www.mdsec.co.uk Open in urlscan Pro
104.26.3.136 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Effective URL:
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Submission: On September 15 via manual (September 15th 2022, 7:50:40 pm UTC) from CA — Scanned from CA

Summary HTTP 72 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 6 domains to perform 72 HTTP transactions. The main IP is 104.26.3.136, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.mdsec.co.uk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 18th 2022. Valid for: a year.

This is the only time www.mdsec.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 44	104.26.3.136 104.26.3.136	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:141b:13:... 2600:141b:13::17d7:82eb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:141b:900... 2600:141b:9000::1725:7ba0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2607:f8b0:400... 2607:f8b0:4006:821::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
10	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
72	8

44 104.26.3.136 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mdsec.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:141b:13::17d7:82eb (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:9000::1725:7ba0 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:821::2004 (Rockville, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2008 (Rockville, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81f::200e (Rockville, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:824::2003 (Rockville, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:809::2003 (Rockville, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	mdsec.co.uk 1 redirects www.mdsec.co.uk	456 KB
15	gstatic.com www.gstatic.com fonts.gstatic.com	601 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2	78 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 430 p.typekit.net — Cisco Umbrella Rank: 577	71 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	42 KB
72	6

	Domain	Requested by
44	www.mdsec.co.uk	1 redirects www.mdsec.co.uk
10	www.gstatic.com	www.google.com www.gstatic.com
6	www.google.com	www.mdsec.co.uk www.gstatic.com www.google.com
5	fonts.gstatic.com	www.google.com
4	use.typekit.net	www.mdsec.co.uk use.typekit.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	www.googletagmanager.com	www.mdsec.co.uk
1	p.typekit.net	use.typekit.net
72	8

This site contains links to these domains. Also see Links.

Domain
netmarketshare.com
scotthelme.co.uk
boringssl.googlesource.com
blog.dylan.codes
github.com
en.wikipedia.org
www.youtube.com
twitter.com
chromium.googlesource.com
account.google.com
cobaltstrike.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-18` - `2023-05-18`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Frame ID: 559A9E3A1C070892567EA741315FDEF5
Requests: 53 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw&co=aHR0cHM6Ly93d3cubWRzZWMuY28udWs6NDQz&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&theme=light&size=invisible&cb=xvfydeuspnly
Frame ID: C36A5FF1D5B709AEB9449616F2E6E4D4
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw
Frame ID: 1656EB4E160C78220F1300436139DEC4
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Breaking The Browser - A tale of IPC, credentials and backdoors - MDSec

Page URL History Show full URLs

http://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/ HTTP 301
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/(?:([\d.])+/)?highlight(?:\.min)?\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

72
Requests

100 %
HTTPS

88 %
IPv6

6
Domains

8
Subdomains

8
IPs

1
Countries

1268 kB
Transfer

2821 kB
Size

5
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://netmarketshare.com/?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22browser%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22browsersDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222020-01%22%2C%22dateEnd%22%3A%222020-12%22%2C%22plotKeys%22%3A%5B%7B%22browser%22%3A%22Chrome%22%7D%2C%7B%22browser%22%3A%22Edge%22%7D%2C%7B%22browser%22%3A%22Firefox%22%7D%2C%7B%22browser%22%3A%22Internet%20Explorer%22%7D%2C%7B%22browser%22%3A%22Safari%22%7D%5D%2C%22segments%22%3A%22-1000%22%7D
Title: nearly a 70%

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/alexa-top-1-million-analysis-august-2018/
Title: the sites we want to steal data from

Search URL Search Domain Scan URL

URL: https://boringssl.googlesource.com/boringssl
Title: BoringSSL

Search URL Search Domain Scan URL

URL: https://blog.dylan.codes/pwning-windows-event-logging/
Title: past blog

Search URL Search Domain Scan URL

URL: https://github.com/bats3c/ChromeTools/blob/main/sslsteal/dllmain.cpp
Title: some code

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/QUIC
Title: QUIC

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=39yPeiY808w
Title: this talk

Search URL Search Domain Scan URL

URL: https://twitter.com/NedWilliamson
Title: @NedWilliamson

Search URL Search Domain Scan URL

URL: https://github.com/tomer8007/chromium-ipc-sniffer
Title: chromium-ipc-sniffer

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/src/+/master/mojo/README.md
Title: Mojo

Search URL Search Domain Scan URL

URL: https://github.com/bats3c/ChromeTools/blob/main/chrometap/wiretap/dllmain.cpp
Title: here

Search URL Search Domain Scan URL

URL: https://account.google.com/
Title: https://account.google.com/

Search URL Search Domain Scan URL

URL: https://github.com/jibsen/tinf
Title: this

Search URL Search Domain Scan URL

URL: https://blog.dylan.codes/defending-your-malware/
Title: to use syscalls

Search URL Search Domain Scan URL

URL: https://blog.dylan.codes/
Title: my blog

Search URL Search Domain Scan URL

URL: https://github.com/monoxgas/sRDI
Title: sRDI

Search URL Search Domain Scan URL

URL: https://cobaltstrike.com/help-beacon-object-files
Title: beacon object files

Search URL Search Domain Scan URL

URL: https://twitter.com/Cneelis
Title: @Cneelis

Search URL Search Domain Scan URL

URL: https://github.com/outflanknl/InlineWhispers
Title: InlineWhispers

Search URL Search Domain Scan URL

URL: https://twitter.com/_batsec_
Title: @_batsec_

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/ HTTP 301
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

72 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Redirect Chain

http://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/

78 KB
23 KB

1232ms
1191ms

Document
text/html

104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: 66b5ab3e1b66bf24129603095a33218c7c9b7c43a7a15a6f7068d14f6127dca5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-apo-via: origin,no-cache
cf-cache-status: BYPASS
cf-edge-cache: cache,platform=wordpress
cf-ray: 74b3e45cc8e954a9-YYZ
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 15 Sep 2022 19:50:34 GMT
link: <https://www.mdsec.co.uk/wp-json/>; rel="https://api.w.org/", <https://www.mdsec.co.uk/wp-json/wp/v2/posts/2538>; rel="alternate"; type="application/json", <https://www.mdsec.co.uk/?p=2538>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lCVtbmIM36Lp%2BnbSiFLT1p9kaTPlXsSGtX5Klen%2FqJPKFlWNluzM54jgj73RGiIi0khMylI2vK%2FopAHP3SR7jNdhSwYpnXU%2BGnYic2R4%2Bb0BIoJY61Y55R5PqJg%2B9M5o7A%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.2.34

Redirect headers

CF-RAY: 74b3e45c5ffa53e9-YYZ
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 15 Sep 2022 19:50:33 GMT
Expires: Thu, 15 Sep 2022 20:50:33 GMT
Location: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wsl3EGvPZ%2FogcJkZr1T9SvwewNfksoe%2FmUIQ0ukADWjAxG8iCVdGQ0ul3b0f8XyzcKmFK0UHhVczQr9Fd9A32M%2BruVFu5dk4DzLcIn4xN045JK8SUtx%2FK7%2FLyp67VofcEA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 icv6vdt.css
use.typekit.net/ 4 KB
1004 B 170ms
92ms Stylesheet
text/css 2600:141b:13::17d7:82eb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/icv6vdt.css

Requested by

Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:82eb New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

cae3ed47c98e8d9214647b687fbba2690dca19d9da6294578b82251a6d9cd17f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 15 Sep 2022 19:50:35 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 772

GET
H2 200 style.min.css
www.mdsec.co.uk/wp-includes/css/dist/block-library/ 87 KB
12 KB 138ms
137ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-includes/css/dist/block-library/style.min.css?ver=86ed51486e42e085c6981862511ac933
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 12 Jul 2022 20:46:43 GMT
server: cloudflare
etag: W/"15b64-5e3a1c422abae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzw0oJi4gM9FVSNCMdodMvALKhcmlo0AlTD%2FNRIAZswZo8jnGwL8PFFjLjhy9fv%2FQtBm0j%2F3nwDsXHIPvdgShzWsX26lfBx7buQ%2B9nIU1XSIWPhBePVQvDrV6dHEuPSKUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464bb8854a9-YYZ

GET
H2 200 style.css
www.mdsec.co.uk/wp-content/plugins/taxonomy-images/css/ 385 B
490 B 141ms
137ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/taxonomy-images/css/style.css?ver=0.9.6
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1d854df9d02c9b5d4e269e42d4df0c88cd2bac36f69bfdd46e414605ed43348

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 27 Jun 2020 19:10:21 GMT
server: cloudflare
etag: W/"1bf-5a91593bdf51f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=329kPrFKz4HB4qUcpHOL3diBRQqrSZ6sJAY23IbCBWDjShlhoURiZ9gYEwB5RrhCM0LbbfyObKgPaDHxX5tHoRZSxDT0V1moZt0%2FSkkftbGs%2FkbICoiFAugPtqS6gbL%2F4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464bb8e54a9-YYZ
cf-polished: origSize=447
cf-bgj: minify

GET
H2 200 frontend.min.css
www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/css/ 97 KB
15 KB 143ms
138ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.4
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f5e9e83ad407689dddf4694f0a45ec08a3baf6bf8c529b6fb4b37cecffe9fbe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Sep 2022 14:37:35 GMT
server: cloudflare
etag: W/"185bf-5e82b5ed6630a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68IZcu%2Fmd%2F7HcxELxMWpcw9mBoVEjoCnrfyTgWtS4Bl2akq4TSSdoGaQfxenfzxVPjIwzk%2F2y9kNqPU7gDOGgOWAgh3KvFawGcfYKvzuydS6LrqbAXEG6485uAyvYv9l%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9754a9-YYZ

GET
H2 200 flatpickr.min.css
www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 14 KB
3 KB 161ms
157ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.4
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Sep 2022 14:37:35 GMT
server: cloudflare
etag: W/"3601-5e82b5ed6630a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cfMA2bKQql9PTyqHCLdUs8MEUosb9lfXrx1aH5johOkEwqOby%2FFvKzonhS7NAaN2%2BNeiIU4NoqeTzTDP5JulEHAOVGDjDPUt8aYl%2B1VzGsqHPSF%2BbX0ixh7lJAmAghhrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9854a9-YYZ

GET
H2 200 select2.min.css
www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 134ms
130ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=86ed51486e42e085c6981862511ac933
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Sep 2022 14:37:35 GMT
server: cloudflare
etag: W/"3a75-5e82b5ed6a18a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtpTIdv6Xx6nY9OMh8g78MAFsPhnDW830aA8p1l02cUjXLAQY6oh%2FnKvXFGaigMbVx1dgPrHWgLB9KoxtPFHjtpwHXtS6IQaHwJG3YUZzYgA4ZSpiYkExlZonZE9Qqocwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9954a9-YYZ

GET
H2 200 style.css
www.mdsec.co.uk/wp-content/themes/mdsec/css/ 107 KB
13 KB 140ms
136ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 013819d7b7a0fdd92a0e5d867f96eb71a30762b765158334b0b8fee446e56782

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Sep 2021 13:17:20 GMT
server: cloudflare
etag: W/"217d7-5cc1ca270fddd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfFObKNQt5j8WkE0ihw4S%2F%2FaSR2Gs2FendFD%2FXZMUkzhRGReJ7tZDn48kcH8euHj0tV7bZnC3f51BayrLxiDZCPX%2FGcwOd2enhSJw1GYx4m%2FXx5f%2BYH%2BSgjVB63oiGd9PA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9a54a9-YYZ
cf-polished: origSize=137175
cf-bgj: minify

GET
H2 200 solarized_dark.css
www.mdsec.co.uk/wp-content/themes/mdsec/css/ 3 KB
1 KB 135ms
131ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/solarized_dark.css?ver=1
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a17c9f956c273c76bbf16f276bd91e57f52291baf9c275c90242e48bd755225f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"10ab-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMwzjlPic3nzAgvx2LgOGEyQfbsBFrTHVJYDbPb26KTXkkTRi9S6oaaa8PSvvF7h18Fd82QxQ%2BCxYbQxT5yhF6ya%2FdzW5kiBO%2FNtAVnvapUi5AsoM%2BtTjlcUyc73h4PBvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9c54a9-YYZ
cf-polished: origSize=4267
cf-bgj: minify

GET
H2 200 flickity.min.css
www.mdsec.co.uk/wp-content/themes/mdsec/css/ 2 KB
909 B 138ms
134ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/flickity.min.css?ver=1
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20a22e2a0610fa88287f0f8a033e1f8c5fb3abb7f0a0d527115b6ce3dde328a1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"705-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IKIw0mJDKd%2Bfgk%2BpxSQabHdKMTY1KTxdLdq503AJed52LwzV6UptuQerZzEnIG7lcGcnKbuOvpKh84ekXRDOwzdjn1Dj7yQ68QAHZ7rTEU61sR%2Ff76DismZ4N46yc6KVlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9d54a9-YYZ

GET
H2 200 hamburgers.css
www.mdsec.co.uk/wp-content/themes/mdsec/css/ 2 KB
827 B 136ms
132ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/hamburgers.css?ver=1
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3fc0b31022856f1cfdf6fa4833faff7f7388ca32d0bccb5affc71760cfdf0ec

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"75a-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUCoeTs%2FAyuGHU%2F4ptSptVBA34DklLJ4nPbWDs2idaU3UHVWLQWaV97W0csAM%2BkUrhaODjz3Lu4weEZHk5SAdiaL6qR4iv7%2BFJObRj%2Bdl8EDQIe4lwmEGp8pl2SPV39KSA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9e54a9-YYZ
cf-polished: origSize=1882
cf-bgj: minify

GET
H2 200 font-awesome.min.css
www.mdsec.co.uk/wp-content/themes/mdsec/css/ 30 KB
7 KB 136ms
133ms Stylesheet
text/css 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/font-awesome.min.css?ver=86ed51486e42e085c6981862511ac933
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 17 May 2018 09:19:12 GMT
server: cloudflare
etag: W/"7918-56c6354186400"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4V2vRvUD%2FCCka9GRR2uMjw7mA1ZzPgfKoNK8ZA2otpkcBBdvvNfhw%2F6znKM%2BZZeItjBaeqjjU2QdDxIO2EdRPwP6sdTgqkiQQfGNJN1BcopEdusnpWwW1hyBPiMiLsfqGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464cb9f54a9-YYZ

GET
H2 200 icon-adversary.svg
www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/ 1 KB
958 B 142ms
139ms Image
image/svg+xml 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/icon-adversary.svg
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6be5fd788129e04855a57c5ba54a1a991d0f63671df6b8e2bec2938354f226a1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"58c-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D9fht%2BOgTxmJMhkD3v5ox1RlbGuPC1ysO59jE%2FOFZupNfdLHTc%2BjabZvWuZIm3SLdkcxXdc5Qcd3oObQvmonE%2FvbOjr5fuTjtOYyWqNahMfEjHxEs0lA8D7jagUzEo6J7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464dbae54a9-YYZ

GET
H2 200 icon-application-security.svg
www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/ 1 KB
850 B 141ms
138ms Image
image/svg+xml 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/icon-application-security.svg
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44362f7dd6a3d253f5046f3595ba95df1db22d0f26dd39afacd0916f620921c8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"414-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9F4%2BGwi7qOQIp4Pi9EnIbGTwfhaLfiuT0%2FyXnZcBzsQPVW21gXroEdRdVFPhIlFVW4YEXXz0D3%2BJA7pe4IaoPciK2zZAvB52Jj4dKZrgllAuhWkJJ2FjWXTrkkRpET%2BqjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464dbb054a9-YYZ

GET
H2 200 icon-penetration-testing.svg
www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/ 1003 B
881 B 159ms
157ms Image
image/svg+xml 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/icon-penetration-testing.svg
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6662863c1a235e81fbfb55faafa502d0e8b5b33dd62e782f6cac6df42ace9b0f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"3eb-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F58GW4A5VjnD%2FUrW38ono%2B91v%2B89UYNnn3FETI1spYtiO3IWoi0x1ixuuGKKRM8ER%2FBbQRbnti%2F8bM3qp8HThtLJsNkTBWpq%2B%2FZvMyY4kR7K2487neg6PP9eXdXll5Ephw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464dbb154a9-YYZ

GET
H2 200 icon-response.svg
www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/ 1 KB
964 B 135ms
134ms Image
image/svg+xml 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/icons/icon-response.svg
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96d9b29b2a6d1cc397c0efdfa8bafdc220b090f765e4085fd74e18145de864fc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"457-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AoZLJeeUzcY4ZhtRAroSf78U3uZ43wLR%2BZPh3aL81LrY30Ujge2x3NT681q3Gf6rAql1QFrN8506si%2BWvtXKl1Oq6OsPO9s3IXrk29njr3MjasQm%2Fu9ERI1JoRAtdV%2FIIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e464dbb354a9-YYZ

GET
H2 200 chrome-multi-process-768x131.png
www.mdsec.co.uk/wp-content/uploads/2021/01/ 34 KB
34 KB 149ms
148ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2021/01/chrome-multi-process-768x131.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7ffbb239329c26e35510135c2d95d2efe46fd23e93c6382b012ec0174f10695

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jan 2021 21:03:15 GMT
server: cloudflare
etag: "8988-5b8a63c15c7ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dH6Cheq44%2B7d2rliCUAvIZKuZoTGtOnG7LtnG%2FMZTYn5pdlUJRcMwV0cUek81zoS5Yi%2BhPfGN5G0ycl1O8J%2Bbz02bvtKee31AefE6UT4PidL8%2FsZ8F5yGgu7YO3KZSVoxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e464dbb454a9-YYZ
content-length: 34821
cf-polished: origSize=35208
cf-bgj: imgq:85,h2pri

GET
H2 200 mdsec-logo.svg
www.mdsec.co.uk/wp-content/themes/mdsec/img/ 2 KB
1 KB 134ms
131ms Image
image/svg+xml 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/mdsec-logo.svg
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97db82777bfefb7151846ef3cb93a3bc2d5739eaf4035e7431ba6bf6b4a3ec53

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"9b6-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoBoEt7vC1YackYeQ9pJ9iQP7feFHTUsA%2FFTmU8D%2BFXU6kDevLMraiEKOuAfJ9ZI%2FZ2zDIQa99D1UI7mmLYLhJcKzc5q7GE6cEm8usWqJqrbZQQoJ5JoUk%2BoPeplgXRRWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4656c6454a9-YYZ

GET
H2 200 best.png
www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/ 1 KB
2 KB 138ms
135ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/best.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49abddbaff51eae72fa78275c2607af206de069d9c383d2fd3e07df45d5989b7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "887-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzpHMlbg%2Fs20xkNgmReJnaEyi0JOyRrBc9zkkLCjyyaRYmjrw6bBkXQRodGYhQLS06LNbEUJVnV60ek98Ca%2F2%2Fq4bxYti6eWZ1mvyrN90Vk5AMJVA7JO1mIQW6XgDUwN%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4656c6854a9-YYZ
content-length: 1432
cf-polished: origSize=2183
cf-bgj: imgq:85,h2pri

GET
H2 200 check.png
www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/ 2 KB
2 KB 133ms
130ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/check.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a834dbfee704111fe2fad38f37d89476b172e522e3a369b3099ef5835090b31

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "bbd-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZOJ3vQR6TavJfguU7ZnPFQZeGGNmSRLgUPFzoorUxalmRzv3J5Du57I8FxPRvQYThNu8rcKnWs6lXu2uwqAqgZbE1qOqzBwTxVzG07oxIPbV8JT2UUKMAvgeWe8d3CC5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4656c6b54a9-YYZ
content-length: 2014
cf-polished: origSize=3005
cf-bgj: imgq:85,h2pri

GET
H2 200 crest-star.png
www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/ 2 KB
2 KB 143ms
140ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/crest-star.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b33a241177830aaa4985fdd60c9fd86721c5e0404e1f2e33543c56c72fb22596

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "c0e-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3DC8xRx6S0sXKFbqeY8T98FcSDwkmGKloLYOtOY88AC1G92afd%2Fn74fzBki%2BG6WtfYU8W5A6TYYiufLoPBjisJpuxh5j8YWQrh%2FUOnZNbVkanN8v6X7YAyob%2FrpE35HGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4656c6c54a9-YYZ
content-length: 2045
cf-polished: origSize=3086
cf-bgj: imgq:85,h2pri

GET
H2 200 crest.png
www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/ 4 KB
5 KB 132ms
129ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/crest.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e5467e321f1c92494ca07fedb64bd86961ffe2f73e78aade3a79a4004b6d8be

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "23a5-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zqtwa6XxpEgP1VMhC6rhofdH%2B5uJHErmjUYVn77PGbEYUkxCV1mNSKWIMZeIwDl1p20yYgjcUFkJMQCH2VMxClP7gPBMQsi1CkzHecF8v4cA%2B8njlZWWzUMbIngdJjvMtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4656c6d54a9-YYZ
content-length: 4389
cf-polished: origSize=9125
cf-bgj: imgq:85,h2pri

GET
H2 200 cyber-essentials.png
www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/ 4 KB
4 KB 140ms
137ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/cyber-essentials.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23b980d1f524beaf99d21ba3a8ba8090755c0798f0be1a67d2e7721ab71e63ec

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "1d02-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7X2e%2FnzAkh5EemvzhTfAcGp%2F%2F%2Fvn56wcH7IjlllKwn97NoKVqeGG1qzESbny839xHu7501DU1rqVynkWG52IwVIpknYmaO7gj2BUH1VrsmPYs8q%2BWvj%2Fm%2FZhbeglKRimzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4656c6e54a9-YYZ
content-length: 4042
cf-polished: origSize=7426
cf-bgj: imgq:85,h2pri

GET
H2 200 british-assessment-bureau.png
www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/ 4 KB
4 KB 134ms
131ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/logos/british-assessment-bureau.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02443bf6aacd5730af51edc4cde8456e1da7602a14ede9b4e566031d5221d0bc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "1911-5a9c1ce7c6317"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2F0Vstue1CHHFcfy07rC7kgylzqZsI8GnPqY0jLDftiIGRxqBBV9kswOH182yfkmEXiKHktleVwNyTt4aTjpjtBhlbl1UtgXF50VjFD8ZqLEw8lKwRc7%2BfjFvsFtP2TU5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4656c7054a9-YYZ
content-length: 4078
cf-polished: origSize=6417
cf-bgj: imgq:85,h2pri

GET
H2 200 rocket-loader.min.js Show response
www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 23ms
21ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Sep 2022 11:39:48 GMT
server: cloudflare
etag: W/"63230f04-302c"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOdjYRYXU04T2UKVRLmkPpZSpdexk3zUKaGJuZkKzU9JiR626ALyt0t8UiOle7tBPfZOqFY9Mi2n1Oq7MoAsQAeFlRDjXx6xBGxFWY2WE29Bkn7plVt8pH4tqV99oFmHYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4656c7154a9-YYZ
vary: Accept-Encoding
expires: Sat, 17 Sep 2022 19:50:35 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
195 B 325ms
18ms Stylesheet
text/css 2600:141b:9000::1725:7ba0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=icv6vdt&ht=tk&f=31374.31382.31416.31417&a=2802380&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/icv6vdt.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000::1725:7ba0 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 15 Sep 2022 19:50:35 GMT
last-modified: Sat, 02 Oct 2021 08:25:28 GMT
server: nginx
etag: "61581778-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 jquery.marquee.min.js Show response
www.mdsec.co.uk/wp-content/themes/mdsec/ 6 KB
2 KB 142ms
140ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/jquery.marquee.min.js
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2278cada41d2bcc06dfa905b1e859133291c58dc7fb209a57f9f5d02c11a92e5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:45:49 GMT
server: cloudflare
etag: W/"1606-5a9c1e6c7f621"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sq6XQ%2BejYILftGcoFxXG52ru1NUNtKHKoXaFfC2E%2FspjK0nzsO%2BfdwHH761gMyi05Qdfq%2BdyRcnWOsS09%2FO03E9MKGmfeMO6BZwIK2pPfUw8zEPNd52%2F6c0k0ETpHDUpCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f4554a9-YYZ

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 907 B
991 B 94ms
42ms Script
text/javascript 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=frmRecaptcha&render=explicit&ver=3

Requested by

Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8f6536bbfb33075bc0f728004e832533cbb3edc069044b78ed429ba63fb769c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 578
x-xss-protection: 1; mode=block
expires: Thu, 15 Sep 2022 19:50:35 GMT

GET
H2 200 frm.min.js Show response
www.mdsec.co.uk/wp-content/plugins/formidable/js/ 34 KB
10 KB 137ms
135ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/formidable/js/frm.min.js?ver=5.5
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b82d20340f79d1fa2e899444fac807e9ac3a28a6acedae896237a5b569b53545

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 15 Sep 2022 02:38:32 GMT
server: cloudflare
etag: W/"89c3-5e8ae24295a88"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lc7YK0k4PD9jzRB9PW6cqb0972oUXFS%2B5nS%2FdBlc2hOAzxjLdSL979%2BTxETIEIC1t9o3T7SxV6UhL%2BAEaF5YG6Y07ZY04%2B0qFQp0LIfMK%2FJvVZjmQ7hRdvwRwmzSYkUq4A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f4754a9-YYZ

GET
H2 200 modernizr.js Show response
www.mdsec.co.uk/wp-content/themes/mdsec/js/ 14 KB
6 KB 142ms
141ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/js/modernizr.js?ver=2.8.3
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4c3e90bcdf3537573f311c5698cdfa80baca9a2d06c0891a038515e464f9ffd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"39ca-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDpdFZEa6e1zNm2iolT9D5%2BQhrbIZsib7VB5Q0Bm3n4PbDbzdQoh1lRsvtpfIH0CTSzGJ1lEn8wgd43dNQLqXBbhaOXRy8VKgHAQtiodNtw6hrNXGjsYVQdwaRd80ouDSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f4854a9-YYZ
cf-polished: origSize=14794
cf-bgj: minify

GET
H2 200 jquery.matchHeight.js Show response
www.mdsec.co.uk/wp-content/themes/mdsec/js/ 5 KB
2 KB 141ms
140ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/js/jquery.matchHeight.js?ver=1.0.0
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0d466d27a562d7eba7d5ff6422c262de499bf9ba26c3406d52c1dbe19b28b5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"2e02-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fdq38dGKrfvRiwnJSKWxMZocbrwy9HMBGmNGFi6h67GCktdLuDViyqOsxcsgjwzimsWDGUn3KnZtkLOVYtn2nwPaGr7PgTv4tTH2tVkoYqtrbTGuq7WtQwxxuP8LCbJl4A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5354a9-YYZ
cf-polished: origSize=11778
cf-bgj: minify

GET
H2 200 isotope.pkgd.min.js Show response
www.mdsec.co.uk/wp-content/themes/mdsec/js/ 35 KB
10 KB 182ms
181ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/js/isotope.pkgd.min.js?ver=1
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ac1dec2ea676653dc33c1dc718636434357b352fd07d6bf9750c69250191abc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"8aaf-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zgyHm4uQ2nW0GIbiTRME7OqV03icEBBbKvMZQeJWlkxNY3I4FGM8yGB4Z1u9047MtzsJxSbeT%2FPBX5MdEJfK9ITb74AFb2niLFEmgxV0eiejdwAjr48Lq74lfbhXHoZc7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5554a9-YYZ

GET
H2 200 highlight.min.js Show response
www.mdsec.co.uk/wp-content/themes/mdsec/js/ 71 KB
29 KB 143ms
142ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/js/highlight.min.js?ver=1
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50aeef74b417f88c04b45b2afa74a07214cad46167a729eca6f84d51baa246f6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:44:25 GMT
server: cloudflare
etag: W/"11d8a-5a9c1e1c6e0ed"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g31fFWJ6W5UI6EbLCACfJMgJYciDKv4eN1OnJDg%2B%2FJFVv%2BNV7OBxFJJ%2F63dJmrJ1%2FFeaF28v92x2UgTsU%2FX4fxCwsoevdIYsPS1AtJ9HJNIq3SWED0JIz9M8hIIRFyOEXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5654a9-YYZ

GET
H2 200 main.js Show response
www.mdsec.co.uk/wp-content/themes/mdsec/js/ 1 KB
850 B 151ms
150ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/js/main.js?ver=1
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6b4dbff2d0fd199b80431665e75354c98cdaed9c263ced5487fdc8062710851

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"784-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vgurel4bZTG30xHU2M2mQu0EKOPcqqwYvOF%2BIAP%2BT0r73A66%2B9lqjF6HDjOaEm5GNL9pBndTE7%2BIgBUjHfg%2Bjz6MQPCxN4IOtEW5A4OnMLJTPgL4FcOoyZuVo9jMCPGSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5854a9-YYZ
cf-polished: origSize=1924
cf-bgj: minify

GET
H2 200 frontend.min.js Show response
www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/js/ 18 KB
4 KB 149ms
149ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.4
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9f426305c9ba18d2b7594d3328050da20fa9db95661bd0af22c99c3ef90b101

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Sep 2022 14:37:35 GMT
server: cloudflare
etag: W/"494e-5e82b5ed6a18a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aWpTZ879EQ6aghyNdPpNdugdHoWY4DX2XJc%2BlF3vymePxJFthm87pjyLlQQEWdV97iPChTg%2BbkLzIqfJDaDH31UuCDdj7EUROFJs639nC7Lyfb%2F46HOTZZlIRXF0ySn3HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5954a9-YYZ

GET
H2 200 select2.min.js Show response
www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 146ms
146ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=86ed51486e42e085c6981862511ac933
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Sep 2022 14:37:35 GMT
server: cloudflare
etag: W/"114c3-5e82b5ed6a18a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBVxsJvTearoS0pasHSjFYjooDqVjylOGaCjL1iuZCzp9DuWGfrZu1Ui248PL0jg6x70LZSKZjV4a2coe77flVwhk42uLmwsQN1P6tAZZVFKlaiOhLoXlOo0ciHitNAi9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5e54a9-YYZ

GET
H2 200 flatpickr.min.js Show response
www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 49 KB
15 KB 133ms
133ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=86ed51486e42e085c6981862511ac933
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c2230e1348d437f591bf23a319992999e4869ab9aef142861ae206b05ec1be4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Sep 2022 14:37:35 GMT
server: cloudflare
etag: W/"c570-5e82b5ed6630a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPX9B8Tr%2BR8bldIUHBSEAqjad5kY%2Bgf2AoiXavtuQeZ8E7UXlbMyRIssM5gfbEHPeAS4hJUEFeCdDgoHaBnrjgyUGHjdTOllQ74MIoaBWMYdMhVaY8TeOR37IQwqknIbeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4677f5f54a9-YYZ

GET
H2 200 jquery.js Show response
www.mdsec.co.uk/wp-includes/js/jquery/ 141 KB
42 KB 169ms
169ms Script
application/javascript 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-includes/js/jquery/jquery.js?ver=1.11.0
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a26f948122b1fe863bae3e65f7a64893e6e29e8e760ac075654174f96171cdd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Sep 2021 07:40:29 GMT
server: cloudflare
etag: W/"46758-5cc03cff90986"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WWph7BZuq2gBEJYPdNy%2Fz4CrXj0WC4TGJ9HIiT%2Bvp7fXghggeGtq4Pr1D%2Fu0RZxAxXPCC5b7MHWO87vB5Z6vGOBYyyj4ur%2FXHv4zCVMlYfP0Y%2BJ6vLimRmpJG%2BiV2MQUaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4679f8254a9-YYZ
cf-polished: origSize=288600
cf-bgj: minify

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
42 KB 141ms
92ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-67981177-1

Requested by

Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

15bc019039cf3721d8977f306a51dce3b3047dd7a7819707074f587b44c766da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42431
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 19:02:56 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Sep 2022 19:50:35 GMT

GET
H2 200 FabrikatMono-Regular.woff2
www.mdsec.co.uk/wp-content/themes/mdsec/fonts/ 15 KB
16 KB 173ms
172ms Font
application/octet-stream 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/fonts/FabrikatMono-Regular.woff2
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d8f2f8fd49dcb94cde58a0fed9c6bac0f8782e2d79ce44753a0b035a4e28236

Request headers

Referer: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
Origin: https://www.mdsec.co.uk
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "3d20-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYNBaM15NUti9N8RfJF6KvC7Np8ASpY68CPR0C%2FHKUryP99ZQ68s%2BH%2Bzk2YDtVXRPqp1VGvYMlIWPfLRPSoRN%2B7ELn3ck%2BGSak5%2Bo9B4zsyX7wESiBwioBXoLR0z%2FU%2Bv4A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4679f8754a9-YYZ
content-length: 15648

GET
H2 200 submit.svg
www.mdsec.co.uk/wp-content/themes/mdsec/img/ 557 B
635 B 153ms
152ms Image
image/svg+xml 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/img/submit.svg
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1b6b29514af75ee9f3efcc5fa2aa5afa9e6b6d9664dded2f96191cd9da60c09

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: W/"22d-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hgbVE8XzVrEnYe0kA6aARvlKuL7N7kTLloliIOldVooAYQvtLJPt7baCmYpHmvZl473ZsLzfB8Meww05u73PZjOcqKOqe3cqonwZtzWvu%2BU08EZ6FFVIXULbwzLpJUESmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74b3e4679f8954a9-YYZ

GET
H2 200 l
use.typekit.net/af/e67e40/00000000000000003b9ae907/27/ 22 KB
22 KB 88ms
35ms Font
application/font-woff2 2600:141b:13::17d7:82eb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e67e40/00000000000000003b9ae907/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/icv6vdt.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82eb New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d0347e75b294f69b5791adfbbde35ce933dbbb1a68dab216153a4b095b8e5ed9

Request headers

Referer: https://use.typekit.net/icv6vdt.css
Origin: https://www.mdsec.co.uk
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
server: nginx
etag: "8a9290aed587bb2b92455417d703978308e59ec4"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22528

GET
H2 200 l
use.typekit.net/af/a193b7/00000000000000003b9ae908/27/ 25 KB
26 KB 73ms
21ms Font
application/font-woff2 2600:141b:13::17d7:82eb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/a193b7/00000000000000003b9ae908/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/icv6vdt.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82eb New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b05b6b6c910c0f6630864ed0257f08ad711d6a479c2aa10dc5ce7824eebf3dfa

Request headers

Referer: https://use.typekit.net/icv6vdt.css
Origin: https://www.mdsec.co.uk
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
server: nginx
etag: "0c3eab7d8a84d39a893e5b78d01f244818b600b8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25960

GET
H2 200 l
use.typekit.net/af/e78554/00000000000000003b9ae8dd/27/ 22 KB
22 KB 71ms
19ms Font
application/font-woff2 2600:141b:13::17d7:82eb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e78554/00000000000000003b9ae8dd/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/icv6vdt.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82eb New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1a301206e89878539ecc0c54fb3434d1c742c8054a5d71bff999762523b10f42

Request headers

Referer: https://use.typekit.net/icv6vdt.css
Origin: https://www.mdsec.co.uk
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
server: nginx
etag: "55a625a429e319e8ccac824f701215611bb23c22"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22068

GET
H2 200 FabrikatMono-Medium.woff2
www.mdsec.co.uk/wp-content/themes/mdsec/fonts/ 15 KB
16 KB 141ms
141ms Font
application/octet-stream 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/fonts/FabrikatMono-Medium.woff2
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eef92e34ed6239dd09b29607a7029b11315337e3ce1a0c170b3e903f2e386c

Request headers

Referer: https://www.mdsec.co.uk/wp-content/themes/mdsec/css/style.css?ver=1.1.5
Origin: https://www.mdsec.co.uk
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Jul 2020 08:39:01 GMT
server: cloudflare
etag: "3d00-5a9c1ce7c72b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDdSqSrt%2B%2FktGW6boCmw6F5%2FaLbAnmfYSs%2Bad82u6igfj5p4s2L91xJDrlw5hgaZ5XOj6r6xNE2kjGa23ounEZg9Hw5jS%2BkMKLbSt8OC9xdppERRKzksDNle73nLeJ%2Frjw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e4679f8a54a9-YYZ
content-length: 15616

GET
H2 200 chrome-network-proc-768x130.png
www.mdsec.co.uk/wp-content/uploads/2021/01/ 29 KB
29 KB 132ms
131ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2021/01/chrome-network-proc-768x130.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90931fff790b11e065ea5d70ac6de525832e49278278dd2805299d4323f85423

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jan 2021 21:19:57 GMT
server: cloudflare
etag: "73f0-5b8a677cf2b68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IL0aDp2%2BfAWKcE3vEM%2FOWkA3gRfbvBpps8OGTsfhtxMmXOPvu4Cct3Phat4DJbHftyxoHvA8xEBezNyA2nY1rFSQpe5nnJXj5UbC%2FNn0IN98yPDGA9WP7iq3TTB15uQI2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e467f80554a9-YYZ
content-length: 29511
cf-polished: origSize=29680
cf-bgj: imgq:85,h2pri

GET
H2 200 wsasend-xrefs-768x287.png
www.mdsec.co.uk/wp-content/uploads/2021/01/ 15 KB
15 KB 143ms
142ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2021/01/wsasend-xrefs-768x287.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0865744c0a9a34107e8c597c6a276f2d90bb356564bedc47937e26866e2b409c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jan 2021 21:26:17 GMT
server: cloudflare
etag: "3cbe-5b8a68e789d13"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qg%2Fr56XJrYhAsVYooCty%2FJ%2FCmfb3fG4RV93qweAW3FB8YJPv26TZwT8p%2FNlD1MN4P7dkKwIsF2zSz35hhCuKKGjQbVnmcKOsMkD6VAdP94kBPHhC7wPBsh1a1PwDacJrJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e467f80754a9-YYZ
content-length: 15012
cf-polished: origSize=15550
cf-bgj: imgq:85,h2pri

GET
H2 200 sslwrite_code.png
www.mdsec.co.uk/wp-content/uploads/2021/01/ 28 KB
29 KB 146ms
145ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2021/01/sslwrite_code.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2af98db13f5bf45514ff01258232df46f5f61bdaf210a4fd5f217137b08226c3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jan 2021 21:32:07 GMT
server: cloudflare
etag: "736f-5b8a6a351e544"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ca2MSwmogN4sxLvv5Xu9%2BPzMWM4jCeCzwRRmFIaUcckQuARjrsUripa54G%2FZXlyiwOlPPyZjXWnkcdCo%2FHPZuUIYscuE7q8B0GA8dpvJ%2FRBpxLqebr8v%2FclBH1FolHwe%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e467f80854a9-YYZ
content-length: 29138
cf-polished: origSize=29551
cf-bgj: imgq:85,h2pri

GET
H2 200 sslwrite-xrefs-768x283.png
www.mdsec.co.uk/wp-content/uploads/2021/01/ 14 KB
14 KB 127ms
126ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2021/01/sslwrite-xrefs-768x283.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c85a06b6b153a20bee68c444278de4d8cd478ea28bb904f42f3aaee2def88d09

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jan 2021 21:44:14 GMT
server: cloudflare
etag: "3702-5b8a6ce9fc415"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNBFhg%2Bre7NuEqkdmmLOtud0j%2FxpoYLFHGftsRCnbA1dAwQc5CFFLBy9qcLipSMirIRES6jPGIOF9VNLhn4i%2FpEF2fKOaUfzyd3CpPir%2FCspvIuAUS5aQQfC77mqs6ZYfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e467f80a54a9-YYZ
content-length: 14070
cf-polished: origSize=14082
cf-bgj: imgq:85,h2pri

GET
H2 200 sslwrite_re.png
www.mdsec.co.uk/wp-content/uploads/2021/01/ 53 KB
53 KB 146ms
146ms Image
image/png 104.26.3.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2021/01/sslwrite_re.png
Requested by: Host: www.mdsec.co.uk
URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ad3e1520bc8572f081d3ae6e7b7e2f64ec89fd6d6353a2d646ee20444ccad24

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:35 GMT
cf-cache-status: HIT
last-modified: Tue, 12 Jan 2021 00:27:46 GMT
server: cloudflare
etag: "d29b-5b8a91777b84e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0e48u5Q3dd25FStLT03MV3hCKSK%2BKmaoKrWah5jV3wFQQZ2nI%2BWWR2d1PRJKIMNqE2gThYqyZQdNTAV4%2FnolLESR5Up%2FZh0rd%2FkMUqaaAzi617VqiVgesPRaprd8SvHaXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 74b3e467f80c54a9-YYZ
content-length: 53843
cf-polished: origSize=53915
cf-bgj: imgq:85,h2pri

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 102ms
55ms Script
text/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-67981177-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mdsec.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5103
date: Thu, 15 Sep 2022 18:25:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 15 Sep 2022 20:25:32 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/ 388 KB
155 KB 66ms
20ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=frmRecaptcha&render=explicit&ver=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94d48861ea4d1585e765d393147dafc3df44e3f33a2150b944bca4815cf9e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mdsec.co.uk/
Origin: https://www.mdsec.co.uk
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:45:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157726
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Sep 2023 19:45:45 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 33ms
32ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=675189387&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mdsec.co.uk%2F2021%2F01%2Fbreaking-the-browser-a-tale-of-ipc-credentials-and-backdoors%2F&ul=en-us&de=UTF-8&dt=Breaking%20The%20Browser%20-%20A%20tale%20of%20IPC%2C%20credentials%20and%20backdoors%20-%20MDSec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1485157049&gjid=956869011&cid=1327402761.1663271436&tid=UA-67981177-1&_gid=586681716.1663271436&_r=1&gtm=2ou9e0&z=1505279035

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mdsec.co.uk/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 19:50:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mdsec.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame C36A 43 KB
22 KB 144ms
97ms Document
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw&co=aHR0cHM6Ly93d3cubWRzZWMuY28udWs6NDQz&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&theme=light&size=invisible&cb=xvfydeuspnly

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1ea4fe17ee701a988c4ef2b9d72534585628ac1453b1be36cd0d3360477887f1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AIpYjOvlMA_7lKPGu1gKGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mdsec.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22720
content-security-policy: script-src 'report-sample' 'nonce-AIpYjOvlMA_7lKPGu1gKGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 19:50:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/ Frame C36A 52 KB
24 KB 88ms
46ms Stylesheet
text/css 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw&co=aHR0cHM6Ly93d3cubWRzZWMuY28udWs6NDQz&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&theme=light&size=invisible&cb=xvfydeuspnly

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Sep 2023 19:47:34 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/ Frame C36A 388 KB
154 KB 86ms
45ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94d48861ea4d1585e765d393147dafc3df44e3f33a2150b944bca4815cf9e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:45:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157726
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Sep 2023 19:45:45 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame C36A 2 KB
2 KB 20ms
20ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:20:50 GMT
x-content-type-options: nosniff
age: 206986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 20 Sep 2022 10:20:50 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C36A 15 KB
16 KB 70ms
20ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 15:59:51 GMT
x-content-type-options: nosniff
age: 186645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 13 Sep 2023 15:59:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C36A 15 KB
15 KB 75ms
26ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 22:35:09 GMT
x-content-type-options: nosniff
age: 249327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 22:35:09 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame C36A 102 B
134 B 41ms
40ms Other
text/javascript 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d75bacb8a9f1c159d75122ccb63902a6e0f763d8cc12d9914d4839111bacce7d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw&co=aHR0cHM6Ly93d3cubWRzZWMuY28udWs6NDQz&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&theme=light&size=invisible&cb=xvfydeuspnly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 15 Sep 2022 19:50:36 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 1656 7 KB
1 KB 74ms
72ms Document
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0da6bc6c7ff25e38a11e857da732f735df8ca40ba0928a4a526f603692c70ef4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--ue3YQAd2a40EsfYXdzLcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mdsec.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1118
content-security-policy: script-src 'report-sample' 'nonce--ue3YQAd2a40EsfYXdzLcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 19:50:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/ Frame 1656 52 KB
24 KB 21ms
20ms Stylesheet
text/css 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Sep 2023 19:47:34 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/ Frame 1656 388 KB
154 KB 22ms
22ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94d48861ea4d1585e765d393147dafc3df44e3f33a2150b944bca4815cf9e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:45:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157726
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Sep 2023 19:45:45 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 1656 38 KB
23 KB 97ms
96ms XHR
application/json 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3b7ee6042ce80ceaf4f3a6b7f935c9e443bd02f447e862d92bffb59418cc6534

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Thu, 15 Sep 2022 19:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23388
x-xss-protection: 1; mode=block
expires: Thu, 15 Sep 2022 19:50:36 GMT

GET
H3 200 canonical_car.png
www.gstatic.com/recaptcha/api2/ Frame 1656 11 KB
11 KB 21ms
21ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/canonical_car.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 09 Sep 2022 19:42:18 GMT
x-content-type-options: nosniff
age: 518898
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11174
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Fri, 16 Sep 2022 19:42:18 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 1656 600 B
624 B 23ms
20ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 11:25:58 GMT
x-content-type-options: nosniff
age: 203078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 20 Sep 2022 11:25:58 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 1656 530 B
554 B 24ms
22ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 01:09:05 GMT
x-content-type-options: nosniff
age: 499291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Sat, 17 Sep 2022 01:09:05 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 1656 665 B
689 B 23ms
21ms Image
image/png 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sat, 10 Sep 2022 16:25:16 GMT
x-content-type-options: nosniff
age: 444320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Sat, 17 Sep 2022 16:25:16 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 1656 15 KB
15 KB 71ms
27ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 15:59:51 GMT
x-content-type-options: nosniff
age: 186645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 13 Sep 2023 15:59:51 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 1656 15 KB
15 KB 77ms
34ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 09 Sep 2022 18:30:49 GMT
x-content-type-options: nosniff
age: 523187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Sep 2023 18:30:49 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 1656 15 KB
15 KB 63ms
20ms Font
font/woff2 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 22:35:09 GMT
x-content-type-options: nosniff
age: 249327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 22:35:09 GMT

GET
H3 200 payload
www.google.com/recaptcha/api2/ Frame 1656 31 KB
31 KB 57ms
56ms Image
image/jpeg 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/api2/payload?p=06AIIukzjx4fE0cVftX6EqETT0uhGiLOS5fK_PkweyuswKA0-T9M8cINFT0e-9WW_W2zfBNCRh2Z7FHqFP-CO2Lb_34XJgKy7CGGnpohpmxNiLfvSOEaAOSMMbIfszICffTFBTZGJZZQyxFsoxe7j-8_EFqDS0iUDsThnu5fuKmw8MkKiwRcLkOQwbu91txriE6Syf-0BJ_5ZnVz3efTgjD8wM_kDxZw_P_g&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

291ad534a97aee9357374be887cd93552d210094844c6f7fcec15266c8403afd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&k=6Lc27L0ZAAAAAMV4QCtKwWRbT-Hm1FnY6IKqcSxw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 19:50:36 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31679
x-xss-protection: 1; mode=block
expires: Thu, 15 Sep 2022 19:50:36 GMT

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 10:20:23	Name: _GRECAPTCHA Value: 09AMifcdNO8SHEv0h4iFUamkpicyezDoI4uplScW19x7ZlDVUtynRxNEZW69puat38XVSS1-SjD5AkG2GZrb_WFkg
www.mdsec.co.uk/	1970-01-20 06:01:13	Name: ppwp_wp_session Value: 3ba43973701f61512741c9c54f1b5091%7C%7C1663273234%7C%7C1663272874
.mdsec.co.uk/	1970-01-20 15:37:11	Name: _ga Value: GA1.3.1327402761.1663271436
.mdsec.co.uk/	1970-01-20 06:02:37	Name: _gid Value: GA1.3.586681716.1663271436
.mdsec.co.uk/	1970-01-20 06:01:11	Name: _gat_gtag_UA_67981177_1 Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/(Line 455) Message: Allow attribute will take precedence over 'allowfullscreen'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
p.typekit.net
use.typekit.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.mdsec.co.uk
104.26.3.136
2600:141b:13::17d7:82eb
2600:141b:9000::1725:7ba0
2607:f8b0:4006:809::2003
2607:f8b0:4006:81d::2008
2607:f8b0:4006:81f::200e
2607:f8b0:4006:821::2004
2607:f8b0:4006:824::2003
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
013819d7b7a0fdd92a0e5d867f96eb71a30762b765158334b0b8fee446e56782
02443bf6aacd5730af51edc4cde8456e1da7602a14ede9b4e566031d5221d0bc
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
0865744c0a9a34107e8c597c6a276f2d90bb356564bedc47937e26866e2b409c
0d8f2f8fd49dcb94cde58a0fed9c6bac0f8782e2d79ce44753a0b035a4e28236
0da6bc6c7ff25e38a11e857da732f735df8ca40ba0928a4a526f603692c70ef4
0f5e9e83ad407689dddf4694f0a45ec08a3baf6bf8c529b6fb4b37cecffe9fbe
15bc019039cf3721d8977f306a51dce3b3047dd7a7819707074f587b44c766da
1a301206e89878539ecc0c54fb3434d1c742c8054a5d71bff999762523b10f42
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1ea4fe17ee701a988c4ef2b9d72534585628ac1453b1be36cd0d3360477887f1
20a22e2a0610fa88287f0f8a033e1f8c5fb3abb7f0a0d527115b6ce3dde328a1
2278cada41d2bcc06dfa905b1e859133291c58dc7fb209a57f9f5d02c11a92e5
23b980d1f524beaf99d21ba3a8ba8090755c0798f0be1a67d2e7721ab71e63ec
291ad534a97aee9357374be887cd93552d210094844c6f7fcec15266c8403afd
29eef92e34ed6239dd09b29607a7029b11315337e3ce1a0c170b3e903f2e386c
2ac1dec2ea676653dc33c1dc718636434357b352fd07d6bf9750c69250191abc
2af98db13f5bf45514ff01258232df46f5f61bdaf210a4fd5f217137b08226c3
3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165
3b7ee6042ce80ceaf4f3a6b7f935c9e443bd02f447e862d92bffb59418cc6534
3d94d48861ea4d1585e765d393147dafc3df44e3f33a2150b944bca4815cf9e4
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44362f7dd6a3d253f5046f3595ba95df1db22d0f26dd39afacd0916f620921c8
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
49abddbaff51eae72fa78275c2607af206de069d9c383d2fd3e07df45d5989b7
50aeef74b417f88c04b45b2afa74a07214cad46167a729eca6f84d51baa246f6
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5e0d466d27a562d7eba7d5ff6422c262de499bf9ba26c3406d52c1dbe19b28b5
6662863c1a235e81fbfb55faafa502d0e8b5b33dd62e782f6cac6df42ace9b0f
66b5ab3e1b66bf24129603095a33218c7c9b7c43a7a15a6f7068d14f6127dca5
6ad3e1520bc8572f081d3ae6e7b7e2f64ec89fd6d6353a2d646ee20444ccad24
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6be5fd788129e04855a57c5ba54a1a991d0f63671df6b8e2bec2938354f226a1
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7e5467e321f1c92494ca07fedb64bd86961ffe2f73e78aade3a79a4004b6d8be
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8a26f948122b1fe863bae3e65f7a64893e6e29e8e760ac075654174f96171cdd
8c2230e1348d437f591bf23a319992999e4869ab9aef142861ae206b05ec1be4
8f6536bbfb33075bc0f728004e832533cbb3edc069044b78ed429ba63fb769c5
90931fff790b11e065ea5d70ac6de525832e49278278dd2805299d4323f85423
96d9b29b2a6d1cc397c0efdfa8bafdc220b090f765e4085fd74e18145de864fc
97db82777bfefb7151846ef3cb93a3bc2d5739eaf4035e7431ba6bf6b4a3ec53
9a834dbfee704111fe2fad38f37d89476b172e522e3a369b3099ef5835090b31
a17c9f956c273c76bbf16f276bd91e57f52291baf9c275c90242e48bd755225f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6b4dbff2d0fd199b80431665e75354c98cdaed9c263ced5487fdc8062710851
b05b6b6c910c0f6630864ed0257f08ad711d6a479c2aa10dc5ce7824eebf3dfa
b1d854df9d02c9b5d4e269e42d4df0c88cd2bac36f69bfdd46e414605ed43348
b33a241177830aaa4985fdd60c9fd86721c5e0404e1f2e33543c56c72fb22596
b3fc0b31022856f1cfdf6fa4833faff7f7388ca32d0bccb5affc71760cfdf0ec
b82d20340f79d1fa2e899444fac807e9ac3a28a6acedae896237a5b569b53545
c85a06b6b153a20bee68c444278de4d8cd478ea28bb904f42f3aaee2def88d09
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
c9f426305c9ba18d2b7594d3328050da20fa9db95661bd0af22c99c3ef90b101
cae3ed47c98e8d9214647b687fbba2690dca19d9da6294578b82251a6d9cd17f
caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d0347e75b294f69b5791adfbbde35ce933dbbb1a68dab216153a4b095b8e5ed9
d1b6b29514af75ee9f3efcc5fa2aa5afa9e6b6d9664dded2f96191cd9da60c09
d75bacb8a9f1c159d75122ccb63902a6e0f763d8cc12d9914d4839111bacce7d
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
f4c3e90bcdf3537573f311c5698cdfa80baca9a2d06c0891a038515e464f9ffd
f7ffbb239329c26e35510135c2d95d2efe46fd23e93c6382b012ec0174f10695

www.mdsec.co.uk Open in urlscan Pro 104.26.3.136 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

72 Requests

100 %HTTPS

88 %IPv6

6 Domains

8 Subdomains

8 IPs

1 Countries

1268 kBTransfer

2821 kBSize

5 Cookies

20 Outgoing links

Page URL History

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mdsec.co.uk Open in urlscan Pro
104.26.3.136 Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

100 %
HTTPS

88 %
IPv6

6
Domains

8
Subdomains

8
IPs

1
Countries

1268 kB
Transfer

2821 kB
Size

5
Cookies

72 HTTP transactions
0 data transactions