URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Submission: On September 25 via api from GB

Summary

This website contacted 15 IPs in 4 countries across 11 domains to perform 42 HTTP transactions. The main IP is 35.165.181.96, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is 35.165.181.96.
TLS certificate: Issued by www.example.com on April 29th 2020. Valid for: 10 years.
This is the only time 35.165.181.96 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 35.165.181.96 16509 (AMAZON-02)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 104.18.47.188 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.112.157 54113 (FASTLY)
1 192.0.77.2 2635 (AUTOMATTIC)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 23.43.194.35 20940 (AKAMAI-ASN1)
1 130.211.198.3 15169 (GOOGLE)
1 192.0.76.3 2635 (AUTOMATTIC)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
42 15
Domain Requested by
9 cdn.ampproject.org 35.165.181.96
cdn.ampproject.org
5 d-2394704410342131513.ampproject.net cdn.ampproject.org
5 fonts.gstatic.com fonts.googleapis.com
1 secure.gravatar.com
1 pixel.wp.com 35.165.181.96
1 blog.malwarebytes.com 35.165.181.96
1 blog.paloaltonetworks.com 35.165.181.96
1 www.securityweek.com 35.165.181.96
1 i0.wp.com 35.165.181.96
1 platform.twitter.com cdn.ampproject.org
1 3p.ampproject.net cdn.ampproject.org
1 modernnetsec.io 35.165.181.96
1 fonts.googleapis.com 35.165.181.96
42 13
Subject Issuer Validity Valid
www.example.com
www.example.com
2020-04-29 -
2030-04-27
10 years crt.sh
misc-sni.google.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-02 -
2021-08-02
a year crt.sh
platform.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-08-13 -
2021-08-18
a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA
2020-04-02 -
2022-07-05
2 years crt.sh
securityweek.com
Cloudflare Inc ECC CA-3
2020-07-04 -
2021-07-04
a year crt.sh
*.paloaltonetworks.com
DigiCert SHA2 Secure Server CA
2019-09-11 -
2020-12-10
a year crt.sh
blog.malwarebytes.com
DigiCert SHA2 High Assurance Server CA
2019-04-02 -
2021-07-05
2 years crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA
2020-08-14 -
2022-11-16
2 years crt.sh

This page contains 5 frames:

Primary Page: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Frame ID: 21702D0283C03372029F08667302D6A2
Requests: 47 HTTP requests in this frame

Frame: https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Frame ID: A66E922BECB6FAFA84C0DED1CBA7209A
Requests: 1 HTTP requests in this frame

Frame: https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Frame ID: 40629941FBA64C8A508DCFEE1E540D9A
Requests: 1 HTTP requests in this frame

Frame: https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Frame ID: 1F372A85CDAADED8F42672E02E785467
Requests: 1 HTTP requests in this frame

Frame: https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Frame ID: 14FBF647C2DBD2A8AC7010A26CC9E928
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

42
Requests

69 %
HTTPS

50 %
IPv6

11
Domains

13
Subdomains

15
IPs

4
Countries

899 kB
Transfer

1628 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
145 KB
26 KB
Document
General
Full URL
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache / PHP/7.3.14
Resource Hash
056d6addb7d0accea520be5c121f85b698b42f995a05f09db34aa6f6a7487376
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
35.165.181.96
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:05 GMT
Server
Apache
X-Powered-By
PHP/7.3.14
Link
<https://35.165.181.96/wp-json/>; rel="https://api.w.org/", <https://35.165.181.96/wp-json/wp/v2/posts/22827>; rel="alternate"; type="application/json", <https://35.165.181.96/?p=22827>; rel=shortlink
Server-Timing
amp_sanitizer;dur="134.1",amp_style_sanitizer;dur="53.0",amp_tag_and_attribute_sanitizer;dur="53.2",amp_optimizer;dur="4.6"
X-Frame-Options
SAMEORIGIN
Vary
Cookie,Accept-Encoding
X-Mod-Pagespeed
1.13.35.2-0
Content-Encoding
gzip
Cache-Control
max-age=0, no-cache, s-maxage=10
Content-Length
26093
Keep-Alive
timeout=2, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=utf-8
v0.js
cdn.ampproject.org/
254 KB
69 KB
Script
General
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d71eb59d6db5898f01230a07f10d8432f669699fc42ca74d0f9e8cc7d47ecb19
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70199
x-xss-protection
0
server
sffe
date
Fri, 25 Sep 2020 07:10:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=3000, stale-while-revalidate=1206600
etag
"6157e43c8bca2e40"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Sep 2020 07:10:06 GMT
amp-bind-0.1.js
cdn.ampproject.org/v0/
47 KB
17 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-bind-0.1.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ead3bba194abc021706748b51d16e21649ac0e506fce6cc655eb8371af18272f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16145
x-xss-protection
0
server
sffe
date
Fri, 25 Sep 2020 07:10:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=604800
etag
"adb507bd72f0b6e3"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Sep 2020 07:10:06 GMT
amp-form-0.1.js
cdn.ampproject.org/v0/
47 KB
15 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-form-0.1.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a4a12b695d0607226b7117143dadea5a8b1d0f9670040010b9634f5cc0bdde26
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14595
x-xss-protection
0
server
sffe
date
Fri, 25 Sep 2020 07:10:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=604800
etag
"607039d979e505c9"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Sep 2020 07:10:06 GMT
amp-mustache-0.2.js
cdn.ampproject.org/v0/
34 KB
12 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-mustache-0.2.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef5a35b2751d38e4af050b8aec2781d13bc7537b132a825d00ca66a4ec724400
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12745
x-xss-protection
0
server
sffe
date
Fri, 25 Sep 2020 07:10:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=604800
etag
"f83639b519ab041c"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Sep 2020 07:10:06 GMT
amp-social-share-0.1.js
cdn.ampproject.org/v0/
16 KB
6 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-social-share-0.1.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
079ecd4d859bd870f6fb57e5b2891403b24cd4c7196e849a96e4149ac3a865f3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5777
x-xss-protection
0
server
sffe
date
Fri, 25 Sep 2020 07:10:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=604800
etag
"54f167f6a7bf034c"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Sep 2020 07:10:06 GMT
amp-twitter-0.1.js
cdn.ampproject.org/v0/
16 KB
6 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-twitter-0.1.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
308a10fe7fb39d827c993270c4d6102019721c631b9fa071f4fb01bf535334c6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
sffe
date
Fri, 25 Sep 2020 07:10:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, max-age=604800, stale-while-revalidate=604800
etag
"a626bbd3bd30b407"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Sep 2020 07:10:06 GMT
css
fonts.googleapis.com/
28 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
94df22701bd80fca42c776b7064a4505986161b616007963e1ba60adba6f84d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 25 Sep 2020 06:26:59 GMT
server
ESF
date
Fri, 25 Sep 2020 07:10:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 25 Sep 2020 07:10:06 GMT
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012009112034002/v0/
6 KB
3 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012009112034002/v0/amp-auto-lightbox-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9bcc9fe9bea2fdd72f6582c87a650f738836a9a1b2104ddea0872e5c55bab9f5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
207455
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2578
x-xss-protection
0
server
sffe
date
Tue, 22 Sep 2020 21:32:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6fd6bcf33fe00451"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Sep 2021 21:32:31 GMT
truncated
/
82 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c5668e00b22f57e0b0ca5cdf0ed6805560564ef783565030c72dc16d9683d4f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
80 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e1a79218a688b29a4c4d45293ca9fa5844ec8d9aeb4b30f46ec6df526c2f1ce

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:06:19 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
338627
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Tue, 21 Sep 2021 09:06:19 GMT
fa-solid-900.woff2
35.165.181.96/wp-content/plugins/sneeit-framework/fonts/font-awesome-5x/webfonts/
77 KB
78 KB
Font
General
Full URL
https://35.165.181.96/wp-content/plugins/sneeit-framework/fonts/font-awesome-5x/webfonts/fa-solid-900.woff2
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:06 GMT
Last-Modified
Sun, 08 Mar 2020 22:23:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"134fc-5a05f57725040"
Vary
Cookie
Content-Type
font/woff2
Cache-Control
s-maxage=10
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
Content-Length
79100
fa-brands-400.woff2
35.165.181.96/wp-content/plugins/sneeit-framework/fonts/font-awesome-5x/webfonts/
73 KB
73 KB
Font
General
Full URL
https://35.165.181.96/wp-content/plugins/sneeit-framework/fonts/font-awesome-5x/webfonts/fa-brands-400.woff2
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
eed474a49bdbf745c19e463f070e67977c1ab27835603eb749d9e5c249cf81f8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:06 GMT
Last-Modified
Sun, 08 Mar 2020 22:23:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"12230-5a05f57725040"
Vary
Cookie
Content-Type
font/woff2
Cache-Control
s-maxage=10
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=98
Content-Length
74288
fa-regular-400.woff2
35.165.181.96/wp-content/plugins/sneeit-framework/fonts/font-awesome-5x/webfonts/
15 KB
15 KB
Font
General
Full URL
https://35.165.181.96/wp-content/plugins/sneeit-framework/fonts/font-awesome-5x/webfonts/fa-regular-400.woff2
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
0ecdc6188a4b2ec48e2ebf84a2a6584e78473f1216d7119832b5dc109bec7492
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:06 GMT
Last-Modified
Sun, 08 Mar 2020 22:23:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"3a18-5a05f57725040"
Vary
Cookie
Content-Type
font/woff2
Cache-Control
s-maxage=10
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
14872
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:06:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
338631
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11020
x-xss-protection
0
expires
Tue, 21 Sep 2021 09:06:15 GMT
KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v20/
12 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:13:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:19:00 GMT
server
sffe
age
338222
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12680
x-xss-protection
0
expires
Tue, 21 Sep 2021 09:13:04 GMT
modern-netsec-clear.png
modernnetsec.io/wp-content/uploads/2020/03/
0
0
Image
General
Full URL
https://modernnetsec.io/wp-content/uploads/2020/03/modern-netsec-clear.png
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.47.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

truncated
/
78 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7c7ad84aaad57153d0f94a6a3f6c26ada0d9a74d6a2ed80dc15d3f583fbefc12

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
80 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b78dcb2b6217f71ba3f617a64e6b733516c2ea6624a101c01edd649eed142d5c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
76 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
749ac6027481aec01f7c3c909e3b4e5116cb65c70fdab5620ccd6eb325ac92e1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
81 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89d450c654aa4d25db7a7ccb7cf219c790f0ca215813cf09d28a8ea90d5f46df

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
80 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
953c3aede0729b7f4f29f77d90b39926c6fd2340d812bf9372f8967a44cd0948

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
80 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a65586a37bf35e13ec946963f48c365a60794311b36dc2f4fc399404aaec22f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
82 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aaa9ae204f43d7a9db426f39574a521db1e70f5f89871de467418a0025055ab7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
close.png
35.165.181.96/bitnami/images/
2 KB
2 KB
Image
General
Full URL
https://35.165.181.96/bitnami/images/close.png
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
a956724625713474238f82aac8e595f9159987cef6467f9e92f9635b97d5c928
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:07 GMT
Last-Modified
Tue, 27 Aug 2019 14:01:55 GMT
Server
Apache
ETag
"810-59119b70f5ac0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
2064
corner-logo.png
35.165.181.96/bitnami/images/
26 KB
26 KB
Image
General
Full URL
https://35.165.181.96/bitnami/images/corner-logo.png
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
5c2143fd002c6373b832ce377a57a23851209d78a11e21800173ccf1bb4ae986
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:07 GMT
Last-Modified
Tue, 27 Aug 2019 14:01:55 GMT
Server
Apache
ETag
"66f0-59119b70f5ac0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
Content-Length
26352
banner.js
35.165.181.96/bitnami/
1 KB
844 B
Script
General
Full URL
https://35.165.181.96/bitnami/banner.js
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
acae33d97199201df46b10580a853df8e6aab11262efe1cb7dda14115d925228
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:07 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 27 Aug 2019 14:01:55 GMT
Server
Apache
ETag
"467-59119b70f5ac0-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
481
frame.html
d-2394704410342131513.ampproject.net/2009112034002/
0
0
Other
General
Full URL
https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4009:806::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://35.165.181.96/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
*
f.js
3p.ampproject.net/2009112034002/
188 KB
50 KB
Other
General
Full URL
https://3p.ampproject.net/2009112034002/f.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4009:800::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
39514bc2b9aa455b98c65efb59724c194925733af8bf893bb73043b579a44268
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://35.165.181.96/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 18 Sep 2020 20:35:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
556481
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50921
x-xss-protection
0
last-modified
Fri, 18 Sep 2020 19:45:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 18 Sep 2021 20:35:25 GMT
widgets.js
platform.twitter.com/
95 KB
29 KB
Other
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer
https://35.165.181.96/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 25 Sep 2020 07:10:06 GMT
content-encoding
gzip
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
28881
x-served-by
cache-bwi5129-BWI, cache-hhn4046-HHN
last-modified
Tue, 01 Sep 2020 20:40:54 GMT
etag
"a58136137a93f33c1d165df7d4d973f8+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:06:17 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
338629
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11180
x-xss-protection
0
expires
Tue, 21 Sep 2021 09:06:17 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&ver=7.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 10:07:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
334982
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11056
x-xss-protection
0
expires
Tue, 21 Sep 2021 10:07:04 GMT
social-logos.woff
35.165.181.96/wp-content/plugins/jetpack/_inc/social-logos/
7 KB
7 KB
Font
General
Full URL
https://35.165.181.96/wp-content/plugins/jetpack/_inc/social-logos/social-logos.woff
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
70109189693467cf599a14cd212b4a1663b87d6859005236c380f9d1182cab8e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:06 GMT
Last-Modified
Thu, 17 Sep 2020 21:23:48 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"1b64-5af88fff2cd3e"
Vary
Cookie
Content-Type
font/woff
Cache-Control
s-maxage=10
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
7012
frame.html
d-2394704410342131513.ampproject.net/2009112034002/ Frame A66E
0
0
Document
General
Full URL
https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-twitter-0.1.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4009:806::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
d-2394704410342131513.ampproject.net
:scheme
https
:path
/2009112034002/frame.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
br
content-type
text/html
access-control-allow-origin
*
content-length
140
date
Fri, 25 Sep 2020 07:10:06 GMT
expires
Sat, 25 Sep 2021 07:10:06 GMT
last-modified
Fri, 18 Sep 2020 19:45:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
0
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
frame.html
d-2394704410342131513.ampproject.net/2009112034002/ Frame 4062
0
0
Document
General
Full URL
https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-twitter-0.1.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4009:806::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
d-2394704410342131513.ampproject.net
:scheme
https
:path
/2009112034002/frame.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
br
content-type
text/html
access-control-allow-origin
*
content-length
140
date
Fri, 25 Sep 2020 07:10:06 GMT
expires
Sat, 25 Sep 2021 07:10:06 GMT
last-modified
Fri, 18 Sep 2020 19:45:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
0
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
frame.html
d-2394704410342131513.ampproject.net/2009112034002/ Frame 1F37
0
0
Document
General
Full URL
https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-twitter-0.1.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4009:806::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
d-2394704410342131513.ampproject.net
:scheme
https
:path
/2009112034002/frame.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
br
content-type
text/html
access-control-allow-origin
*
content-length
140
date
Fri, 25 Sep 2020 07:10:06 GMT
expires
Sat, 25 Sep 2021 07:10:06 GMT
last-modified
Fri, 18 Sep 2020 19:45:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
0
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
amp-loader-0.1.js
cdn.ampproject.org/rtv/012009112034002/v0/
15 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012009112034002/v0/amp-loader-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8b2031ce80faf980eb1b337642c8385c0647f6bf8b99ec6d34720538eabe40e2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://35.165.181.96
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
207455
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3736
x-xss-protection
0
server
sffe
date
Tue, 22 Sep 2020 21:32:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5b14a8291675854d"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Sep 2021 21:32:31 GMT
ZeroLogon-flaw.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/09/
5 KB
6 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/09/ZeroLogon-flaw.png?resize=300%2C300&ssl=1
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
b1a7a2f75e59dbd290554cad3db9fbc0ce739ea18ea43182978fb082f0e7bd0e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT fra 3
date
Fri, 25 Sep 2020 07:10:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 20 Sep 2020 12:19:49 GMT
server
nginx
etag
"1cc755b565bbceb8"
vary
Accept
content-type
image/webp
status
200
cache-control
public, max-age=63115200
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/09/ZeroLogon-flaw.png>; rel="canonical"
content-length
5602
expires
Wed, 21 Sep 2022 00:19:49 GMT
steve-jobs-invert1-240x185.png
35.165.181.96/wp-content/uploads/2015/12/
49 KB
49 KB
Image
General
Full URL
https://35.165.181.96/wp-content/uploads/2015/12/steve-jobs-invert1-240x185.png
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
3212919e4dc2b8564d09370f8b7b918a106f0c3122e2fb3a902766545f9f453b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:07 GMT
Last-Modified
Sun, 08 Mar 2020 22:45:55 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"c423-5a05fa63e6ec0"
Vary
Cookie
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
50211
serve.php
www.securityweek.com/sites/all/modules/ad/
695 B
1 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1296
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Sep 2020 07:10:07 GMT
cf-cache-status
DYNAMIC
last-modified
Fri, 25 Sep 2020 07:10:07 GMT
server
cloudflare
x-powered-by
PHP/5.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/jpeg
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
5d82ec6c7efe2bd2-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0565b217cc00002bd2c23b9200000001
expires
Mon, 26 Jul 1997 05:00:00 GMT
improved-client-side-encryption-explicit-keyids-and-key-commitment.jpg
35.165.181.96/wp-content/uploads/2020/09/
42 KB
42 KB
Image
General
Full URL
https://35.165.181.96/wp-content/uploads/2020/09/improved-client-side-encryption-explicit-keyids-and-key-commitment.jpg
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
c3c4eff58975ed42f10601f73635ebc822b2c62f07d6f3b3d0c6fa31701575fe
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:07 GMT
Last-Modified
Fri, 25 Sep 2020 03:23:49 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"a6c4-5b01ad85c4589"
Vary
Cookie
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=97
Content-Length
42692
Trainyard-blog.png
blog.paloaltonetworks.com/wp-content/uploads/2020/08/
239 KB
239 KB
Image
General
Full URL
https://blog.paloaltonetworks.com/wp-content/uploads/2020/08/Trainyard-blog.png
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.194.35 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-43-194-35.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ebac912e8293f1e80c55c37b96b85203fedc267a3013832b185d42dc36251fdd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:06 GMT
Last-Modified
Thu, 20 Aug 2020 18:07:29 GMT
Server
Apache
ETag
"3bb71-5ad52fe56f111"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public, max-age=61164
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
244593
X-XSS-Protection
1; mode=block
Expires
Sat, 26 Sep 2020 00:09:30 GMT
Taurus_traffic_.png
blog.malwarebytes.com/wp-content/uploads/2020/09/
44 KB
44 KB
Image
General
Full URL
https://blog.malwarebytes.com/wp-content/uploads/2020/09/Taurus_traffic_.png
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.198.3 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
3.198.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
e11fd8c5e42893f2f4cd790e7c9f1ee8191648ef5123f6eec3a2c715129d6b27

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 25 Sep 2020 07:10:07 GMT
last-modified
Thu, 24 Sep 2020 22:00:15 GMT
server
nginx
status
200
etag
"5f6d16ef-b00e"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
45070
intel-arm-ibm-amd-processors-vulnerable-to-new-side-channel-attacks.jpg
35.165.181.96/wp-content/uploads/2020/08/
2 KB
3 KB
Image
General
Full URL
https://35.165.181.96/wp-content/uploads/2020/08/intel-arm-ibm-amd-processors-vulnerable-to-new-side-channel-attacks.jpg
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
6bb918dc63440e713cb8c943a247016a55256cede2b6d590cfc91ff27eb95488
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:07 GMT
Last-Modified
Fri, 07 Aug 2020 15:14:24 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"939-5ac4b0f68dc23"
Vary
Cookie
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=99
Content-Length
2361
ww.js
cdn.ampproject.org/rtv/012009112034002/
47 KB
14 KB
Fetch
General
Full URL
https://cdn.ampproject.org/rtv/012009112034002/ww.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0aff360399d86e556f00e63eeba86aac2faea9329a50b93f04ac8d0b3e5f042d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
text/plain
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
553365
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13957
x-xss-protection
0
server
sffe
date
Fri, 18 Sep 2020 21:27:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5ff023eaf9da719e"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 Sep 2021 21:27:22 GMT
g.gif
pixel.wp.com/
50 B
123 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A8.9.1&blog=173920392&post=22827&tz=0&srv=35.165.181.96&host=35.165.181.96&rand=0.15375882754870185&ref=
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 25 Sep 2020 07:10:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
c9aac7ce-36f2-4bf0-acd9-d2c9c47c91af
https://35.165.181.96/
47 KB
0
Other
General
Full URL
blob:https://35.165.181.96/c9aac7ce-36f2-4bf0-acd9-d2c9c47c91af
Requested by
Host: 35.165.181.96
URL: https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb1f107dd7e32a3661e728ec39fd816303291275f783432cf0b3e859c772b649

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
47951
Content-Type
text/javascript
frame.html
d-2394704410342131513.ampproject.net/2009112034002/ Frame 14FB
0
0
Document
General
Full URL
https://d-2394704410342131513.ampproject.net/2009112034002/frame.html
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-twitter-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4009:806::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
d-2394704410342131513.ampproject.net
:scheme
https
:path
/2009112034002/frame.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
br
content-type
text/html
access-control-allow-origin
*
content-length
140
date
Fri, 25 Sep 2020 07:10:06 GMT
expires
Sat, 25 Sep 2021 07:10:06 GMT
last-modified
Fri, 18 Sep 2020 19:45:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
6
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1516f6fb730986df124b8c24341dffd1
secure.gravatar.com/avatar/
1 KB
1 KB
Image
General
Full URL
https://secure.gravatar.com/avatar/1516f6fb730986df124b8c24341dffd1?s=50&d=mm&r=g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ec626d1355ef5d84689c88b2ec9e383fa16b0be9c068fe5fc913be061542edbc

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT fra 1
date
Fri, 25 Sep 2020 07:10:12 GMT
last-modified
Mon, 02 Jun 2014 22:33:29 GMT
server
nginx
status
200
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="1516f6fb730986df124b8c24341dffd1.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/1516f6fb730986df124b8c24341dffd1?s=50&d=mm&r=g>; rel="canonical"
content-length
1128
expires
Fri, 25 Sep 2020 07:15:12 GMT
new-zoom-hack-lets-hackers-compromise-windows-and-its-login-password.jpg
35.165.181.96/wp-content/uploads/2020/04/
3 KB
3 KB
Image
General
Full URL
https://35.165.181.96/wp-content/uploads/2020/04/new-zoom-hack-lets-hackers-compromise-windows-and-its-login-password.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.165.181.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-181-96.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
90cb5fd0b699b6f297518b52359714af6079cf6010ddc07b6271b861880f44bc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 25 Sep 2020 07:10:13 GMT
Last-Modified
Thu, 02 Apr 2020 16:14:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"b0e-5a25119c5d700"
Vary
Cookie
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
2830

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| AMP object| global object| AMP_CONFIG object| __AMP_LOG object| __AMP_ERRORS object| __AMP_MODE function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP__EXPERIMENT_TOGGLES object| __AMP_URL_CACHE boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS string| __AMP_DEFAULT_BOOTSTRAP_SUBDOMAIN object| listeningFors function| FormProxy

0 Cookies

2 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/v0.js(Line 526)
Message:
Powered by AMP ⚡ HTML – Version 2009112034002 https://35.165.181.96/hackers-are-using-zerologon-exploits-in-attacks-in-the-wild/
console-api error URL: https://cdn.ampproject.org/v0.js(Line 110)
Message:
Failed to load: https://modernnetsec.io/wp-content/uploads/2020/03/modern-netsec-clear.png​​​

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3p.ampproject.net
blog.malwarebytes.com
blog.paloaltonetworks.com
cdn.ampproject.org
d-2394704410342131513.ampproject.net
fonts.googleapis.com
fonts.gstatic.com
i0.wp.com
modernnetsec.io
pixel.wp.com
platform.twitter.com
secure.gravatar.com
www.securityweek.com
104.18.47.188
130.211.198.3
151.101.112.157
192.0.76.3
192.0.77.2
23.43.194.35
2606:4700:20::6818:a003
2a00:1450:4001:800::2003
2a00:1450:4001:818::2001
2a00:1450:4001:818::200a
2a00:1450:4009:800::2003
2a00:1450:4009:806::2003
2a04:fa87:fffe::c000:4902
35.165.181.96
056d6addb7d0accea520be5c121f85b698b42f995a05f09db34aa6f6a7487376
079ecd4d859bd870f6fb57e5b2891403b24cd4c7196e849a96e4149ac3a865f3
0aff360399d86e556f00e63eeba86aac2faea9329a50b93f04ac8d0b3e5f042d
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0ecdc6188a4b2ec48e2ebf84a2a6584e78473f1216d7119832b5dc109bec7492
1c5668e00b22f57e0b0ca5cdf0ed6805560564ef783565030c72dc16d9683d4f
308a10fe7fb39d827c993270c4d6102019721c631b9fa071f4fb01bf535334c6
3212919e4dc2b8564d09370f8b7b918a106f0c3122e2fb3a902766545f9f453b
39514bc2b9aa455b98c65efb59724c194925733af8bf893bb73043b579a44268
3be0a916496d7936bb83ce60a4de9f10ef400f16c38e7dd7c65449c795e7739b
4e1a79218a688b29a4c4d45293ca9fa5844ec8d9aeb4b30f46ec6df526c2f1ce
5c2143fd002c6373b832ce377a57a23851209d78a11e21800173ccf1bb4ae986
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6bb918dc63440e713cb8c943a247016a55256cede2b6d590cfc91ff27eb95488
70109189693467cf599a14cd212b4a1663b87d6859005236c380f9d1182cab8e
749ac6027481aec01f7c3c909e3b4e5116cb65c70fdab5620ccd6eb325ac92e1
7a65586a37bf35e13ec946963f48c365a60794311b36dc2f4fc399404aaec22f
7c7ad84aaad57153d0f94a6a3f6c26ada0d9a74d6a2ed80dc15d3f583fbefc12
89d450c654aa4d25db7a7ccb7cf219c790f0ca215813cf09d28a8ea90d5f46df
8b2031ce80faf980eb1b337642c8385c0647f6bf8b99ec6d34720538eabe40e2
90cb5fd0b699b6f297518b52359714af6079cf6010ddc07b6271b861880f44bc
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
94df22701bd80fca42c776b7064a4505986161b616007963e1ba60adba6f84d5
953c3aede0729b7f4f29f77d90b39926c6fd2340d812bf9372f8967a44cd0948
9bcc9fe9bea2fdd72f6582c87a650f738836a9a1b2104ddea0872e5c55bab9f5
a4a12b695d0607226b7117143dadea5a8b1d0f9670040010b9634f5cc0bdde26
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a956724625713474238f82aac8e595f9159987cef6467f9e92f9635b97d5c928
aaa9ae204f43d7a9db426f39574a521db1e70f5f89871de467418a0025055ab7
acae33d97199201df46b10580a853df8e6aab11262efe1cb7dda14115d925228
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc
b1a7a2f75e59dbd290554cad3db9fbc0ce739ea18ea43182978fb082f0e7bd0e
b78dcb2b6217f71ba3f617a64e6b733516c2ea6624a101c01edd649eed142d5c
c3c4eff58975ed42f10601f73635ebc822b2c62f07d6f3b3d0c6fa31701575fe
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d71eb59d6db5898f01230a07f10d8432f669699fc42ca74d0f9e8cc7d47ecb19
e11fd8c5e42893f2f4cd790e7c9f1ee8191648ef5123f6eec3a2c715129d6b27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ead3bba194abc021706748b51d16e21649ac0e506fce6cc655eb8371af18272f
eb1f107dd7e32a3661e728ec39fd816303291275f783432cf0b3e859c772b649
ebac912e8293f1e80c55c37b96b85203fedc267a3013832b185d42dc36251fdd
ec626d1355ef5d84689c88b2ec9e383fa16b0be9c068fe5fc913be061542edbc
eed474a49bdbf745c19e463f070e67977c1ab27835603eb749d9e5c249cf81f8
ef5a35b2751d38e4af050b8aec2781d13bc7537b132a825d00ca66a4ec724400
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903