urlscan.io logo urlscan.io
SecurityTrails logo

touhidshaikh.com Open in urlscan Pro
104.18.45.166  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://touhidshaikh.com/blog/?cat=20
Effective URL: https://touhidshaikh.com/blog/category/post-exploit/
Submission: On April 28 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 16 domains to perform 47 HTTP transactions. The main IP is 104.18.45.166, located in United States and belongs to CLOUDFLARENET, US. The main domain is touhidshaikh.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 7th 2019. Valid for: a year.
This is the only time touhidshaikh.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

19    104.18.45.166 (United States)

ASN13335 (CLOUDFLARENET, US)
touhidshaikh.com
5    2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
www.googletagservices.com
2    2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    72.246.168.118 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-168-118.deploy.static.akamaitechnologies.com
www.paypal.com
2    151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
www.paypalobjects.com
5    2606:4700:10::6814:3744 (United States)

ASN13335 (CLOUDFLARENET, US)
www.hackthebox.eu
1    2606:4700:10::6814:9610 (United States)

ASN13335 (CLOUDFLARENET, US)
i.creativecommons.org
1    2606:4700:20::681a:5d6 (United States)

ASN13335 (CLOUDFLARENET, US)
licensebuttons.net
1    2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:81f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
4    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
1    2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
3    2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a00:1450:4001:815::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
Domain Requested by
19 touhidshaikh.com 1 redirects touhidshaikh.com
pagead2.googlesyndication.com
5 www.hackthebox.eu touhidshaikh.com
pagead2.googlesyndication.com
4 pagead2.googlesyndication.com touhidshaikh.com
pagead2.googlesyndication.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
3 fonts.gstatic.com pagead2.googlesyndication.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 connect.facebook.net touhidshaikh.com
connect.facebook.net
2 www.paypalobjects.com touhidshaikh.com
2 www.paypal.com 2 redirects
2 www.google-analytics.com 1 redirects touhidshaikh.com
1 www.googletagservices.com pagead2.googlesyndication.com
1 secure.gravatar.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 www.google.de touhidshaikh.com
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 licensebuttons.net touhidshaikh.com
1 i.creativecommons.org 1 redirects
1 fonts.googleapis.com touhidshaikh.com
47 20
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-10-07 -
2020-10-06		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
www.paypalobjects.com
DigiCert SHA2 Extended Validation Server CA		 2019-12-09 -
2021-12-13		 2 years crt.sh
hackthebox.eu
CloudFlare Inc ECC CA-2		 2020-03-17 -
2020-10-09		 7 months crt.sh
www.google.de
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.gravatar.com
COMODO RSA Domain Validation Secure Server CA		 2018-09-06 -
2020-09-05		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-04-15 -
2020-07-14		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://touhidshaikh.com/blog/category/post-exploit/
Frame ID: 8799A1D36972C87F13CFC2317328E7E4
Requests: 43 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200423/r20190131/zrt_lookup.html
Frame ID: 65C6C99D61DC990FB845437751C888C7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1066095879582960&output=html&adk=2909133762&adf=3878871716&lmt=1588061894&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1588061894531&bpp=60&bdt=65&idt=141&shv=r20200423&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7850786219755&frm=20&pv=2&ga_vid=1722527907.1588061895&ga_sid=1588061895&ga_hid=526047441&ga_fc=1&iag=0&icsg=143276&dssz=20&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065473%2C21065475&oid=3&pvsid=3645953037750951&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=156
Frame ID: B38C3664770164CC74D11B764F1416E4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1066095879582960&output=html&h=600&slotname=4182335781&adk=291855507&adf=2150353423&w=257&fwrn=4&fwrnh=100&lmt=1588061894&rafmt=1&psa=0&guci=1.2.0.0.2.2.0.0&format=257x600&url=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&adsid=NT&dt=1588061894856&bpp=14&bdt=390&idt=15&shv=r20200423&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7850786219755&frm=20&pv=1&ga_vid=1722527907.1588061895&ga_sid=1588061895&ga_hid=526047441&ga_fc=0&iag=0&icsg=2670258&dssz=23&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=120&ady=860&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065473%2C21065475&oid=3&pvsid=3645953037750951&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=1&uci=a!1&fsb=1&xpc=po0ADKt23F&p=https%3A//touhidshaikh.com&dtd=22
Frame ID: 0C6ACBAA2805F30AD9D623AAB2B4BF07
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: CD0D989645A1FF110D5BD408FB6649FF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://touhidshaikh.com/blog/?cat=20 HTTP 301
    https://touhidshaikh.com/blog/category/post-exploit/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • meta generator /^WordPress ?([\d.]+)?/i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • meta generator /^WordPress ?([\d.]+)?/i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • meta generator /^WordPress ?([\d.]+)?/i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

47
Requests

100 %
HTTPS

83 %
IPv6

16
Domains

20
Subdomains

14
IPs

5
Countries

665 kB
Transfer

1589 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://touhidshaikh.com/blog/?cat=20 HTTP 301
    https://touhidshaikh.com/blog/category/post-exploit/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
Request Chain 12
  • https://www.paypal.com/EN_US/i/scr/pixel.gif HTTP 301
  • https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Request Chain 15
  • https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png HTTP 301
  • https://licensebuttons.net/l/by-nc-sa/4.0/88x31.png
Request Chain 16
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=526047441&t=pageview&_s=1&dl=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&ul=en-us&de=UTF-8&dt=Post%20Exploit%20Archives%20-%20Touhid%20M.Shaikh&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1793190100&gjid=888943234&cid=1722527907.1588061895&tid=UA-91398370-1&_gid=294796857.1588061895&_r=1&z=1810104476 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_gid=294796857.1588061895&gjid=888943234&_v=j81&z=1810104476 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_v=j81&z=1810104476 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_v=j81&z=1810104476&slf_rd=1&random=4043072518

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
touhidshaikh.com/blog/category/post-exploit/
Redirect Chain
  • https://touhidshaikh.com/blog/?cat=20
  • https://touhidshaikh.com/blog/category/post-exploit/
30 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.4
Resource Hash
93aa34dd45d77145517a18b5abca0a61faedc21392987feba88a89d4a9fd210f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
touhidshaikh.com
:scheme
https
:path
/blog/category/post-exploit/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d1990a5a98cb235e574953901da2905601588061893
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 28 Apr 2020 08:18:14 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.4
link
<https://touhidshaikh.com/blog/wp-json/>; rel="https://api.w.org/"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
server
cloudflare
cf-ray
58af59f669d7a87f-CDG
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0261768dfd0000a87fe51e6200000001

Redirect headers

status
301
date
Tue, 28 Apr 2020 08:18:14 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d1990a5a98cb235e574953901da2905601588061893; expires=Thu, 28-May-20 08:18:13 GMT; path=/; domain=.touhidshaikh.com; HttpOnly; SameSite=Lax; Secure
x-powered-by
PHP/7.4.4
x-redirect-by
WordPress
location
https://touhidshaikh.com/blog/category/post-exploit/
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
server
cloudflare
cf-ray
58af59f44f8fa87f-CDG
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0261768ca80000a87fe51d9200000001
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		107 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8a0dfec04b88071fd6eb1370d10e478e4f384b2d04b482cb163a51462143b2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
39007
x-xss-protection
0
server
cafe
etag
16150935724389659580
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 28 Apr 2020 08:18:14 GMT
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
4914
date
Tue, 28 Apr 2020 06:56:20 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18174
expires
Tue, 28 Apr 2020 08:56:20 GMT
style.min.css
touhidshaikh.com/blog/wp-includes/css/dist/block-library/ 		52 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-includes/css/dist/block-library/style.min.css?ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d02934f0a5b722dbd076dda86e34373e037158a672a8a10409bcbdb5a9040b42
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
435013
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 01 Apr 2020 12:32:55 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"d0f1-5e8489f7-b49416ed8fca7bc6;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f560000a87fe51f5200000001
cf-ray
58af59f88bb9a87f-CDG
expires
Thu, 30 Apr 2020 07:28:01 GMT
css
fonts.googleapis.com/ 		3 KB
671 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Rokkitt%3A400%2C700%7CLato%3A400%2C700&subset=latin%2Clatin-ext&ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0fd651d3399099cdffe85328907bf862c9fe36e61bad58f5b70b73d2253ff0a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 28 Apr 2020 08:18:14 GMT
server
ESF
date
Tue, 28 Apr 2020 08:18:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Apr 2020 08:18:14 GMT
all.min.css
touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/css/ 		56 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/css/all.min.css?ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8de3f57f49b005896d4c3c10979df9cff5048ddfe29ebbe36507ed1ebff60a4
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
83344
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sat, 07 Dec 2019 07:57:32 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"de0a-5deb5b6c-61d9d4257a959070;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f560000a87fe51f6200000001
cf-ray
58af59f88bbaa87f-CDG
expires
Mon, 04 May 2020 09:09:10 GMT
style.css
touhidshaikh.com/blog/wp-content/themes/author/ 		33 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/themes/author/style.css?ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1295e3ab01c2d237ee1c106096d2ac5d775208bd8322b2971966d90cb8f4ab4f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
435013
cf-polished
origSize=43447
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
expires
Thu, 30 Apr 2020 07:28:01 GMT
last-modified
Sat, 07 Dec 2019 07:57:32 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"a9b7-5deb5b6c-1bebb625e61c50a5;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f560000a87fe51f7200000001
cf-ray
58af59f88bbba87f-CDG
cf-bgj
minify
front.css
touhidshaikh.com/blog/wp-content/plugins/super-socializer/css/ 		52 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/css/front.css?ver=7.12.41
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a36df5a1a0340433e69e611d0f6d10201e301a1ec593a146ee1fc02f01bf919
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
62165
cf-polished
origSize=53443
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
expires
Mon, 04 May 2020 15:02:08 GMT
last-modified
Sun, 12 Apr 2020 20:30:37 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"d0c3-5e937a6d-f5667bc41ae470fd;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f560000a87fe51f8200000001
cf-ray
58af59f88bbea87f-CDG
cf-bgj
minify
share-svg.css
touhidshaikh.com/blog/wp-content/plugins/super-socializer/css/ 		106 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/css/share-svg.css?ver=7.12.41
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22be083fec183874f525226d57b576f39dbe146dc18a130b7ac7d49ec708e424
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
57532
status
200
cf-bgj
minify
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 12 Apr 2020 20:30:37 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"190ea-5e937a6d-596614c8eb017f25;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f570000a87fe51f9200000001
cf-ray
58af59f88bc0a87f-CDG
expires
Mon, 04 May 2020 16:19:22 GMT
jquery.js
touhidshaikh.com/blog/wp-includes/js/jquery/ 		95 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
385882
cf-polished
origSize=96873
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
expires
Thu, 30 Apr 2020 21:06:52 GMT
last-modified
Wed, 22 May 2019 07:00:30 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"17a69-5ce4f38e-46f1593162c501f;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f570000a87fe51fa200000001
cf-ray
58af59f88bc3a87f-CDG
cf-bgj
minify
jquery-migrate.min.js
touhidshaikh.com/blog/wp-includes/js/jquery/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
385882
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 17 Sep 2018 23:34:16 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"2748-5ba039f8-67e70e1f0b834c6f;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768f570000a87fe51fb200000001
cf-ray
58af59f88bc5a87f-CDG
expires
Thu, 30 Apr 2020 21:06:52 GMT
wp-emoji-release.min.js
touhidshaikh.com/blog/wp-includes/js/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-includes/js/wp-emoji-release.min.js?ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
83344
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 01 Apr 2020 12:33:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"364d-5e848a01-fdc6b7f3dd7a40ea;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe5205200000001
cf-ray
58af59f92c49a87f-CDG
expires
Mon, 04 May 2020 09:09:10 GMT
btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/
Redirect Chain
  • https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif
  • https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
fbaa02863040d15c4410d572c4d213c2b8c75425279c5a01672c6ff86fd9d6c3
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
3329079
x-cache
HIT, HIT
status
200
surrorage-key
/en_US/i/btn/btn_donateCC_LG.gif /en_US/i/btn/btn_donateCC_LG.gif /en_US/i/btn/btn_donateCC_LG.gif /en_US/i/btn/btn_donateCC_LG.gif /en_US/i/btn/btn_donateCC_LG.gif /en_US/i/btn/btn_donateCC_LG.gif /en_US/i/btn /en_US/i /en_US
content-length
2993
x-served-by
cache-sjc10040-SJC, cache-hhn4083-HHN
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
Apache
x-timer
S1588061895.857833,VS0,VE0
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
3, 183823

Redirect headers

date
Tue, 28 Apr 2020 08:18:14 GMT
status
301
strict-transport-security
max-age=63072000
location
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
65a545e76e1c6
dc
phx-origin-www-2.paypal.com
content-length
0
pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain
  • https://www.paypal.com/EN_US/i/scr/pixel.gif
  • https://www.paypalobjects.com/en_US/i/scr/pixel.gif
43 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
3329079
x-cache
HIT, HIT
status
200
surrorage-key
/en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr/pixel.gif /en_US/i/scr /en_US/i /en_US
content-length
43
x-served-by
cache-lax8638-LAX, cache-hhn4083-HHN
last-modified
Fri, 16 Aug 2019 04:57:34 GMT
server
Apache
x-timer
S1588061895.857815,VS0,VE0
strict-transport-security
max-age=31557600
content-type
image/gif
cache-control
max-age=3600
accept-ranges
bytes
x-cache-hits
1, 441345

Redirect headers

date
Tue, 28 Apr 2020 08:18:14 GMT
status
301
strict-transport-security
max-age=63072000
location
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id
b2a3312307e70
dc
slc-b-origin-www-1.paypal.com
content-length
0
email-decode.min.js
touhidshaikh.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
883 B 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
cf-request-id
0261768fa90000a87fe51fe200000001
last-modified
Tue, 21 Apr 2020 17:12:03 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5e9f2963-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
58af59f90c31a87f-CDG
expires
Thu, 30 Apr 2020 08:18:14 GMT
10931
www.hackthebox.eu/badge/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hackthebox.eu/badge/10931
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c913e77ada5c0342c7ed5fbe894707d0048c96bfc48798ef19f79bbc7008229d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
status
200
x-xss-protection
1; mode=block
cache-control
no-cache, private
strict-transport-security
max-age=0; includeSubDomains
cf-ray
58af59f938d89796-FRA
vary
Accept-Encoding
cf-request-id
0261768fc7000097965fbc6200000001
88x31.png
licensebuttons.net/l/by-nc-sa/4.0/
Redirect Chain
  • https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png
  • https://licensebuttons.net/l/by-nc-sa/4.0/88x31.png
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://licensebuttons.net/l/by-nc-sa/4.0/88x31.png
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:5d6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6e7e37f4fb2e36db706d30162e8fe537c0d809943f29a0674584b6e2d1a94c6

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
cf-cache-status
HIT
age
367
cf-polished
origSize=5460
status
200
content-length
1888
cf-request-id
026176906f000097a889103200000001
last-modified
Sat, 25 Jan 2014 10:15:49 GMT
server
cloudflare
etag
"1554-4f0c8c2319f40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
58af59fa4de497a8-FRA
cf-bgj
imgq:100

Redirect headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
43
status
301
vary
Accept-Encoding
cf-request-id
0261768ffd0000bf0a9e02b200000001
server
cloudflare
x-frame-options
deny
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000
content-type
text/html
location
https://licensebuttons.net/l/by-nc-sa/4.0/88x31.png
x-xss-protection
1; mode=block
cache-control
max-age=432000
cf-ray
58af59f99b16bf0a-FRA
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=526047441&t=pageview&_s=1&dl=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&ul=en-us&de=UTF-8&dt=Post%20Exploit%20Archive...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_gid=294796857.1588061895&gjid=888943234&_v=j81&z=1810104476
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_v=j81&z=1810104476
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_v=j81&z=1810104476&slf_rd=1&random=4043072518
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_v=j81&z=1810104476&slf_rd=1&random=4043072518
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-91398370-1&cid=1722527907.1588061895&jid=1793190100&_v=j81&z=1810104476&slf_rd=1&random=4043072518
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
production.min.js
touhidshaikh.com/blog/wp-content/themes/author/js/build/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/themes/author/js/build/production.min.js?ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2a876d21f7072cac8c0c8ac76a51ebe94045118973516125c6ff7cf63d1f27d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
83344
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sat, 07 Dec 2019 07:57:32 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"1af4-5deb5b6c-2058551f1c3bcef6;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe51ff200000001
cf-ray
58af59f92c41a87f-CDG
expires
Mon, 04 May 2020 09:09:10 GMT
general.js
touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/social_login/ 		1 KB
758 B 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/social_login/general.js?ver=7.12.41
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdbc00de393216f6118f704088accc9ebddd220480741d5ed088c01f46f84088
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
57532
status
200
cf-bgj
minify
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 12 Apr 2020 20:30:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"599-5e937a72-e3ad8389c7fe961b;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe5200200000001
cf-ray
58af59f92c42a87f-CDG
expires
Mon, 04 May 2020 16:19:22 GMT
sdk.js
touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/facebook/ 		2 KB
762 B 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/facebook/sdk.js?ver=7.12.41
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
369b04a6dee7782623409c2a533c059b632cf6c045ee10c6b6247723c8a713d1
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
57532
status
200
cf-bgj
minify
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 12 Apr 2020 20:30:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"7a5-5e937a72-3c33d5f79bbf59b;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe5201200000001
cf-ray
58af59f92c44a87f-CDG
expires
Mon, 04 May 2020 16:19:22 GMT
commenting.js
touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/facebook/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/facebook/commenting.js?ver=7.12.41
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
420d5c7ee5a3e7582b7ed91343962411712a183d42a69395c4bc1fe378699f07
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
57532
status
200
cf-bgj
minify
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 12 Apr 2020 20:30:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"153d-5e937a72-6d6c5dcdcff6b767;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe5202200000001
cf-ray
58af59f92c45a87f-CDG
expires
Mon, 04 May 2020 16:19:22 GMT
sharing.js
touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/sharing/ 		39 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/sharing/sharing.js?ver=7.12.41
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee22f3f3f7bbee39d23219d794b63754cd8b4d0df75efefd98fe050217f0747
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
83344
cf-polished
origSize=45311
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
expires
Mon, 04 May 2020 09:09:10 GMT
last-modified
Sun, 12 Apr 2020 20:30:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"b0ff-5e937a72-160c221632df1650;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe5203200000001
cf-ray
58af59f92c46a87f-CDG
cf-bgj
minify
wp-embed.min.js
touhidshaikh.com/blog/wp-includes/js/ 		1 KB
840 B 		Script
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-includes/js/wp-embed.min.js?ver=5.4
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
435012
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 01 Apr 2020 12:33:05 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"59a-5e848a01-5fd09b3b2fdb8c8e;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fbd0000a87fe5204200000001
cf-ray
58af59f92c48a87f-CDG
expires
Thu, 30 Apr 2020 07:28:02 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
323 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=touhidshaikh.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
323 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=touhidshaikh.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/ 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
10c5d5f3604e41a3bfd96d93a912ef289f144b46626e78739d1fa0056e9bc7e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
83646
x-xss-protection
0
server
cafe
etag
12079654059530296339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 28 Apr 2020 08:18:14 GMT
62f9f866b9733371b38b5c9959574458
secure.gravatar.com/avatar/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/62f9f866b9733371b38b5c9959574458?s=96&d=mm&r=g
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d20304a212ca8e58218a91b0b1883ee9de0903287570b599b5183db0cfbc70f9

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc
MISS lb9.dfw.gravatar.com, BYPASS ams 4
date
Tue, 28 Apr 2020 08:18:14 GMT
last-modified
Wed, 10 Jul 2019 16:48:09 GMT
server
nginx
status
200
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="62f9f866b9733371b38b5c9959574458.jpeg"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/62f9f866b9733371b38b5c9959574458?s=96&d=mm&r=g>; rel="canonical"
content-length
3440
expires
Tue, 28 Apr 2020 08:23:14 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Rokkitt%3A400%2C700%7CLato%3A400%2C700&subset=latin%2Clatin-ext&ver=5.4
Origin
https://touhidshaikh.com

Response headers

date
Thu, 23 Apr 2020 17:39:17 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
398337
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14044
x-xss-protection
0
expires
Fri, 23 Apr 2021 17:39:17 GMT
qFdE35qfgYFjGy5hkEaCdvTIyh8.woff2
fonts.gstatic.com/s/rokkitt/v18/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rokkitt/v18/qFdE35qfgYFjGy5hkEaCdvTIyh8.woff2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e0b38121479d09e0ad91699be2353dc39fc96fc9fea893a9db45c614b26ceed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Rokkitt%3A400%2C700%7CLato%3A400%2C700&subset=latin%2Clatin-ext&ver=5.4
Origin
https://touhidshaikh.com

Response headers

date
Tue, 14 Apr 2020 10:46:06 GMT
x-content-type-options
nosniff
last-modified
Tue, 04 Feb 2020 23:30:32 GMT
server
sffe
age
1200728
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
25884
x-xss-protection
0
expires
Wed, 14 Apr 2021 10:46:06 GMT
fa-brands-400.woff2
touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/webfonts/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3caf12591d194712facd10bca14f0a924edb59c24447a3fd994a48286db8843
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/css/all.min.css?ver=5.4
Origin
https://touhidshaikh.com

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
341676
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
75336
x-xss-protection
1; mode=block
last-modified
Sat, 07 Dec 2019 07:57:32 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"12648-5deb5b6c-3e2be8534b0a493;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fc20000a87fe5206200000001
accept-ranges
bytes
cf-ray
58af59f93c4ea87f-CDG
expires
Fri, 01 May 2020 09:23:37 GMT
fa-solid-900.woff2
touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/webfonts/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.45.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/wp-content/themes/author/assets/font-awesome/css/all.min.css?ver=5.4
Origin
https://touhidshaikh.com

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
341676
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
75728
x-xss-protection
1; mode=block
last-modified
Sat, 07 Dec 2019 07:57:32 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"127d0-5deb5b6c-9265a34a3778ce21;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-request-id
0261768fc20000a87fe5207200000001
accept-ranges
bytes
cf-ray
58af59f93c4fa87f-CDG
expires
Fri, 01 May 2020 09:23:37 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200423/r20190131/ Frame 65C6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200423/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200423/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://touhidshaikh.com/blog/category/post-exploit/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/category/post-exploit/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Fri, 24 Apr 2020 08:37:31 GMT
expires
Fri, 08 May 2020 08:37:31 GMT
content-type
text/html; charset=UTF-8
etag
4094386822458569044
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4444
x-xss-protection
0
cache-control
public, max-age=1209600
age
344443
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
ads
googleads.g.doubleclick.net/pagead/ Frame B38C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1066095879582960&output=html&adk=2909133762&adf=3878871716&lmt=1588061894&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1588061894531&bpp=60&bdt=65&idt=141&shv=r20200423&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7850786219755&frm=20&pv=2&ga_vid=1722527907.1588061895&ga_sid=1588061895&ga_hid=526047441&ga_fc=1&iag=0&icsg=143276&dssz=20&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065473%2C21065475&oid=3&pvsid=3645953037750951&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=156
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1066095879582960&output=html&adk=2909133762&adf=3878871716&lmt=1588061894&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1588061894531&bpp=60&bdt=65&idt=141&shv=r20200423&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7850786219755&frm=20&pv=2&ga_vid=1722527907.1588061895&ga_sid=1588061895&ga_hid=526047441&ga_fc=1&iag=0&icsg=143276&dssz=20&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065473%2C21065475&oid=3&pvsid=3645953037750951&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=156
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://touhidshaikh.com/blog/category/post-exploit/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/category/post-exploit/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 28 Apr 2020 08:18:15 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Tue, 28-Apr-2020 08:33:15 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Tue, 28 Apr 2020 08:18:15 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
51c56935854bed13b06e04dd8a756cb635edca2f98d1f55b3608ecc200162426
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587986955147099"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28343
x-xss-protection
0
expires
Tue, 28 Apr 2020 08:18:14 GMT
62f9f866b9733371b38b5c9959574458_thumb.png
www.hackthebox.eu/storage/avatars/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hackthebox.eu/storage/avatars/62f9f866b9733371b38b5c9959574458_thumb.png
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4275b40c7fad7d729ef4aa788639da2bc9ad7ce69f4bf0caa930edd83e04749
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
cf-polished
origFmt=png, origSize=2724
status
200
content-disposition
inline; filename="62f9f866b9733371b38b5c9959574458_thumb.webp"
vary
Accept
content-length
1350
x-xss-protection
1; mode=block
last-modified
Mon, 26 Mar 2018 03:53:43 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5ab86ec7-aa4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
image/webp
cache-control
max-age=7200
cf-request-id
02617690ca000097965fbda200000001
accept-ranges
bytes
cf-ray
58af59fada5f9796-FRA
cf-bgj
imgq:100,h2pri
screenshot.png
www.hackthebox.eu/images/ 		224 B
381 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hackthebox.eu/images/screenshot.png
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
485a3f581f6306bbd4effcfe101c7108df5f7bd5326ad4fdc60f99d7d223ae51
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
5273
cf-polished
origFmt=png, origSize=560
status
200
content-disposition
inline; filename="screenshot.webp"
vary
Accept
content-length
224
x-xss-protection
1; mode=block
last-modified
Mon, 27 Apr 2020 11:58:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5ea6c8f4-230"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
image/webp
cache-control
max-age=7200
cf-request-id
02617690ca000097965fbdb200000001
accept-ranges
bytes
cf-ray
58af59fada629796-FRA
cf-bgj
imgq:100,h2pri
star.png
www.hackthebox.eu/images/ 		228 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hackthebox.eu/images/star.png
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/category/post-exploit/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45733fb67f0701d8ff08a1f22af1f2e763b5c1535b3b494af3b5faa836bce40a
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
7099
cf-polished
origFmt=png, origSize=577
status
200
content-disposition
inline; filename="star.webp"
vary
Accept
content-length
228
x-xss-protection
1; mode=block
last-modified
Mon, 27 Apr 2020 11:58:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5ea6c8f4-241"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
image/webp
cache-control
max-age=7200
cf-request-id
02617690ca000097965fbdc200000001
accept-ranges
bytes
cf-ray
58af59fada639796-FRA
cf-bgj
imgq:100,h2pri
icon20.png
www.hackthebox.eu/images/ 		378 B
530 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hackthebox.eu/images/icon20.png
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1743dc9660dd45f600e7877592a196178abb9074eb2c334168f4e85855cde0d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:14 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
7099
cf-polished
origFmt=png, origSize=699
status
200
content-disposition
inline; filename="icon20.webp"
vary
Accept
content-length
378
x-xss-protection
1; mode=block
last-modified
Mon, 27 Apr 2020 11:58:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5ea6c8f4-2bb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
image/webp
cache-control
max-age=7200
cf-request-id
02617690ce000097965fbdd200000001
accept-ranges
bytes
cf-ray
58af59faea689796-FRA
cf-bgj
imgq:100,h2pri
ViZhet7Ak-LRXZMXzuAfkY4P5ICox8Kq3LLUNMylGO4.woff2
fonts.gstatic.com/s/ubuntumono/v6/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ubuntumono/v6/ViZhet7Ak-LRXZMXzuAfkY4P5ICox8Kq3LLUNMylGO4.woff2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d214f2eadb7711ef840eec466e653d7708b22688aff30a8e9f2473493cbdd39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/category/post-exploit/
Origin
https://touhidshaikh.com

Response headers

date
Fri, 10 Apr 2020 06:53:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Aug 2014 15:21:35 GMT
server
sffe
age
1560299
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
23120
x-xss-protection
0
expires
Sat, 10 Apr 2021 06:53:15 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0C6A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1066095879582960&output=html&h=600&slotname=4182335781&adk=291855507&adf=2150353423&w=257&fwrn=4&fwrnh=100&lmt=1588061894&rafmt=1&psa=0&guci=1.2.0.0.2.2.0.0&format=257x600&url=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&adsid=NT&dt=1588061894856&bpp=14&bdt=390&idt=15&shv=r20200423&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7850786219755&frm=20&pv=1&ga_vid=1722527907.1588061895&ga_sid=1588061895&ga_hid=526047441&ga_fc=0&iag=0&icsg=2670258&dssz=23&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=120&ady=860&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065473%2C21065475&oid=3&pvsid=3645953037750951&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=1&uci=a!1&fsb=1&xpc=po0ADKt23F&p=https%3A//touhidshaikh.com&dtd=22
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1066095879582960&output=html&h=600&slotname=4182335781&adk=291855507&adf=2150353423&w=257&fwrn=4&fwrnh=100&lmt=1588061894&rafmt=1&psa=0&guci=1.2.0.0.2.2.0.0&format=257x600&url=https%3A%2F%2Ftouhidshaikh.com%2Fblog%2Fcategory%2Fpost-exploit%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&adsid=NT&dt=1588061894856&bpp=14&bdt=390&idt=15&shv=r20200423&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7850786219755&frm=20&pv=1&ga_vid=1722527907.1588061895&ga_sid=1588061895&ga_hid=526047441&ga_fc=0&iag=0&icsg=2670258&dssz=23&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=120&ady=860&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065473%2C21065475&oid=3&pvsid=3645953037750951&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=1&uci=a!1&fsb=1&xpc=po0ADKt23F&p=https%3A//touhidshaikh.com&dtd=22
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://touhidshaikh.com/blog/category/post-exploit/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/category/post-exploit/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 28 Apr 2020 08:18:15 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Tue, 28-Apr-2020 08:33:15 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Tue, 28 Apr 2020 08:18:15 GMT
cache-control
private
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: touhidshaikh.com
URL: https://touhidshaikh.com/blog/wp-content/plugins/super-socializer/js/front/facebook/sdk.js?ver=7.12.41
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
db9583d7ec1497ad3830b16755a7dd40d1c8bc049417c3a86d7d96518252e58b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
DiXiJ+0k8p6/uxUOXXyJsQ==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
1779
etag
"1d0e812fe5513c93768b32a079076032"
x-fb-debug
n/7fuH9N1wwfS68S/1qzPMOHOFnMyMHm3MmT6bw2rDOGv9U+XH2oiauAIC4xC5KtwXPBfu3gwjrkPKM1atH4XA==
x-fb-trip-id
1850256238
x-fb-content-md5
7172c17af92de2f45f66b7d87edc2a60
x-frame-options
DENY
date
Tue, 28 Apr 2020 08:18:14 GMT, Tue, 28 Apr 2020 08:18:14 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 28 Apr 2020 08:19:25 GMT
sdk.js
connect.facebook.net/en_US/ 		394 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=0680abab9d055a76e9518c197754d0ae&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e382bd6f6963a2865b8028a1851508e029ba896de22a5375b22ef39a90530f84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/category/post-exploit/
Origin
https://touhidshaikh.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
f5VdM3ADQKdwrdgfXB2hLQ==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
116982
etag
"0d7cf16f8e1f15c2578ae10093af63d5"
x-fb-debug
iZmVUh9dCXgj6C/bJ0oHfaLBl+p40s+6ljGyT4jV8aT5BjvmlgIL70LJV93EdnoneCgvzerOzkB2Ttz8BO4cXw==
x-fb-trip-id
1850256238
x-fb-content-md5
26413bdbbb7bc1fbbf72c195495480b3
x-frame-options
DENY
date
Tue, 28 Apr 2020 08:18:15 GMT, Tue, 28 Apr 2020 08:18:15 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
expires
Wed, 28 Apr 2021 08:00:26 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200423&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
578b2fea7c2fb2f8e4bd8aa75ba61e23b73adb41a769eff58fd3e23b1d7697bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Apr 2020 08:18:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5495
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200423/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 08:18:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Tue, 28 Apr 2020 08:18:15 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame CD0D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://touhidshaikh.com/blog/category/post-exploit/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://touhidshaikh.com/blog/category/post-exploit/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Tue, 28 Apr 2020 07:50:52 GMT
expires
Wed, 28 Apr 2021 07:50:52 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1643
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
gen_204
pagead2.googlesyndication.com/pagead/ 		0
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200423&jk=3645953037750951&bg=!pKelp79YCNi7zqgF3e4CAAAALlIAAAAMmQF4Uz6Es9rAnfYo4daMtWshCetmZfiHNjMmuaRJ8EMYJ2r60YgIYRr9bkbKwoRghd5DE2Y24_jtXcElrQi-lWrHAjkGrc_KeC0chSVCH4e1E34pbYlIZ17xpmvi2pqJbJvjs1PcECrB3RVZWxEnDhJZjW_TLSCN-0pBL2L1N7jnb88Z2uK4-gk4pnVH0Z-h6OWIZ8Hh0U3wjqWCbRkJxdqfcSYvMIND7cqa8nwyIltQYRvr5UKAtV3cNYadwafGwwEl5NytQMGUAY_kF63UpbNK5iapgUnZleP0KV0udcefvXQ5bQ-Agv1QjsGsp13ZGQ1gbIiShTPJYhvaIFRJ41qhoQeMTfHezfcfsaVb9BMNdT4KDU_srtth61mehSuZLHXepC_vukvHWnZvGKeHFST5KkF08MzBFNxgcpxxNV8_DKIHgAzjoIScLowElXzKddSUWwmYs4KNpky1C8-mcg0PPY-OEBmY__G9ZYsGFbOqXTyZc3XYFXWktA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://touhidshaikh.com/blog/category/post-exploit/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 08:18:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| theChampLoadEvent string| theChampDefaultLang string| theChampCloseIconPath string| theChampSiteUrl number| theChampVerified number| theChampEmailPopup string| theChampFBKey string| theChampFBLang number| theChampFbLikeMycred number| theChampSsga number| theChampCommentNotification number| theChampHeateorFcmRecentComments number| theChampFbIosLogin string| theChampFBCommentUrl string| theChampFBCommentColor string| theChampFBCommentNumPosts string| theChampFBCommentWidth string| theChampFBCommentOrderby string| theChampCommentingTabs string| theChampGpCommentsUrl string| theChampDisqusShortname string| theChampScEnabledTabs string| theChampScLabel object| theChampScTabLabels number| theChampGpCommentsWidth string| theChampCommentingId string| theChampSharingAjaxUrl string| heateorSsFbMessengerAPI string| heateorSsWhatsappShareAPI object| heateorSsUrlCountFetched string| heateorSsSharesText string| heateorSsShareText string| theChampPluginIconPath number| theChampHorizontalSharingCountEnable number| theChampVerticalSharingCountEnable number| theChampSharingOffset number| theChampCounterOffset number| theChampMobileStickySharingEnabled string| heateorSsCopyLinkMessage string| heateorSsHorSharingShortUrl string| heateorSsVerticalSharingShortUrl object| adsbygoogle string| GoogleAnalyticsObject function| ga object| _wpemojiSettings object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots undefined| $ function| jQuery function| google_spfd object| google_sv_map object| google_t12n_vars object| twemoji object| wp function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired boolean| _gfp_p_ number| google_lpabyc number| google_unique_id object| ct_author_objectL10n function| theChampPopup function| theChampStrReplace function| theChampCallAjax function| theChampGetScript function| theChampGetElementsByClass function| theChampGetCookie function| theChampInitiateFB function| fbAsyncInit function| theChampRenderFBCommenting function| heateorSsDetermineWhatsappShareAPI function| theChampMoreSharingPopup function| theChampFilterSharing object| heateorSsFacebookTargetUrls function| theChampGetSharingCounts function| theChampFetchFacebookShares function| theChampFBShareJSONCall function| theChampSaveFacebookShares function| theChampCalculateApproxCount function| theChampCalculateActualCount function| theChampCapitaliseFirstLetter function| theChampHideSharing object| jQuery112404855756962854296 object| FB function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| GoogleGcLKhOms object| google_image_requests

5 Cookies

Domain/Path Name / Value
.touhidshaikh.com/ Name: _gat
Value: 1
.touhidshaikh.com/ Name: _gid
Value: GA1.2.294796857.1588061895
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.touhidshaikh.com/ Name: _ga
Value: GA1.2.1722527907.1588061895
.touhidshaikh.com/ Name: __cfduid
Value: d1990a5a98cb235e574953901da2905601588061893

1 Console Messages

Source Level URL
Text
console-api log URL: https://touhidshaikh.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.creativecommons.org
licensebuttons.net
pagead2.googlesyndication.com
secure.gravatar.com
stats.g.doubleclick.net
touhidshaikh.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.hackthebox.eu
www.paypal.com
www.paypalobjects.com
104.18.45.166
151.101.114.133
2606:4700:10::6814:3744
2606:4700:10::6814:9610
2606:4700:20::681a:5d6
2a00:1450:4001:800::2002
2a00:1450:4001:815::2001
2a00:1450:4001:815::200a
2a00:1450:4001:816::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81e::2002
2a00:1450:4001:81e::2003
2a00:1450:4001:81f::2004
2a00:1450:4001:821::2002
2a00:1450:400c:c08::9b
2a03:2880:f02d:12:face:b00c:0:3
2a04:fa87:fffe::c000:4902
72.246.168.118
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0fd651d3399099cdffe85328907bf862c9fe36e61bad58f5b70b73d2253ff0a3
10c5d5f3604e41a3bfd96d93a912ef289f144b46626e78739d1fa0056e9bc7e0
1295e3ab01c2d237ee1c106096d2ac5d775208bd8322b2971966d90cb8f4ab4f
22be083fec183874f525226d57b576f39dbe146dc18a130b7ac7d49ec708e424
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a36df5a1a0340433e69e611d0f6d10201e301a1ec593a146ee1fc02f01bf919
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
369b04a6dee7782623409c2a533c059b632cf6c045ee10c6b6247723c8a713d1
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
420d5c7ee5a3e7582b7ed91343962411712a183d42a69395c4bc1fe378699f07
45733fb67f0701d8ff08a1f22af1f2e763b5c1535b3b494af3b5faa836bce40a
485a3f581f6306bbd4effcfe101c7108df5f7bd5326ad4fdc60f99d7d223ae51
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
51c56935854bed13b06e04dd8a756cb635edca2f98d1f55b3608ecc200162426
578b2fea7c2fb2f8e4bd8aa75ba61e23b73adb41a769eff58fd3e23b1d7697bb
6d214f2eadb7711ef840eec466e653d7708b22688aff30a8e9f2473493cbdd39
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
7e0b38121479d09e0ad91699be2353dc39fc96fc9fea893a9db45c614b26ceed
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
93aa34dd45d77145517a18b5abca0a61faedc21392987feba88a89d4a9fd210f
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
a2a876d21f7072cac8c0c8ac76a51ebe94045118973516125c6ff7cf63d1f27d
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
aee22f3f3f7bbee39d23219d794b63754cd8b4d0df75efefd98fe050217f0747
b4275b40c7fad7d729ef4aa788639da2bc9ad7ce69f4bf0caa930edd83e04749
bdbc00de393216f6118f704088accc9ebddd220480741d5ed088c01f46f84088
c913e77ada5c0342c7ed5fbe894707d0048c96bfc48798ef19f79bbc7008229d
d02934f0a5b722dbd076dda86e34373e037158a672a8a10409bcbdb5a9040b42
d20304a212ca8e58218a91b0b1883ee9de0903287570b599b5183db0cfbc70f9
d3caf12591d194712facd10bca14f0a924edb59c24447a3fd994a48286db8843
d8a0dfec04b88071fd6eb1370d10e478e4f384b2d04b482cb163a51462143b2e
db9583d7ec1497ad3830b16755a7dd40d1c8bc049417c3a86d7d96518252e58b
e1743dc9660dd45f600e7877592a196178abb9074eb2c334168f4e85855cde0d
e382bd6f6963a2865b8028a1851508e029ba896de22a5375b22ef39a90530f84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6e7e37f4fb2e36db706d30162e8fe537c0d809943f29a0674584b6e2d1a94c6
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8de3f57f49b005896d4c3c10979df9cff5048ddfe29ebbe36507ed1ebff60a4
fbaa02863040d15c4410d572c4d213c2b8c75425279c5a01672c6ff86fd9d6c3