www.troyhunt.com Open in urlscan Pro
104.21.46.6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner
Effective URL:
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-con...
Submission: On March 04 via api (March 4th 2024, 8:55:25 pm UTC) from US — Scanned from US

Summary HTTP 52 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 20 domains to perform 52 HTTP transactions. The main IP is 104.21.46.6, located in and belongs to CLOUDFLARENET, US. The main domain is www.troyhunt.com. The Cisco Umbrella rank of the primary domain is 978398.
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.

This is the only time www.troyhunt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	92.205.53.9 92.205.53.9	21499 (GODADDY-SXB) (GODADDY-SXB)
1 1	104.21.61.200 104.21.61.200	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.57.186 104.21.57.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	45.140.146.101 45.140.146.101	44477 (STARK-IND...) (STARK-INDUSTRIES)
1 15	104.21.46.6 104.21.46.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.17.25.14 104.17.25.14	() ()
7	142.251.40.206 142.251.40.206	() ()
2	72.21.91.66 72.21.91.66	() ()
1	142.251.40.168 142.251.40.168	() ()
2	151.101.65.229 151.101.65.229	() ()
1	192.0.73.2 192.0.73.2	() ()
2	142.250.80.35 142.250.80.35	() ()
1 2	142.250.80.34 142.250.80.34	() ()
1	142.250.65.230 142.250.65.230	() ()
3	142.250.81.234 142.250.81.234	() ()
1	142.250.176.196 142.250.176.196	() ()
1	142.251.35.182 142.251.35.182	() ()
1	142.250.65.161 142.250.65.161	() ()
2	142.250.72.99 142.250.72.99	() ()
52	19

1 92.205.53.9 (Strasbourg, France)

ASN21499 (GODADDY-SXB, DE)
PTR: sh20016.ispgateway.de

beautycenter-wassenberg.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.61.200 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

coin-hive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.57.186 (None, )

ASN13335 (CLOUDFLARENET, US)

coinhive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.140.146.101 (Chisinau, Moldova)

ASN44477 (STARK-INDUSTRIES, GB)
PTR: vm2027790.stark-industries.solutions

lists.clickandanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gate.getmygateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.21.46.6 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.troyhunt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.25.14 (None, )

ASN- ()

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.251.40.206 (None, )

ASN- ()

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.21.91.66 (None, )

ASN- ()

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.168 (None, )

ASN- ()

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.229 (None, )

ASN- ()

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (None, )

ASN- ()

www.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.35 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.34 (None, ) 1 redirects

ASN- ()

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.230 (None, )

ASN- ()

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.81.234 (None, )

ASN- ()

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.176.196 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.182 (None, )

ASN- ()

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.161 (None, )

ASN- ()

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.72.99 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	troyhunt.com 1 redirects www.troyhunt.com — Cisco Umbrella Rank: 978398 bloghelpers.troyhunt.com Failed	766 KB
7	youtube.com www.youtube.com	1008 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	48 KB
3	googleapis.com jnn-pa.googleapis.com	40 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net static.doubleclick.net	1 KB
3	cloudflare.com cdnjs.cloudflare.com	287 KB
2	jsdelivr.net cdn.jsdelivr.net	341 KB
2	twitter.com platform.twitter.com	28 KB
1	ggpht.com yt3.ggpht.com	3 KB
1	ytimg.com i.ytimg.com	47 KB
1	google.com www.google.com	20 KB
1	gravatar.com www.gravatar.com	14 KB
1	googletagmanager.com www.googletagmanager.com	94 KB
1	getmygateway.com gate.getmygateway.com — Cisco Umbrella Rank: 383679	200 B
1	clickandanalytics.com lists.clickandanalytics.com	7 KB
1	coinhive.com coinhive.com — Cisco Umbrella Rank: 863603	1 KB
1	coin-hive.com 1 redirects coin-hive.com	411 B
1	beautycenter-wassenberg.de beautycenter-wassenberg.de	2 KB
0	disqus.com Failed troyhunt.disqus.com Failed
0	statisticsong.com Failed api.statisticsong.com Failed
52	20

	Domain	Requested by
15	www.troyhunt.com	1 redirects coin-hive.com www.troyhunt.com beautycenter-wassenberg.de cdn.jsdelivr.net
7	www.youtube.com	www.troyhunt.com www.youtube.com
3	jnn-pa.googleapis.com	www.youtube.com
3	cdnjs.cloudflare.com	www.troyhunt.com cdnjs.cloudflare.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
2	fonts.gstatic.com	www.youtube.com
2	cdn.jsdelivr.net	www.troyhunt.com
2	platform.twitter.com	www.troyhunt.com platform.twitter.com
1	yt3.ggpht.com	www.youtube.com
1	i.ytimg.com	www.youtube.com
1	www.google.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	www.gravatar.com	www.troyhunt.com
1	www.googletagmanager.com	www.troyhunt.com
1	gate.getmygateway.com	lists.clickandanalytics.com
1	lists.clickandanalytics.com	beautycenter-wassenberg.de
1	coinhive.com	beautycenter-wassenberg.de
1	coin-hive.com	1 redirects
1	beautycenter-wassenberg.de
0	troyhunt.disqus.com Failed	beautycenter-wassenberg.de
0	bloghelpers.troyhunt.com Failed	beautycenter-wassenberg.de
0	api.statisticsong.com Failed	beautycenter-wassenberg.de
52	23

This site contains links to these domains. Also see Links.

Domain
infosec.exchange
twitter.com
www.facebook.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
reddit.com
web.archive.org
coinhive.com
www.zdnet.com
lookedon.com
www.usenix.org
webtruyenonline.com
www.cyber-threat-intelligence.com
aahora.org
en.wikipedia.org
www.netflix.com

Subject Issuer	Validity	Valid
collect.clickandanalytics.com R3	`2024-01-15` - `2024-04-14`	3 months	crt.sh
gate.getmygateway.com R3	`2024-01-15` - `2024-04-14`	3 months	crt.sh
troyhunt.com E1	`2024-02-25` - `2024-05-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Frame ID: C95BF90D54851C05D500AC238A4F2C33
Requests: 31 HTTP requests in this frame

Frame: https://www.youtube.com/embed/EhmekYj1pIY
Frame ID: 485782503E9D9DCE1DAD893D92C0D514
Requests: 19 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.troyhunt.com
Frame ID: 8B67394F8B14853B058293AD9B4994B6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Troy Hunt: I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Page URL History Show full URLs

http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner Page URL
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-... HTTP 301
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-... Page URL

Detected technologies

CoinHive (Cryptominer) Expand

Overall confidence: 100%
Detected patterns

coinhive\.com/lib

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

52
Requests

83 %
HTTPS

0 %
IPv6

20
Domains

23
Subdomains

19
IPs

3
Countries

2706 kB
Transfer

6593 kB
Size

1
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://infosec.exchange/@troyhunt
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://twitter.com/troyhunt

Search URL Search Domain Scan URL

URL: https://www.facebook.com/troyahunt

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/troyhunt

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/troyhuntdotcom

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/TroyHunt

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/&text=Troy%20Hunt%3A%20I%20Now%20Own%20the%20Coinhive%20Domain.%20Here%27s%20How%20I%27m%20Fighting%20Cryptojacking%20and%20Doing%20Good%20Things%20with%20Content%20Security%20Policies.

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/&title=Troy%20Hunt%3A%20I%20Now%20Own%20the%20Coinhive%20Domain.%20Here%27s%20How%20I%27m%20Fighting%20Cryptojacking%20and%20Doing%20Good%20Things%20with%20Content%20Security%20Policies.

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20190429040938/https://coinhive.com/
Title: Coinhives's

Search URL Search Domain Scan URL

URL: http://coinhive.com/?ref=troyhunt.com
Title: coinhive.com

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/coinhive-cryptojacking-service-to-shut-down-in-march-2019/?ref=troyhunt.com
Title: And then Coinhive was gone

Search URL Search Domain Scan URL

URL: https://lookedon.com/?ref=troyhunt.com
Title: lookedon.com

Search URL Search Domain Scan URL

URL: https://www.usenix.org/system/files/sec19-bijmans.pdf?ref=troyhunt.com
Title: Inadvertently Making Cyber Criminals Rich: A Comprehensive Study of Cryptojacking Campaigns at Internet Scale

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20190430083127/https://coinhive.com/lib/coinhive.min.js
Title: the original Coinhive script

Search URL Search Domain Scan URL

URL: http://webtruyenonline.com/?ref=troyhunt.com
Title: webtruyenonline.com

Search URL Search Domain Scan URL

URL: https://www.cyber-threat-intelligence.com/publications/CCS2019-router.pdf?ref=troyhunt.com
Title: Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking

Search URL Search Domain Scan URL

URL: http://aahora.org/?ref=troyhunt.com
Title: aahora.org

Search URL Search Domain Scan URL

URL: https://twitter.com/bad_packets?ref_src=twsrc%5Etfw&ref=troyhunt.com
Title: @bad_packets

Search URL Search Domain Scan URL

URL: https://twitter.com/VriesHd/status/1040634067018895360?ref_src=twsrc%5Etfw&ref=troyhunt.com
Title: September 14, 2018

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Subrata_Roy?ref=troyhunt.com
Title: Subarta Roy

Search URL Search Domain Scan URL

URL: https://www.netflix.com/au/title/80990073?ref=troyhunt.com
Title: Bad Boy Billionaires

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner Page URL
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies HTTP 301
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://coin-hive.com/lib/coinhive.min.js HTTP 301
https://coinhive.com/lib/coinhive.min.js

Request Chain 33

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

52 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 42-alessandro-partner Show response
beautycenter-wassenberg.de/index.php/datenschutz/12-partner/ 5 KB
2 KB 263ms
236ms Document
text/html 92.205.53.9
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner
Protocol: HTTP/1.1
Server: 92.205.53.9 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: sh20016.ispgateway.de
Software: nginx /
Resource Hash: 1d53cb38456547315f630ded1392cfd0ef9e49d6d15b0059f075830f3583c6c5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Mar 2024 20:55:14 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Cache-Status: BYPASS

GET
H2

200

coinhive.min.js Show response
coinhive.com/lib/
Redirect Chain

https://coin-hive.com/lib/coinhive.min.js
https://coinhive.com/lib/coinhive.min.js

2 KB
1 KB

316ms
260ms

Script
application/x-javascript

104.21.57.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://coinhive.com/lib/coinhive.min.js
Requested by: Host: beautycenter-wassenberg.de
URL: http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner
Protocol: H2
Server: 104.21.57.186 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 39f7a131d7976b1cbbf08c89727ba5c1b5c384152ed65bc83198bca315be5a88

Request headers

accept-language: en-US,en;q=0.9
Referer: http://beautycenter-wassenberg.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 02 Nov 2021 00:44:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"806233d282cfd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrM5mmNRMeSOp37t7kXrV0%2Bm6w3dppWEsSJyqArKgHJRZfKeZxfJjjq%2F%2BmKlDwSzLRbfisBPn1%2FBRLN%2FMsft9TJYBtA8SRGsl3Vz0duMn9Qw2Ts%2FgWWebIfiJDrbOg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cf-ray: 85f4c42f4b7c13e7-ORD
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 04 Mar 2024 20:55:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OvDz%2FkSw1H5%2B05oh5U2QsiegvQEKOlyRtgbKXZc656zic%2FOpgGlB99WHy7b28SQwNnsll23B4nM9RFO4mxoRubitJ3287NVFrYMr0JGmKcV0JLCR7OQEkYc8uVeEUJbz"}],"group":"cf-nel","max_age":604800}
location: https://coinhive.com/lib/coinhive.min.js
cf-ray: 85f4c42eb9f36201-ORD
alt-svc: h3=":443"; ma=86400
content-length: 0

GET r.js
api.statisticsong.com/scripts/ 0
0

GET
H2 200 9BcW9F Show response
lists.clickandanalytics.com/ 15 KB
7 KB 591ms
257ms Script
application/javascript 45.140.146.101
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://lists.clickandanalytics.com/9BcW9F
Requested by: Host: beautycenter-wassenberg.de
URL: http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.140.146.101 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm2027790.stark-industries.solutions
Software: nginx / PHP/7.4.33
Resource Hash: 94b3871c5af9ca42f481e355e3183d28ba94ef16165db7b07873248898735dd0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://beautycenter-wassenberg.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:14 GMT
content-encoding: gzip
server: nginx
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 04 Mar 2024 20:55:14 GMT

GET
H2 200 KQGrXb Show response
gate.getmygateway.com/ 0
200 B 614ms
265ms Script
application/javascript 45.140.146.101
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.getmygateway.com/KQGrXb?c=beautycenter-wassenberg.de
Requested by: Host: lists.clickandanalytics.com
URL: https://lists.clickandanalytics.com/9BcW9F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.140.146.101 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm2027790.stark-industries.solutions
Software: nginx / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: http://beautycenter-wassenberg.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:15 GMT
server: nginx
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: Mon, 04 Mar 2024 20:55:15 GMT

GET
H2

200

Primary Request / Show response
www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Redirect Chain

https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

68 KB
20 KB

66ms
65ms

Document
text/html

104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Requested by

Host: coin-hive.com
URL: https://coin-hive.com/lib/coinhive.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da4dbcef978fc6142143458a7c4619fd6047ec4b50295065ccaf198d23a1493

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io .google-analytics.com .privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com .twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com .privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

Request headers

Referer: http://beautycenter-wassenberg.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=14400
cf-cache-status: REVALIDATED
cf-ray: 85f4c45108e72abe-ORD
content-encoding: br
content-security-policy: default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
content-type: text/html; charset=utf-8
date: Mon, 04 Mar 2024 20:55:23 GMT
expect-ct: max-age=0, report-uri=https://troyhunt.report-uri.com/r/d/ct/reportOnly
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
ghost-age: 0
ghost-cache: MISS
ghost-fastly: true
nel: {"report_to":"default","max_age":10886400}
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://troyhunt.report-uri.com/a/d/g"}],"include_subdomains":true}
server: cloudflare
status: 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Cookie, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS
x-cache-hits: 5, 0
x-content-type-options: nosniff
x-request-id: 6b3b11f8-08d5-419a-98af-2d3b7c788be2 6b3b11f8-08d5-419a-98af-2d3b7c788be2
x-served-by: cache-ams12757-AMS, cache-chi-klot8100065-CHI
x-timer: S1709034138.012953,VS0,VE97
x-xss-protection: 1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

Redirect headers

age: 3606698
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 85f4c450b8782abe-ORD
content-length: 0
content-security-policy: default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce
date: Mon, 04 Mar 2024 20:55:23 GMT
expect-ct: max-age=0, report-uri=https://troyhunt.report-uri.com/r/d/ct/reportOnly
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
ghost-age: 0
ghost-cache: MISS
ghost-fastly: true
location: /i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
nel: {"report_to":"default","max_age":10886400}
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://troyhunt.report-uri.com/a/d/g"}],"include_subdomains":true}
server: cloudflare
status: 301 Moved Permanently
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Cookie, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 28, 1
x-content-type-options: nosniff
x-request-id: 6550d745-e736-40ee-a1a7-cc369cbac03a 6550d745-e736-40ee-a1a7-cc369cbac03a
x-served-by: cache-ams12736-AMS, cache-chi-klot8100070-CHI
x-timer: S1705979026.943406,VS0,VE4
x-xss-protection: 1; mode=block; report=https://troyhunt.report-uri.com/r/d/xss/enforce

GET
H3 200 main.min.css
www.troyhunt.com/assets/css/ 26 KB
8 KB 69ms
68ms Stylesheet
text/css 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/assets/css/main.min.css?v=ba81fdc905

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

777cce45fc6263382451ea803a5d8f90ec653bc12c38631c85c44a4e54d00aa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 551080
content-encoding: br
x-cache: HIT, HIT
status: 200 OK
alt-svc: h3=":443"; ma=86400
ghost-fastly: true
x-request-id: 417c22d6-520b-48d6-9b78-26a28aa098dc, 417c22d6-520b-48d6-9b78-26a28aa098dc
x-served-by: cache-ams21033-AMS, cache-chi-klot8100154-CHI
last-modified: Sat, 09 Dec 2023 03:15:30 GMT
server: cloudflare
x-timer: S1709034644.570777,VS0,VE1
etag: W/"68a3-18c4c92ad0f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W2Hpf2BkFegfDzdP7UMoRLveGNYE3PNnImUWOldseqt0NR%2B1bK0t7gm4cWwaaBccLipM6iUlLMsDrltfwcTLt4ell5WJktOU%2BqdPcfYfhEty%2BIM9sKygZqXFH0%2FbQtGhGy25"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
ghost-cache: MISS
cf-ray: 85f4c4519b1d2a5d-ORD
x-cache-hits: 16, 1

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/ 100 KB
19 KB 84ms
34ms Stylesheet
text/css 104.17.25.14

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

c22cfb6520a7fdbb738632834019acf47c78b1279462c0eb4cb83bae83ecb5a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 360013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18861
last-modified: Fri, 01 Dec 2023 00:32:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "65692999-49ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FVGQko1hbUJojboGKuiJfF%2FwxbAZi%2BZG6%2Fc4DJ%2FHHRMCuohbiGOTpR1W7yRlY82jG57GIufOUePOIkqpxqanQE1Y9JyqkksMiIrIrLFQJz0ewgQvId3RnVjFQOSRJpWe6y6f7Ut"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85f4c451ee990231-ORD
expires: Sat, 22 Feb 2025 20:55:23 GMT

GET
H3 200 cards.min.css
www.troyhunt.com/public/ 39 KB
7 KB 45ms
44ms Stylesheet
text/css 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/public/cards.min.css?v=ba81fdc905

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54682e379031e7d89b632f95f6ce239060db2a9d7fce9f92638dc4a8cbd1ae41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 551423
content-encoding: br
x-cache: HIT, MISS
status: 200 OK
alt-svc: h3=":443"; ma=86400
ghost-fastly: true
x-request-id: d2adae9a-a5f5-4b93-b7da-e8923895324c, d2adae9a-a5f5-4b93-b7da-e8923895324c
x-served-by: cache-ams21040-AMS, cache-chi-klot8100112-CHI
server: cloudflare
x-timer: S1709034301.685866,VS0,VE96
etag: W/"d3c677de6b672445cc6386191937cf9b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAV%2BbzJ8FD3qc5aKdIoCvSjhp5z6F5rJ6nCmIigDXxxD4VdDhL7bwHILRbJ8P8geVGv4NOw4yUXCH11AJjX05GOtSLM1Wc5SHGiHNiKiyzddCrEE435l90yUOrBBUY45USMW"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
ghost-cache: MISS
cf-ray: 85f4c4519b1e2a5d-ORD
x-cache-hits: 16, 0

GET
H3 200 Logo-2.svg
www.troyhunt.com/content/images/2017/11/ 4 KB
3 KB 69ms
68ms Image
image/svg+xml 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.troyhunt.com/content/images/2017/11/Logo-2.svg

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5375620a1478a71cc9ce052d4759f2f520290a1916d8ac91fbe71aefd21346f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 7585891
content-encoding: br
x-cache: HIT, HIT
status: 200 OK
alt-svc: h3=":443"; ma=86400
ghost-fastly: true
x-request-id: 4aabe416-2a13-4b0b-9b58-f2043cc12150, 4aabe416-2a13-4b0b-9b58-f2043cc12150
x-served-by: cache-ams21028-AMS, cache-chi-klot8100044-CHI
last-modified: Wed, 01 Nov 2017 08:13:50 GMT
server: cloudflare
x-timer: S1701999833.829922,VS0,VE2
etag: W/"ff3-15f76a4c508"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeVkXwHSXpzOuOGAx8gjejQLF7EvY0vOMDXa%2B6FG4Veum0AIi%2F73hOaS9qZXDHznBPBTxHt11POLwg%2B7ZKhIKAgobsUA57irdZmUvUlhwwdias4EjZqKBlwxB5JSukTTLfbM"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
ghost-cache: MISS
cf-ray: 85f4c4519b1f2a5d-ORD
x-cache-hits: 50, 1

GET
H3 200 rocket-loader.min.js Show response
www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 29ms
29ms Script
application/javascript 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Tue, 27 Feb 2024 15:42:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"65de02d0-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OP9ZK8pXqP0p4HJnzgAc1F5k%2BE8fbsJpcc7GDN1kPMhvX1tSp%2FRSZnpJAh2eWmH%2BzHSeS3U1YXZodRMxYw4s49%2BD7IbC54jHGk7rBdjbJF12dI9%2BbLZjTDAkU1WGfywBLR8V"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85f4c451bb4b2a5d-ORD
expires: Wed, 06 Mar 2024 20:55:23 GMT

GET
H2 200 EhmekYj1pIY Show response
www.youtube.com/embed/ Frame 4857 90 KB
39 KB 998ms
117ms Document
text/html 142.251.40.206

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/EhmekYj1pIY

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.206 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

7887da0c14ca4680efa24be4c79035be3ea772306f8ae3901594819fcb486df0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Mar 2024 20:55:24 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 2021-03-29_17-11-30.png
www.troyhunt.com/content/images/2021/03/ 384 KB
385 KB 42ms
42ms Image
image/png 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.troyhunt.com/content/images/2021/03/2021-03-29_17-11-30.png

Requested by

Host: beautycenter-wassenberg.de
URL: http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e9ecffad6aeace8f37aa9240e4fe7723c700439ad2c0c253984a52c7775c8ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 8149915
x-cache: HIT, MISS
status: 200 OK
alt-svc: h3=":443"; ma=86400
content-length: 392979
ghost-fastly: true
x-request-id: c9a2a4f4-9ef9-4192-b787-54ef3f35a212, c9a2a4f4-9ef9-4192-b787-54ef3f35a212
x-served-by: cache-ams12731-AMS, cache-chi-klot8100110-CHI
last-modified: Mon, 29 Mar 2021 08:02:26 GMT
server: cloudflare
x-timer: S1701435809.567037,VS0,VE215
etag: W/"5ff13-1787d016583"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fyPbJ9WKOSNpROuV2PIkDSXdLBsJoc0HU6ADFpPScjA8FqxMZ%2FrWHfqUCFc45126OC%2FdYatxdZNJLnntGSOaFXRtJAcR4sU8bpjcHgy0rU1%2F92ICrb55B8GdqD672q%2Fgfaso"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85f4c451cb5f2a5d-ORD
ghost-cache: MISS
x-cache-hits: 53, 0

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 816ms
22ms Script
application/javascript 72.21.91.66

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.troyhunt.com
URL: https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 -, , ASN (),
Reverse DNS
Software: ECS (cha/8123) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Mon, 04 Mar 2024 20:55:24 GMT
Content-Encoding: gzip
Age: 644
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (cha/8123)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 284 KB
94 KB 852ms
69ms Script
application/javascript 142.251.40.168

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B895JNTH7Z

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

37ac6c5b9847ee53750e5178323b188e5413002ba8e779c3cf2235f9dc773db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96203
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Mar 2024 20:55:24 GMT

GET
H3 200 member-attribution.min.js Show response
www.troyhunt.com/public/ 2 KB
1 KB 54ms
50ms Script
application/javascript 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/public/member-attribution.min.js?v=ba81fdc905

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b144beb896e0d7612e0eeab489e4e682adac07cbc139924ce892bde3ccd3605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 551080
content-encoding: br
x-cache: HIT, HIT
status: 200 OK
alt-svc: h3=":443"; ma=86400
ghost-fastly: true
x-request-id: 77cc9094-47e8-446a-b692-1a7dfabe359d, 77cc9094-47e8-446a-b692-1a7dfabe359d
x-served-by: cache-ams21066-AMS, cache-chi-klot8100069-CHI
server: cloudflare
x-timer: S1709034644.659792,VS0,VE2
etag: W/"909b42c515ee6c2aece5a3f270049f98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTG7p0whmg%2BVZ2BtSCdp%2BJd4uRaHrVc1pFeKHciOQR29UuXWGbLO1VeiYkkoyme879xZhgH8qshk5kJY9B5cEiGDOb3NatvR1ArI6Ljab32rj8lGVt661495OdL4fhJjJLVr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
ghost-cache: MISS
cf-ray: 85f4c4526c1a2a5d-ORD
x-cache-hits: 15, 1

GET
H3 200 cards.min.js Show response
www.troyhunt.com/public/ 7 KB
2 KB 55ms
50ms Script
application/javascript 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/public/cards.min.js?v=ba81fdc905

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b9c762be52fed9737a319df953c29ad448a7713a31a4ba0f76ab15013512ee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 551423
content-encoding: br
x-cache: HIT, MISS
status: 200 OK
alt-svc: h3=":443"; ma=86400
ghost-fastly: true
x-request-id: 6661ec51-0b2d-4f24-8e5c-7e79a8a08567, 6661ec51-0b2d-4f24-8e5c-7e79a8a08567
x-served-by: cache-ams21080-AMS, cache-chi-klot8100069-CHI
server: cloudflare
x-timer: S1709034301.684290,VS0,VE96
etag: W/"431228c753b74a6958600d170f921e6d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDpkA%2BItDHWgsL%2BTV5ae3o4e%2Bv2oSD3sllcK9%2FxJy3sEI7Rn%2F0p0alzm1wAOwZ5ZF5FI64eb784rZHMjAWW7qHvR4EoMSf0b4ZVBiwwUx0PxT57fKBipIJ8AcvA7OABUp5iS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
ghost-cache: MISS
cf-ray: 85f4c4526c1c2a5d-ORD
x-cache-hits: 17, 0

GET
H2 200 sodo-search.min.js Show response
cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/ 197 KB
67 KB 804ms
22ms Script
application/javascript 151.101.65.229

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/sodo-search.min.js

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 -, , ASN (),

Reverse DNS

Software

Resource Hash

73e90bca3350ae511b91bb029abfdc78760e164530c9cfd8f1f5e5d007a254b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Mar 2024 20:55:24 GMT
x-content-type-options: nosniff
content-encoding: br
age: 22892
x-jsd-version: 1.1.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 68063
x-served-by: cache-fra-etou8220075-FRA, cache-chi-kigq8000071-CHI
x-jsd-version-type: version
etag: W/"313b2-PGFkfSo33Bwphw9PaHfsB1kMn/Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 portal.min.js Show response
cdn.jsdelivr.net/ghost/portal@~2.37/umd/ 1 MB
274 KB 850ms
68ms Script
application/javascript 151.101.65.229

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 -, , ASN (),

Reverse DNS

Software

Resource Hash

f1a5e1e3bdfd3af9d40dbcef2b777bcc500a214b64c147a174c7f40e93722782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Mar 2024 20:55:24 GMT
x-content-type-options: nosniff
content-encoding: br
age: 33281
x-jsd-version: 2.37.4
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 280466
x-served-by: cache-fra-etou8220116-FRA, cache-chi-kigq8000071-CHI
x-jsd-version-type: version
etag: W/"10e5f4-ChK/X9hb5bIWatOu2+hfNYwjpeY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 normal.woff2
www.troyhunt.com/cf-fonts/s/vollkorn/5.0.18/latin/400/ 25 KB
25 KB 120ms
116ms Font
text/plain 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/cf-fonts/s/vollkorn/5.0.18/latin/400/normal.woff2

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e968bf7c38b4daa1237fc8b177f917857aa3e92f772536fa6d004d40cea7a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COb6rgAylaxEMo%2FE2TyqrrkQHPsgWEmHGcKZitaXg1FKGpsSR88uI1%2FAoFd%2F%2BEgclLEK65eA0k8BUGuQP9znh8nNY0E%2F6R8VLDlbnzk6wRee5Hmz4o6k8ft8jq52co2T2Fcv"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 85f4c4526c1d2a5d-ORD
alt-svc: h3=":443"; ma=86400
content-length: 25644

GET
H3 200 italic.woff2
www.troyhunt.com/cf-fonts/s/vollkorn/5.0.18/latin/400/ 25 KB
26 KB 124ms
121ms Font
text/plain 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/cf-fonts/s/vollkorn/5.0.18/latin/400/italic.woff2

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

870f57e1f241d2592f489802c86cb3acce1ce3de6573cfcfeba545df404781fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HkaHKsqPDPTlm2xj1h84O1JJmHlL0h62EVYv9qx49gye8dhnX4fHFCbFCj%2B3%2FuO%2F4eSDDEBEkn5TG6%2FEVDDKTLpHD2AWCjP5fIsxXT3aytBmNXeKOthVufXncVVxWUTSGSx5"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 85f4c4526c212a5d-ORD
alt-svc: h3=":443"; ma=86400
content-length: 25824

GET
H2 200 c5531bfb7d76cdaa370c7baf6053288d
www.gravatar.com/avatar/ 14 KB
14 KB 803ms
23ms Image
image/jpeg 192.0.73.2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gravatar.com/avatar/c5531bfb7d76cdaa370c7baf6053288d?s=250&d=mm&r=x
Requested by: Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f3064dd5680bab4cd9e72377af0195736ab0ad25cfd4c0fc202361da27cbe6c2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-nc: HIT mdw 1
date: Mon, 04 Mar 2024 20:55:24 GMT
last-modified: Thu, 09 Dec 2021 09:20:52 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="c5531bfb7d76cdaa370c7baf6053288d.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/c5531bfb7d76cdaa370c7baf6053288d?s=250&d=mm&r=x>; rel="canonical"
content-length: 14191
alt-svc: h3=":443"; ma=86400
expires: Mon, 04 Mar 2024 21:00:24 GMT

GET
H2 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/ 115 KB
115 KB 33ms
29ms Font
application/octet-stream 104.17.25.14

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 362425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 117372
last-modified: Fri, 01 Dec 2023 00:32:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "65692999-1ca7c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tQOYyf9dy8iGJe4lhD%2FqSRMUcDBqlBP2x7epo1Um%2BmySJMohrmIh21i4Q6w9tZWEFEGvNvB4xmOXepgdKRemQ3uLs2KdsLV%2FLFogpTWiv368MDPo9plZpNrOO0zgqKPhJ8QTy0l"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85f4c4526f560231-ORD
expires: Sat, 22 Feb 2025 20:55:23 GMT

GET
H2 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/ 153 KB
153 KB 76ms
73ms Font
application/octet-stream 104.17.25.14

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 412444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 156496
last-modified: Fri, 01 Dec 2023 00:32:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "65692999-26350"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ylDSm4V54lqm0iH%2BZdD0YGDM2rf1%2BxEIFErUDYsYCeTwb%2BxctsHBByaYL0YQ7MTeTFUkL4eo4dqccR3m7%2Bpxmppt5pAkpOqPTbdzVLQkbKTCNqQuKSY0uLzexLhypIDSP%2BVV0vPF"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85f4c4526f580231-ORD
expires: Sat, 22 Feb 2025 20:55:23 GMT

GET
H3 200 normal.woff2
www.troyhunt.com/cf-fonts/s/vollkorn/5.0.18/latin/700/ 27 KB
27 KB 97ms
96ms Font
text/plain 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.troyhunt.com/cf-fonts/s/vollkorn/5.0.18/latin/700/normal.woff2

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40aa8ddbea69ae0f3219d023bfec811ea721bf91de9554e278512a2366bcf7a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Origin: https://www.troyhunt.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6grlwCHS7I4FnkTFK5XnfynU5Vwp0KPomEl8c3Cw3Ik4KRn5IxlzD1Yz2618zgOP8PunM1FJzpcajFOLkZ%2BV9z6cih385HyDQfylXKhoBoYD58shwQRSEaQLqSbIZmqnSuei"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 85f4c4526c222a5d-ORD
alt-svc: h3=":443"; ma=86400
content-length: 27196

GET
H3 200 image-60.png
www.troyhunt.com/content/images/2021/03/ 24 KB
25 KB 44ms
43ms Image
image/png 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.troyhunt.com/content/images/2021/03/image-60.png

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad9407164b436e63c470306e2cbd460bebcbcfe75ad1658f27491f58464df7f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 20113
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 397991
x-cache: HIT, HIT
status: 200 OK
alt-svc: h3=":443"; ma=86400
content-length: 24853
ghost-fastly: true
x-request-id: 5b221f81-1501-4d40-a314-b52f036e6c70, 847e66a8-5752-4f09-9ef5-ca93c1edea7b
x-served-by: cache-ams21065-AMS, cache-chi-klot8100048-CHI
last-modified: Wed, 31 Mar 2021 02:18:38 GMT
server: cloudflare
x-timer: S1709187732.222424,VS0,VE1
etag: W/"6115-17886135c00"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYxKtT4J69s0z3of2Ct77XXyZlcZz3PjPPVTnAUItslQwO%2FOYxB2luAu1brUmWdRqsoch37Z8US8WUzEYButG%2FEeFNCc92AyZxMg3y%2FLeAZOVH64%2BSKxKzvV0qXnNz3uGNWZ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85f4c452ac862a5d-ORD
ghost-cache: HIT
x-cache-hits: 1, 1

GET
H3 200 image-61.png
www.troyhunt.com/content/images/2021/03/ 22 KB
22 KB 67ms
66ms Image
image/png 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.troyhunt.com/content/images/2021/03/image-61.png

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caaa2e63ec08517897a85093ab844e85d5f617de24e3d5612fc2e113d9484791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 343595
x-cache: HIT, HIT
status: 200 OK
alt-svc: h3=":443"; ma=86400
content-length: 22256
ghost-fastly: true
x-request-id: 17a4ca52-ed1c-4666-b73a-fdf1511892fb, 17a4ca52-ed1c-4666-b73a-fdf1511892fb
x-served-by: cache-ams12781-AMS, cache-chi-klot8100166-CHI
last-modified: Wed, 31 Mar 2021 02:19:10 GMT
server: cloudflare
x-timer: S1709242129.547657,VS0,VE1
etag: W/"56f0-1788613d7be"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDtZHvcB3Zh2Qy2%2Bz0K2gzkfJftBq2kmIOqPsxbGQ8AZch%2BIAZZ1YHsm74XJEyPXe3TwgFarVWws1HwbTSL08gCPRBZxBSX9j3Li5CFbq95Y3OCNRaa%2FzILr%2FyQc8h1CLO54"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85f4c452ac8a2a5d-ORD
ghost-cache: MISS
x-cache-hits: 134, 1

GET
H3 200 image-62.png
www.troyhunt.com/content/images/size/w1000/2021/03/ 208 KB
209 KB 57ms
56ms Image
image/png 104.21.46.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.troyhunt.com/content/images/size/w1000/2021/03/image-62.png

Requested by

Host: www.troyhunt.com
URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.46.6 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9fb00faffe841e0eb30c2f66fd11b313d0c0606ce495bdd4a4ee61066c9e069

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

ghost-age: 0
date: Mon, 04 Mar 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 2985794
x-cache: HIT, MISS
status: 200 OK
alt-svc: h3=":443"; ma=86400
content-length: 213055
ghost-fastly: true
x-request-id: 99cab662-992c-46cc-9e11-8e343f5b61a6, 99cab662-992c-46cc-9e11-8e343f5b61a6
x-served-by: cache-ams12750-AMS, cache-chi-klot8100079-CHI
last-modified: Wed, 31 Mar 2021 02:27:19 GMT
server: cloudflare
x-timer: S1706599929.189646,VS0,VE232
etag: W/"3403f-178861b4cef"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sP9%2BSCXreh3UHiR856rDJ26HUH1FVeLBedMfQDpXjNAGYuppQfeTvotJKfWTiIKqBF%2FcP5oiD6NQWZztilZyK5wawPL3tdCUy9QM1Q0qMcWQXTxtXT9uY4iU3%2F0LLF9em5bf"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85f4c452ac8b2a5d-ORD
ghost-cache: MISS
x-cache-hits: 26, 0

GET
H2 200 www-player.css
www.youtube.com/s/player/31eb286a/ Frame 4857 366 KB
47 KB 40ms
39ms Stylesheet
text/css 142.251.40.206

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/31eb286a/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.206 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

af92e92bdd6eb796c55b3aab8839b33b92fd40828d2a59359c81d979e55c98c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/EhmekYj1pIY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 11:58:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32218
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47553
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 05:18:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 04 Mar 2025 11:58:26 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4857 15 KB
16 KB 326ms
39ms Font
font/woff2 142.250.80.35

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.35 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Thu, 29 Feb 2024 09:15:49 GMT
x-content-type-options: nosniff
age: 387575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Feb 2025 09:15:49 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4857 15 KB
15 KB 333ms
46ms Font
font/woff2 142.250.80.35

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.35 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 00:10:52 GMT
x-content-type-options: nosniff
age: 333872
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Mar 2025 00:10:52 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/ Frame 4857 53 KB
16 KB 87ms
86ms Script
text/javascript 142.251.40.206

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.206 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3431bee7e5352c420329536cc14790e5eded608e2b94b77e5506952b6ff65dff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/EhmekYj1pIY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 08:25:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 476998
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16765
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 05:18:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Feb 2025 08:25:26 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/31eb286a/www-embed-player.vflset/ Frame 4857 319 KB
95 KB 112ms
112ms Script
text/javascript 142.251.40.206

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/31eb286a/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.206 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e17e6c412d2159ad058eea653b9286f8617781dd517dd07b2171d669c8c7075a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/EhmekYj1pIY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 08:25:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 477021
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97346
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 05:18:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Feb 2025 08:25:03 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/ Frame 4857 2 MB
777 KB 40ms
40ms Script
text/javascript 142.251.40.206

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.206 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1b3ab64c0a9c3d39734e3311b6c816d6383e3659944c61db0becf54128011153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/EhmekYj1pIY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 12:53:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28939
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795505
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 05:18:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 04 Mar 2025 12:53:05 GMT

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 4857
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

54ms
53ms

XHR
application/json

142.250.80.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Server

142.250.80.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

86b18a56f89afec5d55dddef1b88ab95d2302883f1dfa6f31a9bcfdab8a59672

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 04 Mar 2024 20:55:24 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 4857 29 B
495 B 125ms
38ms Script
text/javascript 142.250.65.230

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/31eb286a/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.230 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:51:25 GMT
x-content-type-options: nosniff
age: 239
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Mar 2024 21:06:25 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 134ms
48ms Preflight
text/html 142.250.81.234

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.234 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 04 Mar 2024 20:55:24 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 4857 86 KB
40 KB 54ms
53ms XHR
application/json+protobuf 142.250.81.234

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.234 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

d64025d0723d50aed07006e8e6f05e7ee08d73c3fdd346f5490099fc99a84a1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 04 Mar 2024 20:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40439
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/ Frame 4857 117 KB
33 KB 39ms
39ms Script
text/javascript 142.251.40.206

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.206 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

981413e51edc49d3d5a048d113f0a9915a8c0ccaf1bcef6f657948fd4017a798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/EhmekYj1pIY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 08:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 477051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33834
x-xss-protection: 0
last-modified: Wed, 28 Feb 2024 05:18:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 27 Feb 2025 08:24:33 GMT

GET
H2 200 fSwQ49dNtQ0TRgWZKHlAIhVKPl4K4-2hZ-2qmgklZeM.js Show response
www.google.com/js/th/ Frame 4857 50 KB
20 KB 135ms
38ms Script
text/javascript 142.250.176.196

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/fSwQ49dNtQ0TRgWZKHlAIhVKPl4K4-2hZ-2qmgklZeM.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.196 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7d2c10e3d74db50d1346059928794022154a3e5e0ae3eda167edaa9a092565e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Sat, 02 Mar 2024 08:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19770
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 02 Mar 2025 08:22:21 GMT

GET
H2 200 maxresdefault.webp
i.ytimg.com/vi_webp/EhmekYj1pIY/ Frame 4857 47 KB
47 KB 146ms
58ms Image
image/webp 142.251.35.182

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/EhmekYj1pIY/maxresdefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.182 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b8a641689b38fa201a897a7c2eac93ea317e49a05b7751d96a59e8afebe89520

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:24 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47972
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 04 Mar 2024 22:55:24 GMT

GET
DATA 200
OK truncated
/ Frame 4857 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AIdro_kHIQbPaZlBO7BZRnzDROM7PsRV3TMgL5zU1XNVUw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 4857 3 KB
3 KB 125ms
37ms Image
image/jpeg 142.250.65.161

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AIdro_kHIQbPaZlBO7BZRnzDROM7PsRV3TMgL5zU1XNVUw=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.161 -, , ASN (),

Reverse DNS

Software

fife /

Resource Hash

546696214adcbc74f1b30e84ecd217c7e9b362a807cea623935ea187f4f0cec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 19:12:55 GMT
x-content-type-options: nosniff
age: 6149
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2971
x-xss-protection: 0
server: fife
etag: "v452"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 05 Mar 2024 19:12:55 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 4857 4 KB
2 KB 159ms
66ms Script
text/javascript 142.250.72.99

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/31eb286a/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.99 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Mar 2024 20:55:24 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 4857 0
10 B 38ms
38ms Image
text/plain 142.251.40.206

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?FzShwA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/EhmekYj1pIY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.206 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/EhmekYj1pIY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 20:55:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 46ms
45ms Preflight
text/html 142.250.81.234

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.234 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 04 Mar 2024 20:55:25 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 4857 0
0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/122/ Frame 4857 50 KB
15 KB 41ms
40ms Script
text/javascript 142.250.72.99

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/122/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.99 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 00:09:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14711
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 16:03:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 05 Mar 2024 00:09:17 GMT

GET BlogData
bloghelpers.troyhunt.com/api/ 0
0

GET embed.js
troyhunt.disqus.com/ 0
0

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 8B67 0
0 25ms
24ms Document
text/html 72.21.91.66

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.troyhunt.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 -, , ASN (),
Reverse DNS
Software: ECS (cha/818C) /
Resource Hash

Request headers

Referer: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 7270438
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Mar 2024 20:55:25 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (cha/818C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET portal.min.js
cdn.jsdelivr.net/ghost/portal@~2.37/umd/ 0
0

GET /
www.troyhunt.com/members/api/member/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.statisticsong.com
URL: https://api.statisticsong.com/scripts/r.js

Domain: jnn-pa.googleapis.com
URL: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Domain: bloghelpers.troyhunt.com
URL: https://bloghelpers.troyhunt.com/api/BlogData

Domain: troyhunt.disqus.com
URL: https://troyhunt.disqus.com/embed.js

Domain: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js

Domain: www.troyhunt.com
URL: https://www.troyhunt.com/members/api/member/

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.coinhive.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 03963ce27d7e61ba2faedf29084ba653fe80545d8491c3a95279cd32d117fede

19 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.statisticsong.com/scripts/r.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: http://beautycenter-wassenberg.de/index.php/datenschutz/12-partner/42-alessandro-partner Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: about:blank Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://platform.twitter.com/widgets.js(Line 7) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.statisticsong.com
beautycenter-wassenberg.de
bloghelpers.troyhunt.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
coin-hive.com
coinhive.com
fonts.gstatic.com
gate.getmygateway.com
googleads.g.doubleclick.net
i.ytimg.com
jnn-pa.googleapis.com
lists.clickandanalytics.com
platform.twitter.com
static.doubleclick.net
troyhunt.disqus.com
www.google.com
www.googletagmanager.com
www.gravatar.com
www.gstatic.com
www.troyhunt.com
www.youtube.com
yt3.ggpht.com
api.statisticsong.com
bloghelpers.troyhunt.com
cdn.jsdelivr.net
jnn-pa.googleapis.com
troyhunt.disqus.com
www.troyhunt.com
104.17.25.14
104.21.46.6
104.21.57.186
104.21.61.200
142.250.176.196
142.250.65.161
142.250.65.230
142.250.72.99
142.250.80.34
142.250.80.35
142.250.81.234
142.251.35.182
142.251.40.168
142.251.40.206
151.101.65.229
192.0.73.2
45.140.146.101
72.21.91.66
92.205.53.9
0b144beb896e0d7612e0eeab489e4e682adac07cbc139924ce892bde3ccd3605
0e9ecffad6aeace8f37aa9240e4fe7723c700439ad2c0c253984a52c7775c8ad
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1b3ab64c0a9c3d39734e3311b6c816d6383e3659944c61db0becf54128011153
1d53cb38456547315f630ded1392cfd0ef9e49d6d15b0059f075830f3583c6c5
3431bee7e5352c420329536cc14790e5eded608e2b94b77e5506952b6ff65dff
37ac6c5b9847ee53750e5178323b188e5413002ba8e779c3cf2235f9dc773db1
39f7a131d7976b1cbbf08c89727ba5c1b5c384152ed65bc83198bca315be5a88
3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
40aa8ddbea69ae0f3219d023bfec811ea721bf91de9554e278512a2366bcf7a3
4da4dbcef978fc6142143458a7c4619fd6047ec4b50295065ccaf198d23a1493
5375620a1478a71cc9ce052d4759f2f520290a1916d8ac91fbe71aefd21346f9
546696214adcbc74f1b30e84ecd217c7e9b362a807cea623935ea187f4f0cec0
54682e379031e7d89b632f95f6ce239060db2a9d7fce9f92638dc4a8cbd1ae41
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
73e90bca3350ae511b91bb029abfdc78760e164530c9cfd8f1f5e5d007a254b4
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
777cce45fc6263382451ea803a5d8f90ec653bc12c38631c85c44a4e54d00aa9
7887da0c14ca4680efa24be4c79035be3ea772306f8ae3901594819fcb486df0
7b9c762be52fed9737a319df953c29ad448a7713a31a4ba0f76ab15013512ee6
7d2c10e3d74db50d1346059928794022154a3e5e0ae3eda167edaa9a092565e3
86b18a56f89afec5d55dddef1b88ab95d2302883f1dfa6f31a9bcfdab8a59672
870f57e1f241d2592f489802c86cb3acce1ce3de6573cfcfeba545df404781fc
8e968bf7c38b4daa1237fc8b177f917857aa3e92f772536fa6d004d40cea7a7e
94b3871c5af9ca42f481e355e3183d28ba94ef16165db7b07873248898735dd0
981413e51edc49d3d5a048d113f0a9915a8c0ccaf1bcef6f657948fd4017a798
9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2
ad9407164b436e63c470306e2cbd460bebcbcfe75ad1658f27491f58464df7f5
af92e92bdd6eb796c55b3aab8839b33b92fd40828d2a59359c81d979e55c98c4
b8a641689b38fa201a897a7c2eac93ea317e49a05b7751d96a59e8afebe89520
c22cfb6520a7fdbb738632834019acf47c78b1279462c0eb4cb83bae83ecb5a7
c9fb00faffe841e0eb30c2f66fd11b313d0c0606ce495bdd4a4ee61066c9e069
caaa2e63ec08517897a85093ab844e85d5f617de24e3d5612fc2e113d9484791
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d64025d0723d50aed07006e8e6f05e7ee08d73c3fdd346f5490099fc99a84a1d
e17e6c412d2159ad058eea653b9286f8617781dd517dd07b2171d669c8c7075a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f1a5e1e3bdfd3af9d40dbcef2b777bcc500a214b64c147a174c7f40e93722782
f3064dd5680bab4cd9e72377af0195736ab0ad25cfd4c0fc202361da27cbe6c2

www.troyhunt.com Open in urlscan Pro 104.21.46.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

83 %HTTPS

0 %IPv6

20 Domains

23 Subdomains

19 IPs

3 Countries

2706 kBTransfer

6593 kBSize

1 Cookies

23 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.troyhunt.com Open in urlscan Pro
104.21.46.6 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

83 %
HTTPS

0 %
IPv6

20
Domains

23
Subdomains

19
IPs

3
Countries

2706 kB
Transfer

6593 kB
Size

1
Cookies

52 HTTP transactions
1 data transactions