urlscan.io logo urlscan.io
SecurityTrails logo

heimdalsecurity.com Open in urlscan Pro
52.157.161.254  Public Scan

Go To Rescan Add Verdict Report
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Submission: On December 19 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 13 domains to perform 44 HTTP transactions. The main IP is 52.157.161.254, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is heimdalsecurity.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on December 30th 2019. Valid for: 2 years.
This is the only time heimdalsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

19    52.157.161.254 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
heimdalsecurity.com
1    13.35.253.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-117.fra6.r.cloudfront.net
clientcdn.pushengage.com
3    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com
munchkin.marketo.net
6    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
5    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2.17.177.117 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-177-117.deploy.static.akamaitechnologies.com
chimpstatic.com
1    130.248.173.59 (United States)

ASN15224 (OMNITURE, US)
799-jxo-275.mktoresp.com
1    2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.nl
Domain Requested by
19 heimdalsecurity.com heimdalsecurity.com
6 fonts.gstatic.com fonts.googleapis.com
5 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
heimdalsecurity.com
3 fonts.googleapis.com heimdalsecurity.com
2 munchkin.marketo.net heimdalsecurity.com
munchkin.marketo.net
2 www.googletagmanager.com heimdalsecurity.com
www.googletagmanager.com
1 www.google.nl
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
1 799-jxo-275.mktoresp.com munchkin.marketo.net
1 chimpstatic.com heimdalsecurity.com
1 secure.gravatar.com heimdalsecurity.com
1 clientcdn.pushengage.com heimdalsecurity.com
44 13
Subject Issuer Validity Valid
*.heimdalsecurity.com
DigiCert SHA2 Secure Server CA		 2019-12-30 -
2022-03-14		 2 years crt.sh
*.pushengage.com
Amazon		 2021-01-27 -
2022-02-24		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2021-03-29 -
2022-04-06		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
wildcardsan.us15.list-manage.com
DigiCert SHA2 Secure Server CA		 2021-11-19 -
2022-11-19		 a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-30 -
2022-11-30		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google.nl
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Frame ID: E1556AB351FD8AA67E8E111BCADC0144
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Monero Miners Were Injected in Log4j Through RMI

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • chimpstatic\.com/mcjs-connected
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • clientcdn\.pushengage\.\w+/core
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

44
Requests

100 %
HTTPS

62 %
IPv6

13
Domains

13
Subdomains

14
IPs

5
Countries

686 kB
Transfer

1755 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/ 		54 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e25d637ff78866698d17e29085062a9d542528c22b48dc43617eb7dee9a4b688
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

server
nginx
date
Sun, 19 Dec 2021 18:15:08 GMT
content-type
text/html; charset=UTF-8
content-length
12693
vary
Accept-Encoding, Cookie
content-encoding
gzip
link
<https://heimdalsecurity.com/blog/?p=39424>; rel=shortlink
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/ 		375 KB
60 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
11fc9766e505f2a07b6c54e0f38bc7b811458bce4be95e9660fd9a83829ef4a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Dec 2021 11:35:24 GMT
server
nginx
etag
W/"61b8817c-5db1e"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
jquery.js
heimdalsecurity.com/blog/wp-includes/js/jquery/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 04 Dec 2021 01:31:37 GMT
server
nginx
etag
W/"61aac4f9-17a6a"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
380d288a0f223de9a81e026f47b6e7b8.js
clientcdn.pushengage.com/core/ 		72 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://clientcdn.pushengage.com/core/380d288a0f223de9a81e026f47b6e7b8.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-117.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
d56150089133bd8727db4403f607ea3319a9fc0df383c4ceedc6d6b4204ec5c8

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
server
nginx
x-amz-cf-pop
FRA6-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=120
x-amz-cf-id
u0xvJHA4JHpxN-N6MJn84__8RBPqhRtP35rmpstDO9Py0K4-tFh2wA==
via
1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
lazysizes.min.js
heimdalsecurity.com/blog/wp-content/plugins/autoptimize/classes/external/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.8.3
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
c4fada4accfa24704b54248bc5ce84acac50b6a059828b7714fe3006786c80c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Apr 2021 07:53:14 GMT
server
nginx
etag
W/"60827cea-2655"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
bootstrap.min.js
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/bootstrap.min.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
W/"5cdab29f-9004"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
autoptimize_single_046bbb341b14cff5496f589d7c617b96.js
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_single_046bbb341b14cff5496f589d7c617b96.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
fbdfca30b2412cd98ce89f23315b746231e55db78180cba372c2b162fd70b808
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Dec 2021 11:35:24 GMT
server
nginx
etag
W/"61b8817c-a13"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
jquery.validate.min.js
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/jquery.validate.min.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
7836abd3871f857f1d6c2e1354979afca303a088dd80670ebb9829b0262ec170
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
W/"5cdab29f-59f3"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
autoptimize_single_d676a73849922aee35ee8029a1cd6989.js
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_single_d676a73849922aee35ee8029a1cd6989.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
19b5311889e9ba9cd9d3b440411a3e2b37cc7dfe49fe470928e1c83c1a7ae2f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Dec 2021 11:35:24 GMT
server
nginx
etag
W/"61b8817c-23a3"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
script.min.js
heimdalsecurity.com/blog/wp-content/plugins/layered-popups/js/ 		48 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/plugins/layered-popups/js/script.min.js?ver=6.33
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
5a4a9f4076fc96fb244f92a12a017c93917f5d7c14f91c398faf43f6b634b1ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:49 GMT
server
nginx
etag
W/"5cdab2a1-c1ed"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:08 GMT
autoptimize_f7dfd318f9f460b719e4c8db7ba97850.js
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 		276 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_f7dfd318f9f460b719e4c8db7ba97850.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
40f3102e1a2d4be6ca3eccd2938e4f693dba8ce2e575fbd3c351e3337363f0de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Dec 2021 11:35:24 GMT
server
nginx
etag
W/"61b8817c-44ec0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
css
fonts.googleapis.com/ 		30 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2fe676465e73f772bde539c6cd09424bd3ff5ce447e7add726ba2dfa6c641b67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 19 Dec 2021 18:15:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 19 Dec 2021 18:15:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 19 Dec 2021 18:15:09 GMT
css
fonts.googleapis.com/ 		3 KB
530 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,400i,700,900&display=swap
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3de4256f2b99862f9ae5af8c3a0816c328a8396d393820df5f15c0f5609ad7fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 19 Dec 2021 18:15:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 19 Dec 2021 18:15:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 19 Dec 2021 18:15:09 GMT
css2
fonts.googleapis.com/ 		31 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e9c2df2904ee0ac9a0dcc01dbb90666d1c1fd659891fcecba4aa7f64ee0406c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 19 Dec 2021 16:29:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 19 Dec 2021 18:15:09 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 19 Dec 2021 18:15:09 GMT
gtm.js
www.googletagmanager.com/ 		172 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f64052e51ad3939e920e4c45dbb6a53c093d35be6e3ce5dd2dbbd6506f7270a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59406
x-xss-protection
0
last-modified
Sun, 19 Dec 2021 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 19 Dec 2021 18:15:09 GMT
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Sun, 19 Dec 2021 18:15:09 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7ae4f4e313e150000175511c29ca19ae2948eb663987253d19a9372cc20e3fe

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2079ac533041003933aeedca897db1a58a97fdf49cab0537e0ee4f067dad2e31

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
drop_light_blue.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 		343 B
572 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/drop_light_blue.svg
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
ae79ef8a171c02a3c7de6d2bb6a5f6a5c2fd165fe719d2b68242c4017fa9705d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
W/"5cdab29f-157"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
Untitled-design-13-7.png
heimdalsecurity.com/blog/wp-content/uploads/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/uploads/Untitled-design-13-7.png
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
d400e7f84709eeb436fbfe5f02caac19cded8bb0f1f8edf44063d958c2b425dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
last-modified
Fri, 17 Dec 2021 11:29:37 GMT
server
nginx
etag
"61bc74a1-5de4"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
24036
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
red_thunder.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 		286 B
543 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/red_thunder.svg
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
faa6cd619c2cc2d1741d4c2018a1988eb291a803c7d3a7b5bddc3df6584999f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
W/"5cdab29f-11e"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
shadow.png
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/shadow.png
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
dbf1552257dbdff9b53c6f3b5ba8aa1092ded30ed72b30513e6ff197a43f9b55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
"5cdab29f-e465"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
58469
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
blockquote_before.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 		662 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/blockquote_before.svg
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
071f7191f259bc0d0576a445d635cab9b46bfd8eeb6d419f9595cc0fdab89e2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
W/"5cdab29f-296"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
blockquote_after.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 		649 B
708 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/blockquote_after.svg
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
49aaa743a71ecc73a75ffdf949528fc00517e54647214ad044c8b3f3c8f43805
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
W/"5cdab29f-289"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
glyphicons-halflings-regular.woff2
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
"5cdab29f-466c"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
18028
x-xss-protection
1; mode=block
fontawesome-webfont.woff2
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/ 		70 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_582df6eef1cbbffd4dd7373d2cddc622.css
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
last-modified
Tue, 14 May 2019 12:20:47 GMT
server
nginx
etag
"5cdab29f-118d8"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
71896
x-xss-protection
1; mode=block
BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v16/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotoslab/v16/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c2dd34c8a8d2ed4b4e91eed55c2404518bb4a5ff02ae68e7a08f4e14ddb3e46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:56:39 GMT
x-content-type-options
nosniff
age
389910
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32876
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 18:12:04 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 05:56:39 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:22:37 GMT
x-content-type-options
nosniff
age
370352
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 11:22:37 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:33:18 GMT
x-content-type-options
nosniff
age
391311
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 05:33:18 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:54:06 GMT
x-content-type-options
nosniff
age
404463
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 01:54:06 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:07:55 GMT
x-content-type-options
nosniff
age
425234
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 20:07:55 GMT
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heimdalsecurity.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:15:22 GMT
x-content-type-options
nosniff
age
431987
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17484
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 18:15:22 GMT
heimdal-logo.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/heimdal-logo.svg
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.157.161.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
a2953e22f7b3afac6b55791bd52cd4c349d27035b1f6fddab86c585b271bdf60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 10 Oct 2019 13:13:58 GMT
server
nginx
etag
W/"5d9f2e96-1908"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-xss-protection
1; mode=block
expires
Tue, 18 Jan 2022 18:15:09 GMT
253e5a2965d6e476b7953a2a59d80360
secure.gravatar.com/avatar/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/253e5a2965d6e476b7953a2a59d80360?s=120&d=mm&r=g
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
2d6f9358e82389d0eea74d56cdd47ae13c7303dd959a9d4645c931916d615a81

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc
HIT mxp 2
date
Sun, 19 Dec 2021 18:15:09 GMT
last-modified
Fri, 26 Mar 2021 13:01:09 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="253e5a2965d6e476b7953a2a59d80360.jpeg"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/253e5a2965d6e476b7953a2a59d80360?s=120&d=mm&r=g>; rel="canonical"
content-length
5172
expires
Sun, 19 Dec 2021 18:20:09 GMT
munchkin.js
munchkin.marketo.net/161/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Sun, 19 Dec 2021 18:15:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Tue, 29 Mar 2022 18:15:09 GMT
js
www.googletagmanager.com/gtag/ 		166 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-23QZ2R919V&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
46e9458372d14f932b2f56cf7e6041688ef6002e0dfc39e71f350ef87378d04d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:15:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62355
x-xss-protection
0
expires
Sun, 19 Dec 2021 18:15:09 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4443
date
Sun, 19 Dec 2021 17:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 19 Dec 2021 19:01:06 GMT
97737495b7a5296ee4586cdbf.js
chimpstatic.com/mcjs-connected/js/users/9588e79f21453dd8e52df4d68/ 		50 B
579 B 		Script
General
Check archive.org
Download Go to
Full URL
https://chimpstatic.com/mcjs-connected/js/users/9588e79f21453dd8e52df4d68/97737495b7a5296ee4586cdbf.js
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.17.177.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-177-117.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
96
Date
Sun, 19 Dec 2021 18:15:09 GMT
Last-Modified
Tue, 05 Mar 2019 18:02:44 GMT
Server
AmazonS3
x-amz-request-id
B5D4EBE85CE0D1C9
X-EdgeConnect-MidMile-RTT
0
ETag
"104d46a3208b40e8ded389332f5a78a3"
Content-Type
application/javascript
Cache-Control
max-age=1721
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
50
x-amz-id-2
8gwKh2KpQndV3wvSgR5d1pqr00EPdbRlLWzYJ0BRklLUu+cxGOOxhkhW8zJzfk4/sSFlxGdNjRA=
Expires
Sun, 19 Dec 2021 18:43:50 GMT
visitWebPage
799-jxo-275.mktoresp.com/webevents/ 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://799-jxo-275.mktoresp.com/webevents/visitWebPage?_mchNc=1639937709326&_mchCn=&_mchId=799-JXO-275&_mchTk=_mch-heimdalsecurity.com-1639937709325-17212&_mchHo=heimdalsecurity.com&_mchPo=&_mchRu=%2Fblog%2Fmonero-miners-injected-in-log4j-through-rmi%2F&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=web_view%3Dtrue
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
130.248.173.59 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://heimdalsecurity.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sun, 19 Dec 2021 18:15:09 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
88e30de7-03f2-445a-b4c4-afa3b3cdbebd
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=567240026&t=event&ni=1&_s=1&dl=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fmonero-miners-injected-in-log4j-through-rmi%2F%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Monero%20Miners%20Were%20Injected%20in%20Log4j%20Through%20RMI&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blog%20Authors&ea=Page%20View&el=DORA%20TUDOR&_u=YEBAAEABAAAAAC~&jid=2132492202&gjid=300679070&cid=118247890.1639937709&tid=UA-52749460-1&_gid=199684484.1639937709&_r=1&gtm=2wgc10PRSV4QF&cd2=DORA%20TUDOR&cd3=Cybersecurity%20News&z=1128950932
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://heimdalsecurity.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heimdalsecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=567240026&t=event&ni=1&_s=1&dl=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fmonero-miners-injected-in-log4j-through-rmi%2F%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Monero%20Miners%20Were%20Injected%20in%20Log4j%20Through%20RMI&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blog%20Categories&ea=Page%20View&el=Cybersecurity%20News&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=118247890.1639937709&tid=UA-52749460-1&_gid=199684484.1639937709&gtm=2wgc10PRSV4QF&cd2=DORA%20TUDOR&cd3=Cybersecurity%20News&z=1822080885
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Dec 2021 19:54:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
80444
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=567240026&t=pageview&_s=1&dl=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fmonero-miners-injected-in-log4j-through-rmi%2F%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Monero%20Miners%20Were%20Injected%20in%20Log4j%20Through%20RMI&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=118247890.1639937709&tid=UA-52749460-1&_gid=199684484.1639937709&gtm=2wgc10PRSV4QF&cd2=DORA%20TUDOR&cd3=Cybersecurity%20News&z=1804040157
Requested by
Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/monero-miners-injected-in-log4j-through-rmi/?web_view=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Dec 2021 19:54:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
80444
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-23QZ2R919V&gtm=2oec10&_p=567240026&sr=1600x1200&ul=en-us&cid=118247890.1639937709&_s=1&dl=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fmonero-miners-injected-in-log4j-through-rmi%2F%3Fweb_view%3Dtrue&dt=Monero%20Miners%20Were%20Injected%20in%20Log4j%20Through%20RMI&sid=1639937709&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-23QZ2R919V&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heimdalsecurity.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 19 Dec 2021 18:15:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heimdalsecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-52749460-1&cid=118247890.1639937709&jid=2132492202&gjid=300679070&_gid=199684484.1639937709&_u=YEBAAEAAAAAAAC~&z=1306197830
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://heimdalsecurity.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sun, 19 Dec 2021 18:15:09 GMT
content-type
text/plain
access-control-allow-origin
https://heimdalsecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-52749460-1&cid=118247890.1639937709&jid=2132492202&_u=YEBAAEAAAAAAAC~&z=840574940
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.nl/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-52749460-1&cid=118247890.1639937709&jid=2132492202&_u=YEBAAEAAAAAAAC~&z=840574940
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://heimdalsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 19 Dec 2021 18:15:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| $ function| jQuery function| external_links_in_new_windows_loop function| external_links_in_new_windows_load object| ulp_custom_handlers string| ulp_cookie_value string| ulp_recaptcha_enable string| ulp_onload_popup string| ulp_onload_mode string| ulp_onload_period string| ulp_onscroll_popup string| ulp_onscroll_mode string| ulp_onscroll_period string| ulp_onexit_popup string| ulp_onexit_mode string| ulp_onexit_period string| ulp_onidle_popup string| ulp_onidle_mode string| ulp_onidle_period string| ulp_onabd_popup string| ulp_onabd_mode string| ulp_onabd_period string| ulp_onload_delay string| ulp_onload_close_delay string| ulp_onscroll_offset string| ulp_onidle_delay object| dataLayer object| _peq object| lazySizesConfig object| jQuery112407758713270898767 object| postmain object| cro_ajax boolean| ulp_active_window_id string| ulp_active_campaign boolean| ulp_subscribing boolean| ulp_onload_displayed boolean| ulp_onexit_displayed boolean| ulp_onscroll_displayed boolean| ulp_onidle_displayed boolean| ulp_onabd_displayed boolean| ulp_no_preload_loading undefined| ulp_timeout object| ulp_viewport number| ulp_onidle_counter undefined| ulp_onidle_timer number| ulp_position_margin string| ulp_forced_location object| ulp_recaptcha_queue object| ulp_css3_animations_in object| ulp_css3_animations_out boolean| ulp_mobile function| ulp_popup_id function| ulp_prepare_ids function| ulp_inline_open function| _ulp_inline_hide_confirmation function| _ulp_inline_open function| _ulp_inline_subscribe function| ulp_open function| _ulp_open function| ulp_close function| ulp_self_close function| ulp_reset_recaptcha function| ulp_subscribe function| ulp_onload_open function| ulp_init function| ulp_onidle_counter_handler function| ulp_read_cookie function| ulp_write_cookie function| ulp_ready function| ulp_utf8encode function| ulp_encode64 function| ulp_utf8decode function| ulp_decode64 function| ulp_track function| ulp_share function| ulp_social_google_plusone function| ulp_social_linkedin_share function| ulp_close_forever function| ulp_unlock_links function| ulp_clear_form function| ulp_recaptcha_loaded function| ulp_hex2rgba function| ulp_datetimepicker_init object| EnlighterJS_Config string| ulp_ajax_url string| ulp_css3_enable string| ulp_ga_tracking string| ulp_km_tracking string| ulp_onexit_limits string| ulp_no_preload object| ulp_campaigns object| ulp_overlays object| lazySizes function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| GoogleAnalyticsObject function| ga object| MunchkinTracker object| $mcSite object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady object| _peSd object| _peD object| _peE object| _pe number| j

6 Cookies

Domain/Path Name / Value
.heimdalsecurity.com/ Name: _gcl_au
Value: 1.1.541641954.1639937709
.heimdalsecurity.com/ Name: _mkto_trk
Value: id:799-JXO-275&token:_mch-heimdalsecurity.com-1639937709325-17212
.heimdalsecurity.com/ Name: _gid
Value: GA1.2.199684484.1639937709
.heimdalsecurity.com/ Name: _gat_UA-52749460-1
Value: 1
.heimdalsecurity.com/ Name: _ga_23QZ2R919V
Value: GS1.1.1639937709.1.0.1639937709.0
.heimdalsecurity.com/ Name: _ga
Value: GA1.1.118247890.1639937709

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

799-jxo-275.mktoresp.com
chimpstatic.com
clientcdn.pushengage.com
fonts.googleapis.com
fonts.gstatic.com
heimdalsecurity.com
munchkin.marketo.net
secure.gravatar.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.nl
www.googletagmanager.com
104.111.234.67
13.35.253.117
130.248.173.59
2.17.177.117
2a00:1450:4001:808::200a
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:400c:c08::9b
2a04:fa87:fffe::c000:4902
52.157.161.254
071f7191f259bc0d0576a445d635cab9b46bfd8eeb6d419f9595cc0fdab89e2e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
11fc9766e505f2a07b6c54e0f38bc7b811458bce4be95e9660fd9a83829ef4a7
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
19b5311889e9ba9cd9d3b440411a3e2b37cc7dfe49fe470928e1c83c1a7ae2f0
2079ac533041003933aeedca897db1a58a97fdf49cab0537e0ee4f067dad2e31
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2c2dd34c8a8d2ed4b4e91eed55c2404518bb4a5ff02ae68e7a08f4e14ddb3e46
2d6f9358e82389d0eea74d56cdd47ae13c7303dd959a9d4645c931916d615a81
2fe676465e73f772bde539c6cd09424bd3ff5ce447e7add726ba2dfa6c641b67
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3de4256f2b99862f9ae5af8c3a0816c328a8396d393820df5f15c0f5609ad7fd
40f3102e1a2d4be6ca3eccd2938e4f693dba8ce2e575fbd3c351e3337363f0de
46e9458372d14f932b2f56cf7e6041688ef6002e0dfc39e71f350ef87378d04d
49aaa743a71ecc73a75ffdf949528fc00517e54647214ad044c8b3f3c8f43805
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4c7856c0d39606a745670d4c03525f3644fe65304191be208516def923cc3762
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a4a9f4076fc96fb244f92a12a017c93917f5d7c14f91c398faf43f6b634b1ea
7836abd3871f857f1d6c2e1354979afca303a088dd80670ebb9829b0262ec170
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2953e22f7b3afac6b55791bd52cd4c349d27035b1f6fddab86c585b271bdf60
a7ae4f4e313e150000175511c29ca19ae2948eb663987253d19a9372cc20e3fe
ae79ef8a171c02a3c7de6d2bb6a5f6a5c2fd165fe719d2b68242c4017fa9705d
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c4fada4accfa24704b54248bc5ce84acac50b6a059828b7714fe3006786c80c1
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
d400e7f84709eeb436fbfe5f02caac19cded8bb0f1f8edf44063d958c2b425dd
d56150089133bd8727db4403f607ea3319a9fc0df383c4ceedc6d6b4204ec5c8
dbf1552257dbdff9b53c6f3b5ba8aa1092ded30ed72b30513e6ff197a43f9b55
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e25d637ff78866698d17e29085062a9d542528c22b48dc43617eb7dee9a4b688
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c2df2904ee0ac9a0dcc01dbb90666d1c1fd659891fcecba4aa7f64ee0406c1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f64052e51ad3939e920e4c45dbb6a53c093d35be6e3ce5dd2dbbd6506f7270a0
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f
faa6cd619c2cc2d1741d4c2018a1988eb291a803c7d3a7b5bddc3df6584999f8
fbdfca30b2412cd98ce89f23315b746231e55db78180cba372c2b162fd70b808
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c