:40 GMT

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame 1325 3 KB
1 KB 18ms
16ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20220105
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b24220a1cbe811e074f353e3e39612513c31cf3cfdd51cda1d247e55dcf73611

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-encoding: br
content-type: text/html
date: Mon, 04 Apr 2022 14:10:40 GMT
etag: W/"61d59762-ae1"
last-modified: Wed, 05 Jan 2022 13:04:34 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.hhn _dfw
x-nc: HIT hhn 2

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 21ms
20ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.4426419887021056
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 04 Apr 2022 14:10:40 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 20ms
19ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=2945587&v=wpcom&tz=-4&user_id=0&post=87597&subd=itnerd&host=itnerd.blog&ref=&rand=0.7654074698044273
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 04 Apr 2022 14:10:40 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 20ms
20ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE5tW3cvZGRQblRRYzBPaEhGOC5hPURDXVZZLSw2Tz1sRmE1NV8lRGhjSll6LWR%2BUHUzbmFCN3pmaSZYMVYwd3lhSWZ4NE0tRFR%2BaEhhTDdlVGtGRlYwVEI%2FbyU3L1FtR3xNUF9qNUJSM0JfZ3VbNS9hLVguOWJVJTlpZ25ZVS8yKzJHK0JMUT92PyZIMk5XaHRlMEI%2FfEk3dmQxQmMzJT8tRiVNdklDeF1fTjlNay01Tmh6UTFQY205LjJqWCxQRkhTOHdEQUNQQjFf&v=wpcom-no-pv&rand=0.7252824357947762
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 04 Apr 2022 14:10:40 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/ 2 KB
1 KB 361ms
361ms XHR
application/json 192.0.78.25
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/?relatedposts=1

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJxdjEsOQiEMRTdkReOLxIFxLXwqgQAltOTp7sWJMQzv5xy1N3BUBauoxKqQjRlhMHYTZgexPumY+KD+fmVAyyPEyqpjNoIeGrEsaaWmvWeB1un1XjebKfycO3VvPIPLhhn5C7rSgGXYyT3K/Xy9aH3atptOHwYMRmE=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

34bf8f1255b4c3eb0db07747b79755e49a416076824a209774854abe9a679221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
x-requested-with: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-pingback: https://itnerd.blog/xmlrpc.php
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
x-content-type-options: nosniff
server: nginx
date: Mon, 04 Apr 2022 14:10:41 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-ac: 2.hhn _dfw
host-header: WordPress.com

GET
H2 200 hovercard.min.css
0.gravatar.com/dist/css/ 8 KB
2 KB 17ms
16ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/hovercard.min.css?ver=202214z
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202214z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 11 Apr 2022 14:10:40 GMT

GET
H2 200 services.min.css
0.gravatar.com/dist/css/ 3 KB
582 B 18ms
17ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/services.min.css?ver=202214z
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202214z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 11 Apr 2022 14:10:40 GMT

GET
H2 200 app.bundle.js Show response
s0.wp.com/wp-content/blog-plugins/wordads-classes/js/ 3 KB
1 KB 16ms
15ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/blog-plugins/wordads-classes/js/app.bundle.js?id=10f08b851d8a01803359
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJx9zkkOwjAMBdALkYYCqtggzuImpk3rDNgJw+0JEkWIRVe29P2frO9JmRgyhqwn0RZvzmB6NJNs9E/ki0pUBhdEk5tR9LVgwRGCJeTl2AVDxdawQiZ6X4uKMdGz8S78iz3F4WveI1uwogyByAfwqenL21/5BWyVVQ+sPUhGrpvKDGaWlVKKktWFwLGWEdiFYZm1dPantjvsd9tuf2ynF15eahE=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2342cd730ae1d1d011eec7480358fe06c3e6ff924c0623604f78cd5838f1adb6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"605d1413-d8c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 17ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_wordads_cmp_view=no_cookie&v=wpcom-no-pv&rand=0.9590575172793796
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 04 Apr 2022 14:10:40 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 143 B
438 B 891ms
111ms Script
application/javascript 104.76.200.196
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fitnerd.blog%2F2022%2F03%2F29%2Flog4shell-exploited-to-infect-vmware-horizon-instances%2F

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJx9zkkOwjAMBdALkYYCqtggzuImpk3rDNgJw+0JEkWIRVe29P2frO9JmRgyhqwn0RZvzmB6NJNs9E/ki0pUBhdEk5tR9LVgwRGCJeTl2AVDxdawQiZ6X4uKMdGz8S78iz3F4WveI1uwogyByAfwqenL21/5BWyVVQ+sPUhGrpvKDGaWlVKKktWFwLGWEdiFYZm1dPantjvsd9tuf2ynF15eahE=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.76.200.196 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-76-200-196.deploy.static.akamaitechnologies.com

Software

Resource Hash

069bdfb3e14a75d1029faa568a7b327b21197962e02f6103efbebe29465411e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:10:41 GMT
x-content-type-options: nosniff
x-cdn: akamai
akamai-grn: 0.186656b8.1649081441.71b615ba
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
x-pinterest-rid: 1830594748361240
content-length: 143
expires: Mon, 04 Apr 2022 14:25:41 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 17ms
17ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.8935539315407541
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 04 Apr 2022 14:10:40 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 remote-login.php Show response
r-login.wordpress.com/ Frame 0085 121 B
288 B 221ms
157ms Document
text/html 192.0.78.18
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9pdG5lcmQuYmxvZw%3D%3D&wpcomid=2945587&time=1649081440

Requested by

Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.18 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b484022aa24f4205039d0e25d9175b74088372028870979e8c9618f7ce847a66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 14:10:41 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: nginx
strict-transport-security: max-age=15552000
vary: Accept-Encoding Cookie
x-ac: 1.hhn _dfw

GET
H2 200 banner.bundle.js Show response
s0.wp.com/wp-content/blog-plugins/wordads-classes/js/ 19 KB
5 KB 16ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/blog-plugins/wordads-classes/js/banner.bundle.js?id=69626cb5d25b886923fc
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJx9zkkOwjAMBdALkYYCqtggzuImpk3rDNgJw+0JEkWIRVe29P2frO9JmRgyhqwn0RZvzmB6NJNs9E/ki0pUBhdEk5tR9LVgwRGCJeTl2AVDxdawQiZ6X4uKMdGz8S78iz3F4WveI1uwogyByAfwqenL21/5BWyVVQ+sPUhGrpvKDGaWlVKKktWFwLGWEdiFYZm1dPantjvsd9tuf2ynF15eahE=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d0a67e7fe073b9abd646d15f49c56cf92a8cd280502a588b0a7bdf3d0aa7ebfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"60aef185-4be9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame 1325 5 KB
1 KB 18ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20220105
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a1dbbafdc3544cc1a9eafad30123a7da4f4dc92a9c282efea53821cb648a4aa3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
server: nginx
etag: W/"619d635a-1c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Wed, 23 Nov 2022 21:55:43 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 1325 81 KB
20 KB 18ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20220105
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20220105
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 6fb1ebf7d05d7235b6cff049056242de93930660c9e79677045fcb13942eb9b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:40 GMT
content-encoding: br
last-modified: Wed, 05 Jan 2022 12:39:57 GMT
server: nginx
etag: W/"61d5919d-142fa"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 05 Jan 2023 13:04:46 GMT

GET
H2 200 2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2
fonts.gstatic.com/s/merriweathersans/v20/ 35 KB
35 KB 704ms
28ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v20/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather+Sans:r%7CMerriweather+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

369ee86f98ea5be70470d5846d73b7d2d5f2eca5bcf6c169b260572277c90a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 16:37:43 GMT
x-content-type-options: nosniff
age: 509578
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35436
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:24:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Mar 2023 16:37:43 GMT

GET
H2 200 2-c79IRs1JiJN1FRAMjTN5zd9vgsFHXwcjfj9w.woff2
fonts.gstatic.com/s/merriweathersans/v20/ 35 KB
35 KB 727ms
52ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v20/2-c79IRs1JiJN1FRAMjTN5zd9vgsFHXwcjfj9w.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather+Sans:r%7CMerriweather+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05693dd6c32f1d7f5b370e511c990223ad0190bfa4e33ecd00c9399f1d9fc469

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itnerd.blog
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 05:03:29 GMT
x-content-type-options: nosniff
age: 378432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35420
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:24:15 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 31 Mar 2023 05:03:29 GMT

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame DEE5 8 KB
4 KB 233ms
152ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20220105

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b373def15fab9a8b38cdabdc83342c3c1a9ee0de7d3ae4c7f3eaddfa132d2457

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 14:10:41 GMT
p3p: CP="CAO PSA OUR"
server: nginx
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-ac: 1.hhn _dfw

GET
H2 200 ata.js Show response
c0.pubmine.com/2.35.01642515341710/ 205 KB
54 KB 56ms
16ms Script
application/javascript 192.0.77.38
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.pubmine.com/2.35.01642515341710/ata.js

Requested by

Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.38 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

049043becb2f5adab5d6cd79eb2eedc8aacb2eaa11386a47cf70ae68c44733ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 04 Apr 2022 14:10:41 GMT
content-encoding: gzip
last-modified: Tue, 18 Jan 2022 14:17:47 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15552000

GET
H2 200 tag.js Show response
a.teads.tv/analytics/ 18 KB
5 KB 129ms
20ms Script
text/javascript 184.30.25.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/analytics/tag.js
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.35.01642515341710/ata.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9379485b510d404dc953c886c69acc421789b085804b6148d2f30be9f8ff0880

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
x-amz-version-id: .c4q720Weuo_WjGTYzrLUxh_yQPz7y2N
content-encoding: br
last-modified: Mon, 04 Apr 2022 09:26:10 GMT
x-amz-request-id: 7JJHS4ENYS8N6D5G
etag: "640674f5ff78aa716cb34f0cbeaf2d44"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: private, max-age=3600
date: Mon, 04 Apr 2022 14:10:42 GMT
accept-ranges: bytes
content-length: 4724
x-amz-id-2: 8V1QfXM8U5vPYDvJ7x42B7XOXnqjoF6vHSnNfXW9trEazym1dY316wzCHfZUaGBL/kS5yuotBVM=

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158101/4678/ 169 KB
55 KB 125ms
31ms Script
text/javascript 104.102.28.254
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158101/4678/pwt.js
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-254.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c04825b8c4f9f78241ad3f636ce8d3e8a1c5069ca0666f8d1c7138ec6ef5c4f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: gzip
last-modified: Thu, 30 Sep 2021 19:09:02 GMT
server: Apache/2.2.15 (CentOS)
etag: "1520ea1-2a221-5cd3b2e07f4b9"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=28773
accept-ranges: bytes
content-type: text/javascript
content-length: 55307
expires: Mon, 04 Apr 2022 22:10:15 GMT

GET
H/1.1 200
OK pixel
s.pubmine.com/ 43 B
286 B 40ms
40ms Image
image/gif 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/pixel?id=15&type=img
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:10:41 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: image/gif

GET
BLOB 200
OK 32ebea68-4a2d-497f-ac8a-4bea2bafc7a4
https://itnerd.blog/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://itnerd.blog/32ebea68-4a2d-497f-ac8a-4bea2bafc7a4
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea6c65d8e460987a7ea8f98355f789fe6bfbe11b0afe7a1c65d6042da65ea33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Length: 1567
Content-Type: text/javascript

POST
H/1.1 200
OK adconf Show response
s.pubmine.com/ 190 B
514 B 42ms
41ms XHR
text/javascript 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/adconf?pvid=62d832d7-21f2-4e5e-aa56-51425ea8c02e&rid=5462564687310
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.35.01642515341710/ata.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1b711d0a04199861b3b0e5044ff321c4e612c1d075d244f6b487684979260717

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-type: text/plain

Response headers

Date: Mon, 04 Apr 2022 14:10:41 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: https://itnerd.blog
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame DEE5 5 KB
1 KB 27ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a1dbbafdc3544cc1a9eafad30123a7da4f4dc92a9c282efea53821cb648a4aa3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:41 GMT
content-encoding: br
server: nginx
etag: W/"619d635a-1c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Wed, 23 Nov 2022 21:55:43 GMT

GET
H2 200 batch Show response
public-api.wordpress.com/rest/v1/ Frame DEE5 555 B
437 B 258ms
258ms XHR
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1/batch?http_envelope=1&urls[]=/me&urls[]=/sites/2945587/posts/87597/likes&urls[]=/sites/2945587/posts/87597/reblogs/mine

Requested by

Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

63a4c2a656f7b39c926de261c2d75cd0312c5e31c00ba14652145ff40f283343

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/wp-admin/rest-proxy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-hacker: Oh, Awesome: Opossum
date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: application/json
cache-control: no-cache, must-revalidate, max-age=0
x-ac: 1.hhn _dfw
strict-transport-security: max-age=15552000
host-header: WordPress.com
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 3.js Show response
c0.pubmine.com/2.35.01642515341710/ 328 KB
100 KB 16ms
16ms Script
application/javascript 192.0.77.38
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.pubmine.com/2.35.01642515341710/3.js

Requested by

Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.35.01642515341710/ata.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.38 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fee3768002d86a9c5e415fbcf4827e44ddc737c15f5bafbea87c2d73c559f4f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: gzip
last-modified: Tue, 18 Jan 2022 14:17:47 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15552000

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 133ms
42ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fitnerd.blog%2F&domain=itnerd.blog&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://itnerd.blog
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://itnerd.blog
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 04 Apr 2022 14:10:41 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1425
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fitnerd.blog%2F&domain=itnerd.blog&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=8VPOvXxBUjFVdUszaDRHdDZNcElnc2wwV1IwZTFucDBDMFhRV2xZZys0QVdaRXBSRXFHVnNhdUQ1a2RYdW5QK0JPZUVONzRDKzlDcHNnV1ZTa0tzcy95V0UvZUJLQjAyV1g1WktqeGlkRko4a0JlRCtXWTl1Zjc0OU1EbV...

345 B
616 B

78ms
27ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=8VPOvXxBUjFVdUszaDRHdDZNcElnc2wwV1IwZTFucDBDMFhRV2xZZys0QVdaRXBSRXFHVnNhdUQ1a2RYdW5QK0JPZUVONzRDKzlDcHNnV1ZTa0tzcy95V0UvZUJLQjAyV1g1WktqeGlkRko4a0JlRCtXWTl1Zjc0OU1EbVh5czVYZDNITVkwSFVubnlCcUljOFcyb2E1VSs0bHc0ejdDTGpOcGFLUitGNTIxQVptVVpjOEVmTytQamYwWGgrTGV6LzlMZUlHRlo1V2dteUt6aDBxNFJNTUN2NmJXY2FPMzcveEJGU2tpUkNOT3Q1UXowPXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

1d597fd8f84c09f8ffddb2b0381bc4d60a779c3cb66d6d2bc74ca2321fb427f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3107
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:10:42 GMT
location: https://mug.criteo.com/sid?cpp=8VPOvXxBUjFVdUszaDRHdDZNcElnc2wwV1IwZTFucDBDMFhRV2xZZys0QVdaRXBSRXFHVnNhdUQ1a2RYdW5QK0JPZUVONzRDKzlDcHNnV1ZTa0tzcy95V0UvZUJLQjAyV1g1WktqeGlkRko4a0JlRCtXWTl1Zjc0OU1EbVh5czVYZDNITVkwSFVubnlCcUljOFcyb2E1VSs0bHc0ejdDTGpOcGFLUitGNTIxQVptVVpjOEVmTytQamYwWGgrTGV6LzlMZUlHRlo1V2dteUt6aDBxNFJNTUN2NmJXY2FPMzcveEJGU2tpUkNOT3Q1UXowPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://itnerd.blog
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2134
content-length: 482
expires: 0

GET
H2 200 actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 15 KB
3 KB 35ms
33ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20210915
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a2da270bc79a1290e19d4eba107784f6587dfcf542e0a96f7efca31c1f1fb9df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: br
server: nginx
etag: W/"61439ab3-4620"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 actionbar.js Show response
s0.wp.com/wp-content/mu-plugins/actionbar/ 10 KB
3 KB 35ms
34ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20211028
Requested by: Host: itnerd.blog
URL: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 1e9813724ca6aff6996b367a849db060d3ca279f006c157e6c1e5b4ce475f37d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: br
server: nginx
etag: W/"6182657a-33a2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 179 B
526 B 226ms
96ms XHR
application/json 185.255.84.150
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fitnerd.blog%2F2022%2F03%2F29%2Flog4shell-exploited-to-infect-vmware-horizon-instances%2F&CanonicalUrl=https%3A%2F%2Fitnerd.blog%2F2022%2F03%2F29%2Flog4shell-exploited-to-infect-vmware-horizon-instances%2F&PublisherDomain=https%3A%2F%2Fitnerd.blog

Requested by

Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.35.01642515341710/3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.150 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

38e7d861039d6f5b0ac0a1a235cc35721f90a9e611c69ed7e4826e5e8df2da6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:10:42 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://itnerd.blog
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 36
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 179
expires: 0

POST
H2 200 admin-ajax.php
itnerd.blog/wp-admin/ 0
0 213ms
213ms Fetch
text/html 192.0.78.25
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://itnerd.blog/wp-admin/admin-ajax.php

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20211028

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://itnerd.blog/2022/03/29/log4shell-exploited-to-infect-vmware-horizon-instances/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
x-content-type-options: nosniff
host-header: WordPress.com
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 14:10:42 GMT
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://itnerd.blog
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-ac: 2.hhn _dfw
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H/1.1 200
OK adjr Show response
s.pubmine.com/ 115 B
467 B 397ms
396ms XHR
application/json 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/adjr?pvid=62d832d7-21f2-4e5e-aa56-51425ea8c02e&rid=5462564687310
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.35.01642515341710/ata.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 34d6032927d09faf11e4282aff7b9e38f6a6afee2d6e82718a195c08e5f8c722

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:10:42 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://itnerd.blog
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 0

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 405ms
59ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 04 Apr 2022 14:10:42 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1342
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 index.html Show response
widgets.wp.com/likes/ Frame 9765 126 B
195 B 16ms
15ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/index.html?ver=20220105
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJx9zkkOwjAMBdALkYYCqtggzuImpk3rDNgJw+0JEkWIRVe29P2frO9JmRgyhqwn0RZvzmB6NJNs9E/ki0pUBhdEk5tR9LVgwRGCJeTl2AVDxdawQiZ6X4uKMdGz8S78iz3F4WveI1uwogyByAfwqenL21/5BWyVVQ+sPUhGrpvKDGaWlVKKktWFwLGWEdiFYZm1dPantjvsd9tuf2ynF15eahE=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 6c79541d416470cf6276c0fe3e41528c51c823d125a45a1678355897fe9f3dc3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itnerd.blog/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-length: 126
content-type: text/html
date: Mon, 04 Apr 2022 14:10:42 GMT
etag: "5a3da24f-7e"
last-modified: Sat, 23 Dec 2017 00:24:47 GMT
server: nginx
timing-allow-origin: *
x-ac: 2.hhn _dfw
x-nc: HIT hhn 2

GET
H2 200 style.css
widgets.wp.com/likes/ Frame 9765 4 KB
1 KB 17ms
17ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/style.css
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/index.html?ver=20220105
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f8291c2dfd40b03e80064b0606e575b596426592287554a2a985f70430f8a230

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/likes/index.html?ver=20220105
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 04 Apr 2022 14:10:42 GMT
content-encoding: br
server: nginx
etag: W/"5a3da259-12d7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

POST
H/1.1 200 930.json Show response
id5-sync.com/g/v2/ 213 B
529 B 600ms
21ms XHR
application/json 54.36.109.183
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/930.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158101/4678/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.183 , France, ASN16276 (OVH, FR),

Reverse DNS

p08.id5-sync.com

Software

Resource Hash

531ca4c7f271b9ac7ca44ed291f9021a4b84ed25d8e44a55cb8807cabff50550

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://itnerd.blog
Date: Mon, 04 Apr 2022 14:10:44 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ 44 B
325 B 593ms
32ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity/envelope?pid=1258

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158101/4678/pwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.133.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 14:10:44 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://itnerd.blog
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

GET
H2 200 id Show response
id.crwdcntrl.net/ 63 B
334 B 618ms
58ms XHR
application/json 63.32.97.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158101/4678/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.97.205 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-97-205.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: edfc1513d7a0cbd22b90ef24f58a80c80d9fddf645a776e9124c35cc528adeaf

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:10:44 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://itnerd.blog
cache-control: no-cache
x-server: 10.45.9.40
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 63
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
541 B 603ms
48ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158101/4678/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 9efa485cccd86861c3b06cc5777d0a70bbf395bc3fc4b22972479b4e18e2f7b5

Request headers

Referer: https://itnerd.blog/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 14:10:44 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://itnerd.blog
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Wed, 04 May 2022 14:10:44 GMT

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
itnerd.blog/	1970-01-20 02:47:53	Name: _pbjs_userid_consent_data Value: 3524755945110770
.itnerd.blog/	1970-01-20 06:23:53	Name: _pubcid Value: 2a310c03-f55a-4d17-84cc-2c5be3f05c08
itnerd.blog/	1970-01-20 11:26:17	Name: cto_bidid Value: 9iXD5F9WZVd0M2VmV25zRiUyRlhFQ3p6cmdCT3gwUjBiN05WOEJjWGJldEtBJTJGd1VCOWFENHJiYnJybXBYazBQM2ZDNEphR2ZlJTJCUVYxT1ZwRFNHc0V0Smg5SkhEQSUzRCUzRA
itnerd.blog/	1970-01-20 11:26:17	Name: cto_bundle Value: GF3DBV9IWnM2cUNBTVlwYTBHTFBUODJCJTJCNU0yZ1R1cFhrbmJpa2JETGpzV2sySlJPQUtJVzNtd0xtaFdNaDl4QlZFSWZnOUNzWll1TnJrVTd3cTMyaWdWMDh3QkczOUh5RVA2c2toQW5yMlB6UkswWWpEbUplaUJDRlk1R2glMkZTSDk5MUo
itnerd.blog/	1970-01-20 02:04:45	Name: _lr_retry_request Value: true
itnerd.blog/	1970-01-20 02:47:53	Name: _lr_env_src_ats Value: false
.adsrvr.org/	1970-01-20 10:50:17	Name: TDID Value: a2b589f3-7d1d-4080-8dd9-e434af0d7acc
itnerd.blog/	1970-01-20 03:31:05	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%22a2b589f3-7d1d-4080-8dd9-e434af0d7acc%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-04-04T14%3A10%3A44%22%7D
.itnerd.blog/	1969-12-31 23:59:59	Name: panoramaId_expiry Value: 1649167844699

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=1258 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
a.teads.tv
ads.pubmatic.com
api.pinterest.com
api.rlcdn.com
c0.pubmine.com
fonts.googleapis.com
fonts.gstatic.com
gum.criteo.com
hb-api.omnitagjs.com
id.crwdcntrl.net
id5-sync.com
itnerd.blog
match.adsrvr.org
mug.criteo.com
pixel.wp.com
public-api.wordpress.com
r-login.wordpress.com
s.pubmine.com
s0.wp.com
stats.wp.com
widgets.wp.com
104.102.28.254
104.76.200.196
176.34.151.72
178.250.2.146
184.30.25.51
185.255.84.150
192.0.76.3
192.0.77.32
192.0.77.38
192.0.78.18
192.0.78.23
192.0.78.25
2a00:1450:4001:808::200a
2a00:1450:4001:813::2003
2a02:2638:1::13
2a04:fa87:fffe::c000:4902
34.120.133.55
52.223.40.198
54.36.109.183
63.32.97.205
049043becb2f5adab5d6cd79eb2eedc8aacb2eaa11386a47cf70ae68c44733ef
05693dd6c32f1d7f5b370e511c990223ad0190bfa4e33ecd00c9399f1d9fc469
069bdfb3e14a75d1029faa568a7b327b21197962e02f6103efbebe29465411e7
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
0ea6c65d8e460987a7ea8f98355f789fe6bfbe11b0afe7a1c65d6042da65ea33
19aa560756e03c4d43e9a5f047cad42ad76185b787cc55ecc092ff11ef6dfae2
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1b711d0a04199861b3b0e5044ff321c4e612c1d075d244f6b487684979260717
1d597fd8f84c09f8ffddb2b0381bc4d60a779c3cb66d6d2bc74ca2321fb427f7
1e9813724ca6aff6996b367a849db060d3ca279f006c157e6c1e5b4ce475f37d
2342cd730ae1d1d011eec7480358fe06c3e6ff924c0623604f78cd5838f1adb6
328fa5bc0f18f91f6d8e04da02ce1ce6ca437b5805dd5fc89841126f1d38c61a
34bf8f1255b4c3eb0db07747b79755e49a416076824a209774854abe9a679221
34d6032927d09faf11e4282aff7b9e38f6a6afee2d6e82718a195c08e5f8c722
369ee86f98ea5be70470d5846d73b7d2d5f2eca5bcf6c169b260572277c90a15
38e7d861039d6f5b0ac0a1a235cc35721f90a9e611c69ed7e4826e5e8df2da6e
3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82
531ca4c7f271b9ac7ca44ed291f9021a4b84ed25d8e44a55cb8807cabff50550
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
63a4c2a656f7b39c926de261c2d75cd0312c5e31c00ba14652145ff40f283343
6927f01a13b3d278efcd7e1f9fae899d1b2da7e35c07a9efb4256b5cfb072c03
6c79541d416470cf6276c0fe3e41528c51c823d125a45a1678355897fe9f3dc3
6cad3ad97594bc4b921116f65c172edd993615a2798e2dfbbd6c0b54d35f1626
6fb1ebf7d05d7235b6cff049056242de93930660c9e79677045fcb13942eb9b0
71c8900510ed45baede166c73cf5b9a00b78fc2f8a249b2af504900c92f74ab2
841ed1020d669f6977519e5e7a07b4d21f705410a1a09bff5880e44c066f2e5d
9379485b510d404dc953c886c69acc421789b085804b6148d2f30be9f8ff0880
9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087
9d13e8a0057fd70ca9b7fe86581fc260d7f14ea54c8c3aec12b94d32f1769433
9efa485cccd86861c3b06cc5777d0a70bbf395bc3fc4b22972479b4e18e2f7b5
a1dbbafdc3544cc1a9eafad30123a7da4f4dc92a9c282efea53821cb648a4aa3
a2da270bc79a1290e19d4eba107784f6587dfcf542e0a96f7efca31c1f1fb9df
b24220a1cbe811e074f353e3e39612513c31cf3cfdd51cda1d247e55dcf73611
b373def15fab9a8b38cdabdc83342c3c1a9ee0de7d3ae4c7f3eaddfa132d2457
b484022aa24f4205039d0e25d9175b74088372028870979e8c9618f7ce847a66
b8ddfe2786718750e37a2a7d2841e4e6a110a1877e21a03675d47c591d4a7f03
c04825b8c4f9f78241ad3f636ce8d3e8a1c5069ca0666f8d1c7138ec6ef5c4f2
c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8
c19118188e47f6ed3a2cc3dc9ab3614b7fe0bcfb4919d7d643d21ccba846e2c6
cb431c51a6e7f778f9120e332a5e684f53189dd568aa2fd2dfc6713c0bcb8b2f
cb8943abdc046f98c2a74cbe013552f1ed2a5746fd76546ed63f60d32dd83615
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d0a67e7fe073b9abd646d15f49c56cf92a8cd280502a588b0a7bdf3d0aa7ebfc
da2bdcb3a3e13d551a1ec3641b12d134fbf93a34802b2a13bd0d22f96c94a06c
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
edfc1513d7a0cbd22b90ef24f58a80c80d9fddf645a776e9124c35cc528adeaf
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f7e353eb1ac09e5d1ed5605e908a9fc18c07d59a56bee6be99285d1ad7377044
f8291c2dfd40b03e80064b0606e575b596426592287554a2a985f70430f8a230
f9425e0125b81c60d1ed89e9d1618e9ce16d19cc1661f156b9627ff10c056a8d
fee3768002d86a9c5e415fbcf4827e44ddc737c15f5bafbea87c2d73c559f4f4

itnerd.blog Open in urlscan Pro 192.0.78.25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

60 Requests

97 %HTTPS

20 %IPv6

16 Domains

23 Subdomains

21 IPs

5 Countries

494 kBTransfer

1617 kBSize

9 Cookies

15 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

itnerd.blog Open in urlscan Pro
192.0.78.25 Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

97 %
HTTPS

20 %
IPv6

16
Domains

23
Subdomains

21
IPs

5
Countries

494 kB
Transfer

1617 kB
Size

9
Cookies

60 HTTP transactions
1 data transactions