Submitted URL: https://www.riskiq.com/blog/labs/magec=
Effective URL: https://darknetdiaries.com/episode/52/
Submission: On March 18 via api from US

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3030::681c:ba3, located in United States and belongs to CLOUDFLARENET, US. The main domain is darknetdiaries.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 31st 2020. Valid for: 8 months.
This is the only time darknetdiaries.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
5 darknetdiaries.com darknetdiaries.com
3 www.google-analytics.com www.googletagmanager.com
darknetdiaries.com
3 use.fontawesome.com darknetdiaries.com
2 cdn.podigee.com darknetdiaries.com
cdn.podigee.com
2 www.riskiq.com 2 redirects
1 fonts.gstatic.com darknetdiaries.com
1 ajax.googleapis.com darknetdiaries.com
1 www.googletagmanager.com darknetdiaries.com
1 fonts.googleapis.com darknetdiaries.com
17 9
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2020-01-31 -
2020-10-09
8 months crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA
2019-10-28 -
2020-12-23
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.podigee.com
COMODO RSA Domain Validation Secure Server CA
2018-10-26 -
2021-01-23
2 years crt.sh
*.google.com
GTS CA 1O1
2020-02-25 -
2020-05-19
3 months crt.sh

This page contains 2 frames:

Primary Page: https://darknetdiaries.com/episode/52/
Frame ID: 7D4075A21A010C765A2FCFA9E58E6F93
Requests: 16 HTTP requests in this frame

Frame: https://cdn.podigee.com/podcast-player/podigee-podcast-player.html?id=3e73806b&iframeMode=script
Frame ID: 89850B2148B30A03E1BBC3FB1E958E12
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.riskiq.com/blog/labs/magec= HTTP 301
    https://www.riskiq.com/news/magecart/ HTTP 302
    https://darknetdiaries.com/episode/52/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

8
Domains

9
Subdomains

8
IPs

2
Countries

596 kB
Transfer

1307 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.riskiq.com/blog/labs/magec= HTTP 301
    https://www.riskiq.com/news/magecart/ HTTP 302
    https://darknetdiaries.com/episode/52/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
darknetdiaries.com/episode/52/
Redirect Chain
  • https://www.riskiq.com/blog/labs/magec=
  • https://www.riskiq.com/news/magecart/
  • https://darknetdiaries.com/episode/52/
13 KB
4 KB
Document
General
Full URL
https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681c:ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af59a5d44f4ab55f5a281d9598e14b0eb8f45b8d4f92df64951308ef82f0a523

Request headers

:method
GET
:authority
darknetdiaries.com
:scheme
https
:path
/episode/52/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Wed, 18 Mar 2020 19:43:55 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d4103fdb5b5e8bb0894162693abc33a861584560635; expires=Fri, 17-Apr-20 19:43:55 GMT; path=/; domain=.darknetdiaries.com; HttpOnly; SameSite=Lax
last-modified
Tue, 17 Mar 2020 06:54:00 GMT
access-control-allow-origin
*
expires
Wed, 18 Mar 2020 19:53:55 GMT
cache-control
max-age=600
x-proxy-cache
MISS
x-github-request-id
5A14:30FD:757B4:8CC0E:5E7279FA
via
1.1 varnish
age
0
x-served-by
cache-fra19157-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1584560635.159337,VS0,VE101
vary
Accept-Encoding
x-fastly-request-id
2d47e2121d5e4f2c25615dc9a11174302b15778c
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
576172016e51d6b9-FRA
content-encoding
br

Redirect headers

status
302
server
nginx
date
Wed, 18 Mar 2020 19:43:54 GMT
content-type
text/html; charset=UTF-8
content-length
0
set-cookie
utm_source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com utm_medium=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com utm_term=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com utm_content=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com utm_campaign=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com gclid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com handl_original_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com handl_landing_page=https%3A%2F%2Fwww.riskiq.com%2Fnews%2Fmagecart%2F; expires=Fri, 17-Apr-2020 19:43:54 GMT; Max-Age=2592000; path=/; domain=.riskiq.com handl_ip=5.254.16.109; expires=Fri, 17-Apr-2020 19:43:54 GMT; Max-Age=2592000; path=/; domain=.riskiq.com handl_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com handl_url=https%3A%2F%2Fwww.riskiq.com%2Fnews%2Fmagecart%2F; expires=Fri, 17-Apr-2020 19:43:54 GMT; Max-Age=2592000; path=/; domain=.riskiq.com email=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com username=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.riskiq.com
location
https://darknetdiaries.com/episode/52/
x-powered-by
WP Engine
x-cacheable
non200
cache-control
max-age=600, must-revalidate
x-cache
MISS
x-cache-group
normal
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cdn
Incapsula
x-iinfo
6-3211999-3211974 PNNN RT(1584560634570 0) q(0 0 0 -1) r(2 2) U11
css
fonts.googleapis.com/
1 KB
535 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Anton
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f19523dc77124adcb1ac8bfbc7eb0fa180e9d0d95df19a7a714bb3b69089c1a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 18 Mar 2020 19:43:55 GMT
server
ESF
date
Wed, 18 Mar 2020 19:43:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 18 Mar 2020 19:43:55 GMT
style.css
darknetdiaries.com/css/
33 KB
6 KB
Stylesheet
General
Full URL
https://darknetdiaries.com/css/style.css
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681c:ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba62490b9a1cc19250d363f0326eb40f790f0145349c0419e7c0f008708920f9

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

x-fastly-request-id
756ffd8e6ed8e8d8025219dd5c2c390c92a2e437
date
Wed, 18 Mar 2020 19:43:55 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
x-cache-hits
0
content-encoding
br
x-served-by
cache-fra19163-FRA
last-modified
Tue, 17 Mar 2020 06:54:00 GMT
server
cloudflare
x-github-request-id
8B68:204C:17C111:1E7E9A:5E707C28
x-timer
S1584430121.314234,VS0,VE96
etag
W/"5e707408-841e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
5761720279fed6b9-FRA
x-proxy-cache
MISS
expires
Tue, 17 Mar 2020 14:20:33 GMT
solid.js
use.fontawesome.com/releases/v5.1.1/js/
415 KB
161 KB
Script
General
Full URL
https://use.fontawesome.com/releases/v5.1.1/js/solid.js
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
3867d0940b16870883c72b5ba17a4139110a089a05525fd90dedc66749517e4f

Request headers

Referer
https://darknetdiaries.com/episode/52/
Origin
https://darknetdiaries.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 18 Mar 2020 19:43:55 GMT
content-encoding
gzip
last-modified
Tue, 17 Jul 2018 17:49:53 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"e94e4b53c1f47f0b6958ce4bf261941e"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
brands.js
use.fontawesome.com/releases/v5.1.1/js/
346 KB
161 KB
Script
General
Full URL
https://use.fontawesome.com/releases/v5.1.1/js/brands.js
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
42693ba9c134373a7fbb6fd6c46b8392362d9b7d876b1261f103be84724a340d

Request headers

Referer
https://darknetdiaries.com/episode/52/
Origin
https://darknetdiaries.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 18 Mar 2020 19:43:55 GMT
content-encoding
gzip
last-modified
Tue, 17 Jul 2018 17:49:55 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"1aec4d3cfe7135477f01c9813a784090"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
fontawesome.js
use.fontawesome.com/releases/v5.1.1/js/
29 KB
12 KB
Script
General
Full URL
https://use.fontawesome.com/releases/v5.1.1/js/fontawesome.js
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
f1520fa4c6e7d78d0bb81039b3f7bf6016c67a7e27cb701d9309a822f7c61de5

Request headers

Referer
https://darknetdiaries.com/episode/52/
Origin
https://darknetdiaries.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 18 Mar 2020 19:43:55 GMT
content-encoding
gzip
last-modified
Tue, 17 Jul 2018 17:49:51 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"8684f7006c6375f716bc8a1d94a4909f"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
custom.css
darknetdiaries.com/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://darknetdiaries.com/css/custom.css
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681c:ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b035f0feb0c05bb894783ccfefde888e39a53bc89da91fd5cf9bc2bab7fb5d41

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

x-fastly-request-id
14dceed98209c398d47a75e6bf4ce6ea9d1a11f2
date
Wed, 18 Mar 2020 19:43:55 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
x-cache-hits
0
content-encoding
br
x-served-by
cache-fra19168-FRA
last-modified
Tue, 17 Mar 2020 06:54:00 GMT
server
cloudflare
x-github-request-id
25B0:573C:2678CB:317F50:5E707C28
x-timer
S1584430121.311301,VS0,VE94
etag
W/"5e707408-1446"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
576172027a03d6b9-FRA
x-proxy-cache
MISS
expires
Wed, 18 Mar 2020 17:30:30 GMT
js
www.googletagmanager.com/gtag/
75 KB
28 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2202347-13
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
10af0fb8b440d51002baa92aaf7ca22f3916e1c4ce72541d388749c1c97691b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 18 Mar 2020 19:43:55 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28651
x-xss-protection
0
last-modified
Wed, 18 Mar 2020 19:19:18 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 18 Mar 2020 19:43:55 GMT
podigee-podcast-player.js
cdn.podigee.com/podcast-player/javascripts/
6 KB
3 KB
Script
General
Full URL
https://cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.58.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.26.58.130.94.clients.your-server.de
Software
openresty /
Resource Hash
cfaac833317267c72deace4cd72b955746a95aaa8d01933823117df97837dd32

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 18 Mar 2020 19:43:55 GMT
content-encoding
gzip
last-modified
Tue, 17 Mar 2020 19:52:05 GMT
server
openresty
access-control-allow-origin
*
etag
W/"735d073377dfaf39cfb1fab816090cf3"
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
6cbekt.prXds5AEXQvG9Voz0nFHcvaiD
status
200
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-CSRF-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,X-Proxy-Cache
cache-control
max-age=86400
access-control-allow-credentials
true
content-type
application/javascript; charset=UTF-8
access-control-allow-headers
Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-CSRF-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires
Thu, 19 Mar 2020 19:43:55 GMT
magecart.jpg
darknetdiaries.com/imgs/
133 KB
134 KB
Image
General
Full URL
https://darknetdiaries.com/imgs/magecart.jpg
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681c:ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d22f4e6361de2df0c9029de87d569291331db9c6e5e9ce79b38747a9227a9fd

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

x-fastly-request-id
5663cb394f723988fc893390f9b6da4f34bcee64
date
Wed, 18 Mar 2020 19:43:55 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
x-cache-hits
0
content-length
136464
x-served-by
cache-fra19174-FRA
last-modified
Tue, 17 Mar 2020 06:54:01 GMT
server
cloudflare
x-github-request-id
FAA6:3D6E:6112D1:782D1F:5E709AF6
x-timer
S1584438008.695645,VS0,VE368
etag
"5e707409-21510"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
576172032c51d6b9-FRA
x-proxy-cache
MISS
expires
Wed, 18 Mar 2020 19:33:16 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 09 Mar 2020 15:36:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
792432
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 09 Mar 2021 15:36:43 GMT
personal-min.js
darknetdiaries.com/js/
112 KB
30 KB
Script
General
Full URL
https://darknetdiaries.com/js/personal-min.js
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681c:ba3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ebc07802e54b07641c11b399c6c137b21e8c68162e71a7598ec003acad60d97

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-fastly-request-id
871b3be6803a2bbfa55d08c13a67e1bb2ac8fc33
date
Wed, 18 Mar 2020 19:43:55 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
x-cache
MISS
status
200
x-cache-hits
0
content-encoding
br
x-served-by
cache-fra19145-FRA
last-modified
Tue, 17 Mar 2020 06:54:01 GMT
server
cloudflare
x-github-request-id
2406:573C:2678CB:317F65:5E707C29
x-timer
S1584430121.312333,VS0,VE95
etag
W/"5e707409-1c038"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
57617202fb97d6b9-FRA
x-proxy-cache
MISS
expires
Wed, 18 Mar 2020 19:40:00 GMT
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2202347-13
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
4223
date
Wed, 18 Mar 2020 18:33:32 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Wed, 18 Mar 2020 20:33:32 GMT
1Ptgg87LROyAm3Kz-C8CSKlv.woff2
fonts.gstatic.com/s/anton/v11/
8 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/anton/v11/1Ptgg87LROyAm3Kz-C8CSKlv.woff2
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
373dd2c1d2e595a589ff4533952ba07f8b35e44dbfcd2f1575d81627de30be1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Anton
Origin
https://darknetdiaries.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Feb 2020 00:00:06 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Jul 2019 23:55:12 GMT
server
sffe
age
1971829
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
8580
x-xss-protection
0
expires
Wed, 24 Feb 2021 00:00:06 GMT
podigee-podcast-player.html
cdn.podigee.com/podcast-player/ Frame 8985
0
0
Document
General
Full URL
https://cdn.podigee.com/podcast-player/podigee-podcast-player.html?id=3e73806b&iframeMode=script
Requested by
Host: cdn.podigee.com
URL: https://cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.58.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.26.58.130.94.clients.your-server.de
Software
openresty /
Resource Hash

Request headers

:method
GET
:authority
cdn.podigee.com
:scheme
https
:path
/podcast-player/podigee-podcast-player.html?id=3e73806b&iframeMode=script
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://darknetdiaries.com/episode/52/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://darknetdiaries.com/episode/52/

Response headers

status
200
server
openresty
date
Wed, 18 Mar 2020 19:43:55 GMT
content-type
text/html; charset=UTF-8
last-modified
Tue, 17 Mar 2020 19:52:05 GMT
etag
W/"327a5a7e4f5793c0b8cdaf86c6008b28"
x-amz-version-id
F0DUAXqnrr6XEfcmoaVPUjAVq7MKMr.u
expires
Thu, 19 Mar 2020 19:43:55 GMT
cache-control
max-age=86400
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-CSRF-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-CSRF-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,X-Proxy-Cache
content-encoding
gzip
collect
www.google-analytics.com/r/
35 B
110 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=2010683336&t=pageview&_s=1&dl=https%3A%2F%2Fdarknetdiaries.com%2Fepisode%2F52%2F&ul=en-us&de=UTF-8&dt=Magecart%20%E2%80%93%20Darknet%20Diaries&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1286688700&gjid=564974645&cid=2017293776.1584560635&tid=UA-2202347-13&_gid=1800398645.1584560635&_r=1&gtm=2ou3b2&z=736082052
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 18 Mar 2020 19:43:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
106 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=2010683336&t=pageview&_s=2&dl=https%3A%2F%2Fdarknetdiaries.com%2Fepisode%2F52%2F&ul=en-us&de=UTF-8&dt=Magecart%20%E2%80%93%20Darknet%20Diaries&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=&gjid=&cid=2017293776.1584560635&tid=UA-2202347-13&_gid=1800398645.1584560635&gtm=2ou3b2&z=1012618452
Requested by
Host: darknetdiaries.com
URL: https://darknetdiaries.com/episode/52/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://darknetdiaries.com/episode/52/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 24 Feb 2020 21:08:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1982141
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| google_tag_manager object| dataLayer function| gtag string| GoogleAnalyticsObject function| ga object| playerConfiguration object| podigeePodcastPlayers function| $ function| jQuery object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| Waypoint object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.podigee.com
darknetdiaries.com
fonts.googleapis.com
fonts.gstatic.com
use.fontawesome.com
www.google-analytics.com
www.googletagmanager.com
www.riskiq.com
107.154.114.154
23.111.9.35
2606:4700:3030::681c:ba3
2a00:1450:4001:800::2008
2a00:1450:4001:809::200a
2a00:1450:4001:814::200e
2a00:1450:4001:815::2003
2a00:1450:4001:81d::200a
94.130.58.26
10af0fb8b440d51002baa92aaf7ca22f3916e1c4ce72541d388749c1c97691b7
373dd2c1d2e595a589ff4533952ba07f8b35e44dbfcd2f1575d81627de30be1e
3867d0940b16870883c72b5ba17a4139110a089a05525fd90dedc66749517e4f
42693ba9c134373a7fbb6fd6c46b8392362d9b7d876b1261f103be84724a340d
7d22f4e6361de2df0c9029de87d569291331db9c6e5e9ce79b38747a9227a9fd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ebc07802e54b07641c11b399c6c137b21e8c68162e71a7598ec003acad60d97
af59a5d44f4ab55f5a281d9598e14b0eb8f45b8d4f92df64951308ef82f0a523
b035f0feb0c05bb894783ccfefde888e39a53bc89da91fd5cf9bc2bab7fb5d41
ba62490b9a1cc19250d363f0326eb40f790f0145349c0419e7c0f008708920f9
cfaac833317267c72deace4cd72b955746a95aaa8d01933823117df97837dd32
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f1520fa4c6e7d78d0bb81039b3f7bf6016c67a7e27cb701d9309a822f7c61de5
f19523dc77124adcb1ac8bfbc7eb0fa180e9d0d95df19a7a714bb3b69089c1a2