blog.majcica.com Open in urlscan Pro
2a01:238:20a:202:1159:: Public Scan

Go To Rescan
Add Verdict Report

URL:
http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Submission: On August 15 via manual (August 15th 2023, 12:33:46 pm UTC) from CH — Scanned from DE

Summary HTTP 56 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 13 domains to perform 56 HTTP transactions. The main IP is 2a01:238:20a:202:1159::, located in Germany and belongs to STRATO STRATO AG, DE. The main domain is blog.majcica.com.

This is the only time blog.majcica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	2a01:238:20a:... 2a01:238:20a:202:1159::	6724 (STRATO ST...) (STRATO STRATO AG)
3	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
8	2606:4700:10:... 2606:4700:10::ac43:2794	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
2	141.98.82.232 141.98.82.232	209588 (FLYSERVER...) (FLYSERVERS-ASN)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
56	9

28 2a01:238:20a:202:1159:: (Germany)

ASN6724 (STRATO STRATO AG, DE)

blog.majcica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

2.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.98.82.232 (Panama)

ASN209588 (FLYSERVERS-ASN, PA)

myownshop.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

elitepartnerfinders.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	majcica.com blog.majcica.com	729 KB
8	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3935	30 KB
4	gstatic.com fonts.gstatic.com	55 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 ajax.googleapis.com — Cisco Umbrella Rank: 392	33 KB
2	elitepartnerfinders.top elitepartnerfinders.top — Cisco Umbrella Rank: 429131	7 KB
2	myownshop.at myownshop.at	3 KB
2	gravatar.com 2.gravatar.com — Cisco Umbrella Rank: 10153 0.gravatar.com — Cisco Umbrella Rank: 8027	4 KB
0	Failed function sub() { [native code] }. Failed
0	uads.shop Failed uads.shop Failed
0	techmarket.ink Failed techmarket.ink Failed
0	amads.fun Failed amads.fun Failed
0	amads.uno Failed amads.uno Failed
0	amads.buzz Failed amads.buzz Failed
56	13

	Domain	Requested by
28	blog.majcica.com	blog.majcica.com elitepartnerfinders.top
8	static.addtoany.com	blog.majcica.com static.addtoany.com
4	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	blog.majcica.com elitepartnerfinders.top
2	elitepartnerfinders.top	blog.majcica.com elitepartnerfinders.top
2	myownshop.at	blog.majcica.com
1	ajax.googleapis.com	blog.majcica.com
1	0.gravatar.com	blog.majcica.com
1	2.gravatar.com	blog.majcica.com
0	5.188.62.157 Failed	blog.majcica.com
0	uads.shop Failed	blog.majcica.com
0	techmarket.ink Failed	blog.majcica.com
0	amads.fun Failed	blog.majcica.com
0	amads.uno Failed	blog.majcica.com
0	amads.buzz Failed	blog.majcica.com
56	15

This site contains links to these domains. Also see Links.

Domain
www.addtoany.com
www.machothemes.com
wordpress.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
elitepartnerfinders.top GTS CA 1P5	`2023-08-02` - `2023-10-31`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Frame ID: F5FC8EF21B38E170A0621540B90B0AF5
Requests: 55 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: D73C9A4CB92BED52C38BF5158934DC4C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Persisting sensitive information with PowerShell – Mummy's blog

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

WP-Statistics (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<!-- Analytics by WP-Statistics v([\d.]+) -

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

56
Requests

21 %
HTTPS

88 %
IPv6

13
Domains

15
Subdomains

9
IPs

4
Countries

860 kB
Transfer

974 kB
Size

12
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.addtoany.com/share#url=http%3A%2F%2Fblog.majcica.com%2F2017%2F11%2F07%2Fpersisting-sensitive-information-with-powershell%2F&title=Persisting%20sensitive%20information%20with%20PowerShell
Title: Share

Search URL Search Domain Scan URL

URL: https://www.machothemes.com/themes/decode/
Title: Decode Theme

Search URL Search Domain Scan URL

URL: https://www.machothemes.com/
Title: Macho Themes

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/ 63 KB
64 KB 1314ms
1190ms Document
text/html 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) / PHP/8.0.29
Resource Hash: bb7f45e35c5fbcc824b39f4bd7bfdd3f63d4ca66a273d24355f8ae3c083f11b7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 15 Aug 2023 12:33:40 GMT
Keep-Alive: timeout=3, max=100
Link: <http://blog.majcica.com/wp-json/>; rel="https://api.w.org/" <http://blog.majcica.com/wp-json/wp/v2/posts/1233>; rel="alternate"; type="application/json" <http://blog.majcica.com/?p=1233>; rel=shortlink
Server: Apache/2.4.57 (Unix)
Transfer-Encoding: chunked
Vary: User-Agent
X-Pingback: http://blog.majcica.com/xmlrpc.php
X-Powered-By: PHP/8.0.29

GET
H/1.1 200
OK style.min.css
blog.majcica.com/wp-includes/css/dist/block-library/ 81 KB
82 KB 108ms
67ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sun, 20 Mar 2022 11:10:09 GMT
Server: Apache/2.4.57 (Unix)
ETag: "145a9-5daa46c42dd82"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 83369

GET
H/1.1 200
OK styles.css
blog.majcica.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
3 KB 112ms
71ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:33:52 GMT
Server: Apache/2.4.57 (Unix)
ETag: "aab-5d7cfb8379959"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 2731

GET
H/1.1 200
OK icomoon.css
blog.majcica.com/wp-content/themes/decode/assets/ 966 B
1 KB 89ms
47ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/assets/icomoon.css?ver=3.0.7
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 5f869bbc8975d7d802b3eab6fc9b5906049413ad3b1f417c643eeb19f78f2778

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Tue, 01 Nov 2016 11:21:59 GMT
Server: Apache/2.4.57 (Unix)
ETag: "3c6-5403b886323c0"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 966

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
blog.majcica.com/wp-includes/js/ 18 KB
18 KB 44ms
44ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.2
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Wed, 22 Sep 2021 06:00:13 GMT
Server: Apache/2.4.57 (Unix)
ETag: "4705-5cc8f3a47d760"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=97
Content-Length: 18181

GET
H/1.1 200
OK style.css
blog.majcica.com/wp-content/themes/decode/ 40 KB
40 KB 89ms
48ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/style.css?ver=3.0.7
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 121e43a93a157cd5cc626ad5fd78c1c32fbc09b18fe6f03189e6c1fc502e9d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Tue, 01 Nov 2016 11:22:00 GMT
Server: Apache/2.4.57 (Unix)
ETag: "9e18-5403b88726600"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 40472

GET
H/1.1 200
OK css
fonts.googleapis.com/ 728 B
978 B 92ms
51ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Oxygen&ver=5.9.2

Requested by

Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a8e6f593f86690ea7188764b2684e0c134217347c68aadc31eb3e877b896561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Tue, 15 Aug 2023 12:33:41 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 15 Aug 2023 12:33:41 GMT

GET
H/1.1 200
OK addtoany.min.css
blog.majcica.com/wp-content/plugins/add-to-any/ 1 KB
2 KB 88ms
47ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:33:39 GMT
Server: Apache/2.4.57 (Unix)
ETag: "5ef-5d7cfb77172db"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 1519

GET
H/1.1 200
OK enlighterjs.min.css
blog.majcica.com/wp-content/plugins/enlighter/cache/ 78 KB
78 KB 101ms
49ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=XVZzIJcreFYcl9L
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Wed, 20 Jan 2021 08:52:30 GMT
Server: Apache/2.4.57 (Unix)
ETag: "13686-5b951134efaba"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 79494

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 141ms
50ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92545ae7b38b727089c99033d3557a18ee913a608fe8b26fb24973eb8660f17d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:41 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7463
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 10:28:36 GMT
server: cloudflare
etag: W/"c09-6027af130ca25"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 7f7177abb9261c73-FRA

GET
H/1.1 200
OK jquery.min.js Show response
blog.majcica.com/wp-includes/js/jquery/ 87 KB
88 KB 129ms
55ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Wed, 22 Sep 2021 06:00:13 GMT
Server: Apache/2.4.57 (Unix)
ETag: "15db1-5cc8f3a42ed68"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 89521

GET
H/1.1 200
OK jquery-migrate.min.js Show response
blog.majcica.com/wp-includes/js/jquery/ 11 KB
11 KB 128ms
53ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Wed, 20 Jan 2021 08:47:26 GMT
Server: Apache/2.4.57 (Unix)
ETag: "2bd8-5b951012a5096"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 11224

GET
H/1.1 200
OK addtoany.min.js Show response
blog.majcica.com/wp-content/plugins/add-to-any/ 129 B
423 B 47ms
46ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:33:39 GMT
Server: Apache/2.4.57 (Unix)
ETag: "81-5d7cfb7717abc"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 129

GET
H/1.1 200
OK jscripts.php Show response
blog.majcica.com/wp-content/plugins/wp-spamshield/js/ 773 B
1 KB 153ms
65ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/wp-spamshield/js/jscripts.php
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) / PHP/8.0.29
Resource Hash: dbff254ee18676f8b11663832255a05508b27be0c1b23d69ee35b46c40c96faa

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Aug 2023 12:33:41 GMT
Content-Encoding: gzip
Server: Apache/2.4.57 (Unix)
X-Powered-By: PHP/8.0.29
Surrogate-Control: no-cache, must-revalidate, max-age=0
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0, no-transform
Connection: Keep-Alive
X-Robots-Tag: none
Keep-Alive: timeout=3, max=99
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK encrypt-decrypt.png
blog.majcica.com/wp-content/uploads/2017/11/ 25 KB
25 KB 58ms
58ms Image
image/png 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://blog.majcica.com/wp-content/uploads/2017/11/encrypt-decrypt.png
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: c56f5d45b9538cda781ca8fc54787593a27e9d0b9ed8620dddeab9a8b9f1055b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Tue, 07 Nov 2017 15:22:30 GMT
Server: Apache/2.4.57 (Unix)
ETag: "62a2-55d6623aad980"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 25250

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
blog.majcica.com/wp-includes/js/dist/vendor/ 6 KB
7 KB 60ms
60ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:31:43 GMT
Server: Apache/2.4.57 (Unix)
ETag: "195e-5d7cfb08b2307"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 6494

GET
H/1.1 200
OK wp-polyfill.min.js Show response
blog.majcica.com/wp-includes/js/dist/vendor/ 19 KB
19 KB 47ms
47ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:31:43 GMT
Server: Apache/2.4.57 (Unix)
ETag: "4b3d-5d7cfb08b36bf"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 19261

GET
H/1.1 200
OK index.js Show response
blog.majcica.com/wp-content/plugins/contact-form-7/includes/js/ 9 KB
10 KB 53ms
52ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:33:52 GMT
Server: Apache/2.4.57 (Unix)
ETag: "25f8-5d7cfb8391095"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 9720

GET
H/1.1 200
OK decode.js Show response
blog.majcica.com/wp-content/themes/decode/scripts/ 9 KB
10 KB 54ms
53ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/scripts/decode.js?ver=3.0.9
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: bbc8e51701b9f491b018dcab9a1658033652a6a0880d7dcea0f821c3324a995e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Tue, 01 Nov 2016 11:22:00 GMT
Server: Apache/2.4.57 (Unix)
ETag: "25f7-5403b88726600"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 9719

GET
H/1.1 200
OK comment-reply.min.js Show response
blog.majcica.com/wp-includes/js/ 3 KB
3 KB 45ms
44ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/js/comment-reply.min.js?ver=5.9.2
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Sat, 12 Feb 2022 10:31:44 GMT
Server: Apache/2.4.57 (Unix)
ETag: "ba3-5d7cfb0950e03"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 2979

GET
H/1.1 200
OK enlighterjs.min.js Show response
blog.majcica.com/wp-content/plugins/enlighter/cache/ 57 KB
57 KB 48ms
47ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=XVZzIJcreFYcl9L
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Wed, 20 Jan 2021 08:52:30 GMT
Server: Apache/2.4.57 (Unix)
ETag: "e33f-5b951134f0e58"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 58175

GET
H/1.1 200
OK jscripts-ftr-min.js Show response
blog.majcica.com/wp-content/plugins/wp-spamshield/js/ 1 KB
1 KB 44ms
44ms Script
application/javascript 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/wp-spamshield/js/jscripts-ftr-min.js
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 22518ff32f769e282e7b884f80b238038242e11fcd7c9ddf11a53285f6f4993a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Nov 2017 15:14:20 GMT
Server: Apache/2.4.57 (Unix)
ETag: "4c0-55d6606760b00"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=15552000, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=97
Content-Length: 677
Expires: Wed, 14 Aug 2024 12:33:41 GMT

GET
H/1.1 200
OK 2sDfZG1Wl4LcnbuKjk0m.woff2
fonts.gstatic.com/s/oxygen/v15/ 16 KB
17 KB 79ms
40ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oxygen&ver=5.9.2

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e64f128d5352d04ea5c87031e4cf1ad204b72a0afb003ece52eeb997d28a570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 13:25:26 GMT
X-Content-Type-Options: nosniff
Age: 256095
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 16348
X-XSS-Protection: 0
Last-Modified: Mon, 09 May 2022 18:31:32 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 11 Aug 2024 13:25:26 GMT

GET
H/1.1 200
OK icomoon.ttf
blog.majcica.com/wp-content/themes/decode/assets/fonts/ 2 KB
2 KB 59ms
49ms Font
application/octet-stream 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/assets/fonts/icomoon.ttf?o9j7xi
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/wp-content/themes/decode/assets/icomoon.css?ver=3.0.7
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 9f75f1b0ed8a63004bb1eeae94e1d0727b46d3e08d2e69b3c34473a25fa7f1c0

Request headers

Referer: http://blog.majcica.com/wp-content/themes/decode/assets/icomoon.css?ver=3.0.7
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Tue, 01 Nov 2016 11:21:59 GMT
Server: Apache/2.4.57 (Unix)
ETag: "718-5403b886323c0"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=97
Content-Length: 1816

GET
H/1.1 200
OK 2sDfZG1Wl4LcnbuKgE0mV0Q.woff2
fonts.gstatic.com/s/oxygen/v15/ 10 KB
11 KB 79ms
40ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKgE0mV0Q.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oxygen&ver=5.9.2

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b426b678ce92476bc90e1843469f4a1162150a9b149fc60dbd1189dec5bb575f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Fri, 11 Aug 2023 18:13:01 GMT
X-Content-Type-Options: nosniff
Age: 325240
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 10084
X-XSS-Protection: 0
Last-Modified: Mon, 09 May 2022 18:29:49 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sat, 10 Aug 2024 18:13:01 GMT

GET
H/1.1 200
OK 8a53093a163d775886f698c9a0e729ad
2.gravatar.com/avatar/ 1 KB
2 KB 90ms
39ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://2.gravatar.com/avatar/8a53093a163d775886f698c9a0e729ad?s=64&d=mm&r=g
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: bc4702db6b8a843db4682823c92cd49834a8e4966df210d2711f8a0ca4ddd633

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-nc: HIT hhn 1
Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Server: nginx
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Content-Disposition: inline; filename="8a53093a163d775886f698c9a0e729ad.png"
Connection: keep-alive
Accept-Ranges: bytes
Link: <https://www.gravatar.com/avatar/8a53093a163d775886f698c9a0e729ad?s=64&d=mm&r=g>; rel="canonical"
Content-Length: 1163
Expires: Tue, 15 Aug 2023 12:38:41 GMT

GET
H/1.1 200
OK 06eea427b6275ea0173347c33502e9a0
0.gravatar.com/avatar/ 2 KB
2 KB 81ms
39ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://0.gravatar.com/avatar/06eea427b6275ea0173347c33502e9a0?s=64&d=mm&r=g
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: eb77b0735345f05bce43fb1a0631773daf518e66c1fa9cd9bc49367dce9894c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-nc: HIT hhn 1
Date: Tue, 15 Aug 2023 12:33:41 GMT
Last-Modified: Thu, 12 Dec 2013 13:10:21 GMT
Server: nginx
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Content-Disposition: inline; filename="06eea427b6275ea0173347c33502e9a0.jpeg"
Connection: keep-alive
Accept-Ranges: bytes
Link: <https://www.gravatar.com/avatar/06eea427b6275ea0173347c33502e9a0?s=64&d=mm&r=g>; rel="canonical"
Content-Length: 1709
Expires: Tue, 15 Aug 2023 12:38:41 GMT

POST g.php
amads.buzz/ 0
0

POST g.php
amads.uno/ 0
0

POST g.php
amads.fun/ 0
0

POST g.php
techmarket.ink/ 0
0

POST
H/1.1 200
OK g.php Show response
myownshop.at/ 2 KB
1 KB 234ms
107ms XHR
text/html 141.98.82.232
FLYSERVERS-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://myownshop.at/g.php
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 141.98.82.232 , Panama, ASN209588 (FLYSERVERS-ASN, PA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16
Resource Hash: 2f41504abf92abf1bfebb240aa102941c07f9f6a552710b594eded574cc00725

Request headers

Referer: http://blog.majcica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Content-Encoding: gzip
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 995

POST
H/1.1 200
OK g.php Show response
myownshop.at/ 2 KB
1 KB 238ms
112ms XHR
text/html 141.98.82.232
FLYSERVERS-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://myownshop.at/g.php
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: HTTP/1.1
Server: 141.98.82.232 , Panama, ASN209588 (FLYSERVERS-ASN, PA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16
Resource Hash: 2f41504abf92abf1bfebb240aa102941c07f9f6a552710b594eded574cc00725

Request headers

Referer: http://blog.majcica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 15 Aug 2023 12:33:41 GMT
Content-Encoding: gzip
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 995

POST g.php
uads.shop/ 0
0

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame D73C 677 B
541 B 69ms
66ms Document
text/html 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2227936
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7f7177ac29f11c73-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 15 Aug 2023 12:33:41 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 core.c78901bc.js Show response
static.addtoany.com/menu/modules/ 69 KB
25 KB 102ms
55ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.c78901bc.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05d18955853a018a783dde77bcf072fb4e36df5bffafefb7be0e5e97411ab092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:41 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 356189
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 10:28:35 GMT
server: cloudflare
etag: W/"1140a-6027af129c545"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 7f7177ac6db04db4-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 695 B
656 B 52ms
51ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:41 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3039182
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"2b7-5edb43f86f378"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7f7177ad2f594db4-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 447 B
568 B 55ms
54ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98a4e1fdf290cfc7c5d58fd5688a45f0348db9ea62eceefad96a75569cae2a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:41 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 356189
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:37 GMT
server: cloudflare
etag: W/"1bf-5edb43f69a778"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000, stale-while-revalidate=30
cf-ray: 7f7177ad2f5c4db4-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 318 B
501 B 56ms
56ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:41 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 356189
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"13e-5edb43f5ee978"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000, stale-while-revalidate=30
cf-ray: 7f7177ad2f5f4db4-FRA

GET
H3 200 whatsapp.js Show response
static.addtoany.com/menu/svg/icons/ 1 KB
893 B 57ms
57ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/whatsapp.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96840bd7cc7d8edd1d1ffaff60d7f335fd866cd9a6132c8524d620482f4df64a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:41 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 356189
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"471-5edb43f896478"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7f7177ad2f624db4-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
409 B 214ms
214ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://blog.majcica.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:42 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"b6-5edb43f58ee38"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000, stale-while-revalidate=30
cf-ray: 7f7177ad2f654db4-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 134ms
40ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 19:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Aug 2024 19:40:24 GMT

GET
H2 200 p.js Show response
elitepartnerfinders.top/js/push/ 19 KB
5 KB 159ms
62ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d112be22f5670582cbff8333b8999be4197939dc64eeaa1b3ebb89a4ebdce379

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:42 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sun, 12 Jul 2020 15:13:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5f0b289c-4a20"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kyg1KFjhznHrs21N4Y2EUWk75Pp%2B7vYaXN%2B6azkNxD%2BQQeDHxcDtgQVccpDjBPV9%2F2cH%2FStdg5o0oH0BjF8BdxFpOql4xa7ru%2BkBmkV6Y6xWN%2B5NTp74fqD6VPRAmwvO1wuCh2vOsUX46H462bowVE7cuN4RoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7f7177addfc803f4-FRA
alt-svc: h3=":443"; ma=86400

POST g.php
5.188.62.157/ 0
0

GET
H/1.1 200
OK style.min.css
blog.majcica.com/wp-includes/css/dist/block-library/ 81 KB
82 KB 47ms
47ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Sun, 20 Mar 2022 11:10:09 GMT
Server: Apache/2.4.57 (Unix)
ETag: "145a9-5daa46c42dd82"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=97
Content-Length: 83369

GET
H/1.1 200
OK styles.css
blog.majcica.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
3 KB 55ms
51ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Sat, 12 Feb 2022 10:33:52 GMT
Server: Apache/2.4.57 (Unix)
ETag: "aab-5d7cfb8379959"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=97
Content-Length: 2731

GET
H/1.1 200
OK icomoon.css
blog.majcica.com/wp-content/themes/decode/assets/ 966 B
1 KB 54ms
50ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/assets/icomoon.css?ver=3.0.7
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 5f869bbc8975d7d802b3eab6fc9b5906049413ad3b1f417c643eeb19f78f2778

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Tue, 01 Nov 2016 11:21:59 GMT
Server: Apache/2.4.57 (Unix)
ETag: "3c6-5403b886323c0"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=96
Content-Length: 966

GET
H/1.1 200
OK style.css
blog.majcica.com/wp-content/themes/decode/ 40 KB
40 KB 54ms
49ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/style.css?ver=3.0.7
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 121e43a93a157cd5cc626ad5fd78c1c32fbc09b18fe6f03189e6c1fc502e9d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Tue, 01 Nov 2016 11:22:00 GMT
Server: Apache/2.4.57 (Unix)
ETag: "9e18-5403b88726600"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=97
Content-Length: 40472

GET
H/1.1 200
OK css
fonts.googleapis.com/ 728 B
1 KB 56ms
49ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Oxygen&ver=5.9.2

Requested by

Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a8e6f593f86690ea7188764b2684e0c134217347c68aadc31eb3e877b896561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Tue, 15 Aug 2023 12:33:42 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 15 Aug 2023 12:33:42 GMT

GET
H/1.1 200
OK addtoany.min.css
blog.majcica.com/wp-content/plugins/add-to-any/ 1 KB
2 KB 54ms
48ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Sat, 12 Feb 2022 10:33:39 GMT
Server: Apache/2.4.57 (Unix)
ETag: "5ef-5d7cfb77172db"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=96
Content-Length: 1519

GET
H/1.1 200
OK enlighterjs.min.css
blog.majcica.com/wp-content/plugins/enlighter/cache/ 78 KB
78 KB 55ms
48ms Stylesheet
text/css 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=XVZzIJcreFYcl9L
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Wed, 20 Jan 2021 08:52:30 GMT
Server: Apache/2.4.57 (Unix)
ETag: "13686-5b951134efaba"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=96
Content-Length: 79494

GET
H2 200 style.css
elitepartnerfinders.top/js/push/ 7 KB
2 KB 56ms
50ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elitepartnerfinders.top/js/push/style.css
Requested by: Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/p.js?u=ra9pd06&o=911nfyq&t=66&v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a02d23216c6457f31398e32ee141cc2ac5dc02597897f3ea4b2c213bcba7deb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://blog.majcica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 12:33:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Dec 2020 20:01:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5024
etag: W/"5fdfadb4-1b84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Q0nFFoJ1lQtQiHmmbhopZaQzHUmqcFOOe2s1qRhnBWmhgIBQ%2FePwND7ACSi%2BC0p%2BPIpTgQJOG2xHgymu5To3xAJOAuaPab2aoQdvwmBgQjjAEmC2EuhvDRbK9nExEYFSMpMsxnKJMpANUfSyjkotsVVgybJWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7f7177ae586b03f4-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 142ms
51ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700|Roboto:400,700&subset=cyrillic

Requested by

Host: elitepartnerfinders.top
URL: https://elitepartnerfinders.top/js/push/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b6cdbab5555764bfe125095c735b57999bfd9ca3a62ab96496c9852d6d338b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elitepartnerfinders.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 15 Aug 2023 12:33:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 12:33:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 15 Aug 2023 12:33:42 GMT

GET
H/1.1 200
OK 2sDfZG1Wl4LcnbuKjk0m.woff2
fonts.gstatic.com/s/oxygen/v15/ 16 KB
17 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oxygen&ver=5.9.2

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e64f128d5352d04ea5c87031e4cf1ad204b72a0afb003ece52eeb997d28a570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 13:25:26 GMT
X-Content-Type-Options: nosniff
Age: 256096
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 16348
X-XSS-Protection: 0
Last-Modified: Mon, 09 May 2022 18:31:32 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 11 Aug 2024 13:25:26 GMT

GET
H/1.1 200
OK icomoon.ttf
blog.majcica.com/wp-content/themes/decode/assets/fonts/ 2 KB
2 KB 45ms
44ms Font
application/octet-stream 2a01:238:20a:202:1159::
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: http://blog.majcica.com/wp-content/themes/decode/assets/fonts/icomoon.ttf?o9j7xi
Requested by: Host: blog.majcica.com
URL: http://blog.majcica.com/wp-content/themes/decode/assets/icomoon.css?ver=3.0.7
Protocol: HTTP/1.1
Server: 2a01:238:20a:202:1159:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software: Apache/2.4.57 (Unix) /
Resource Hash: 9f75f1b0ed8a63004bb1eeae94e1d0727b46d3e08d2e69b3c34473a25fa7f1c0

Request headers

Referer: http://blog.majcica.com/wp-content/themes/decode/assets/icomoon.css?ver=3.0.7
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 12:33:42 GMT
Last-Modified: Tue, 01 Nov 2016 11:21:59 GMT
Server: Apache/2.4.57 (Unix)
ETag: "718-5403b886323c0"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=96
Content-Length: 1816

GET
H/1.1 200
OK 2sDfZG1Wl4LcnbuKgE0mV0Q.woff2
fonts.gstatic.com/s/oxygen/v15/ 10 KB
11 KB 39ms
39ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKgE0mV0Q.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oxygen&ver=5.9.2

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b426b678ce92476bc90e1843469f4a1162150a9b149fc60dbd1189dec5bb575f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://blog.majcica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Fri, 11 Aug 2023 18:13:01 GMT
X-Content-Type-Options: nosniff
Age: 325241
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 10084
X-XSS-Protection: 0
Last-Modified: Mon, 09 May 2022 18:29:49 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sat, 10 Aug 2024 18:13:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: amads.buzz
URL: http://amads.buzz/g.php

Domain: amads.uno
URL: http://amads.uno/g.php

Domain: amads.fun
URL: http://amads.fun/g.php

Domain: techmarket.ink
URL: http://techmarket.ink/g.php

Domain: uads.shop
URL: http://uads.shop/g.php

Domain: 5.188.62.157
URL: http://5.188.62.157/g.php

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell	1970-01-20 22:48:45	Name: xads_platf_t Value: 7
blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell	1970-01-20 22:48:45	Name: xads_platf_fp Value: /cpbAts3upiayH0bDJDugTJ61l3924PLMVxYdQCI9e4hnV8QcQkehf7dGMAfc4JbLiG1jDAjMo0NWFR7FxrB/55KaUfpn8Xk2bzBmhLKO3TaaU2ujavNgPJaH0lK9LkYMP1thD9DRaW6iO5GzJKBdpbAbU/HQVbbkyEBJUsr8hH+6xfF6SlTSZZAvo1wAMj2pdpPIjuIzfzpyNZFj/luHCM8qRThr11XrzfD/CZDdwo%3D
blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell	1970-01-20 22:48:45	Name: xads_platf Value: 1
blog.majcica.com/2017/11/07/persisting-sensitive-information-with-powershell	1970-01-20 22:48:45	Name: xads_platf_ms Value: %5B7%5D
blog.majcica.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ei0g9eq1cpvhj23nikg5us7l7h
.blog.majcica.com/	1970-01-20 14:01:57	Name: bfa800b1b7d37a82e2a3c76d7438a8c7 Value: 4ff2404ca09dbf85217dd8284865eaad
.blog.majcica.com/	1970-01-20 14:01:43	Name: ckon2308 Value: sject2308_ab8275a07bd46
.blog.majcica.com/	1970-01-20 14:01:46	Name: SJECT2308 Value: CKON2308
blog.majcica.com/	1970-01-20 14:01:46	Name: JCS_INENREF Value:
blog.majcica.com/	1970-01-20 14:01:46	Name: JCS_INENTIM Value: 1692102821700
blog.majcica.com/	1970-01-20 14:01:46	Name: _wpss_h_ Value: 2
blog.majcica.com/	1970-01-20 14:01:46	Name: _wpss_p_ Value: N%3A3%20%7C%20WzFdW0Nocm9tZSBQREYgUGx1Z2luXSBbMl1bQ2hyb21lIFBERiBWaWV3ZXJdIFszXVtOYXRpdmUgQ2xpZW50XSA%3D

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://amads.uno/g.php Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://amads.fun/g.php Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://techmarket.ink/g.php Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://amads.buzz/g.php Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://uads.shop/g.php Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
2.gravatar.com
5.188.62.157
ajax.googleapis.com
amads.buzz
amads.fun
amads.uno
blog.majcica.com
elitepartnerfinders.top
fonts.googleapis.com
fonts.gstatic.com
myownshop.at
static.addtoany.com
techmarket.ink
uads.shop
5.188.62.157
amads.buzz
amads.fun
amads.uno
techmarket.ink
uads.shop
141.98.82.232
2606:4700:10::ac43:2794
2a00:1450:4001:80b::200a
2a00:1450:4001:812::2003
2a00:1450:4001:82b::200a
2a01:238:20a:202:1159::
2a04:fa87:fffe::c000:4902
2a06:98c1:3121::3
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
05d18955853a018a783dde77bcf072fb4e36df5bffafefb7be0e5e97411ab092
121e43a93a157cd5cc626ad5fd78c1c32fbc09b18fe6f03189e6c1fc502e9d1f
22518ff32f769e282e7b884f80b238038242e11fcd7c9ddf11a53285f6f4993a
2f41504abf92abf1bfebb240aa102941c07f9f6a552710b594eded574cc00725
3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c
3a8e6f593f86690ea7188764b2684e0c134217347c68aadc31eb3e877b896561
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5f869bbc8975d7d802b3eab6fc9b5906049413ad3b1f417c643eeb19f78f2778
6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271
74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
92545ae7b38b727089c99033d3557a18ee913a608fe8b26fb24973eb8660f17d
96840bd7cc7d8edd1d1ffaff60d7f335fd866cd9a6132c8524d620482f4df64a
98a4e1fdf290cfc7c5d58fd5688a45f0348db9ea62eceefad96a75569cae2a2d
9e64f128d5352d04ea5c87031e4cf1ad204b72a0afb003ece52eeb997d28a570
9f75f1b0ed8a63004bb1eeae94e1d0727b46d3e08d2e69b3c34473a25fa7f1c0
a02d23216c6457f31398e32ee141cc2ac5dc02597897f3ea4b2c213bcba7deb7
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
b426b678ce92476bc90e1843469f4a1162150a9b149fc60dbd1189dec5bb575f
b6cdbab5555764bfe125095c735b57999bfd9ca3a62ab96496c9852d6d338b87
bb7f45e35c5fbcc824b39f4bd7bfdd3f63d4ca66a273d24355f8ae3c083f11b7
bbc8e51701b9f491b018dcab9a1658033652a6a0880d7dcea0f821c3324a995e
bc4702db6b8a843db4682823c92cd49834a8e4966df210d2711f8a0ca4ddd633
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c56f5d45b9538cda781ca8fc54787593a27e9d0b9ed8620dddeab9a8b9f1055b
d112be22f5670582cbff8333b8999be4197939dc64eeaa1b3ebb89a4ebdce379
dbff254ee18676f8b11663832255a05508b27be0c1b23d69ee35b46c40c96faa
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
eb77b0735345f05bce43fb1a0631773daf518e66c1fa9cd9bc49367dce9894c8
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

blog.majcica.com Open in urlscan Pro 2a01:238:20a:202:1159:: Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

56 Requests

21 %HTTPS

88 %IPv6

13 Domains

15 Subdomains

9 IPs

4 Countries

860 kBTransfer

974 kBSize

12 Cookies

5 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.majcica.com Open in urlscan Pro
2a01:238:20a:202:1159:: Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

21 %
HTTPS

88 %
IPv6

13
Domains

15
Subdomains

9
IPs

4
Countries

860 kB
Transfer

974 kB
Size

12
Cookies

56 HTTP transactions
0 data transactions