www.getastra.com Open in urlscan Pro
172.67.166.136 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Submission: On September 29 via manual (September 29th 2021, 2:04:35 am UTC) from US — Scanned from DE

Summary HTTP 107 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 35 IPs in 4 countries across 28 domains to perform 107 HTTP transactions. The main IP is 172.67.166.136, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.getastra.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 7th 2021. Valid for: a year.

This is the only time www.getastra.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	172.67.166.136 172.67.166.136	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.19.94 104.16.19.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY)
1	142.250.185.74 142.250.185.74	15169 (GOOGLE) (GOOGLE)
4	151.101.65.229 151.101.65.229	54113 (FASTLY) (FASTLY)
1	104.17.10.26 104.17.10.26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.168 142.250.186.168	15169 (GOOGLE) (GOOGLE)
9	142.250.185.206 142.250.185.206	15169 (GOOGLE) (GOOGLE)
1	142.250.185.202 142.250.185.202	15169 (GOOGLE) (GOOGLE)
6	18.66.112.117 18.66.112.117	16509 (AMAZON-02) (AMAZON-02)
4	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
6	104.18.29.91 104.18.29.91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.69.226 172.67.69.226	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.21.66.247 104.21.66.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.186.78 142.250.186.78	15169 (GOOGLE) (GOOGLE)
1	18.66.122.38 18.66.122.38	() ()
1	13.32.121.127 13.32.121.127	16509 (AMAZON-02) (AMAZON-02)
2	104.26.1.112 104.26.1.112	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK)
7	104.26.3.186 104.26.3.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	46.105.201.116 46.105.201.116	16276 (OVH) (OVH)
1	44.240.205.144 44.240.205.144	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 3	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
3	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
1	142.250.184.225 142.250.184.225	15169 (GOOGLE) (GOOGLE)
1	142.250.185.86 142.250.185.86	15169 (GOOGLE) (GOOGLE)
1	108.177.15.154 108.177.15.154	15169 (GOOGLE) (GOOGLE)
2	185.60.216.35 185.60.216.35	32934 (FACEBOOK) (FACEBOOK)
2	216.58.212.163 216.58.212.163	15169 (GOOGLE) (GOOGLE)
2	104.26.2.186 104.26.2.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.207.24.13 35.207.24.13	15169 (GOOGLE) (GOOGLE)
1	52.222.236.80 52.222.236.80	() ()
107	35

28 172.67.166.136 (United States)

ASN13335 (CLOUDFLARENET, US)

www.getastra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dash.getastra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.19.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.65.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.10.26 (None, )

ASN13335 (CLOUDFLARENET, US)

instant.page	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f14.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.66.112.117 (United States)

ASN16509 (AMAZON-02, US)

uploads-ssl.webflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.29.91 (None, )

ASN13335 (CLOUDFLARENET, US)

client.crisp.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.69.226 (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.66.247 (None, )

ASN13335 (CLOUDFLARENET, US)

api.getastra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.38 (United States)

ASN- ()

cdn.letconvert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-127.fra60.r.cloudfront.net

script.tapfiliate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.1.112 (United States)

ASN13335 (CLOUDFLARENET, US)

app.convertful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.19 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-frx5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.26.3.186 (United States)

ASN13335 (CLOUDFLARENET, US)

app.getbeamer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.getbeamer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
realtime.getbeamer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.116 (France)

ASN16276 (OVH, FR)

dc.cux.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.240.205.144 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-205-144.us-west-2.compute.amazonaws.com

8s3p7omfd6.execute-api.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f1.1e100.net

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.86 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f22.1e100.net

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.177.15.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-frx5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.163 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.2.186 (United States)

ASN13335 (CLOUDFLARENET, US)

backend.getbeamer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.207.24.13 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 13.24.207.35.bc.googleusercontent.com

whatsnew.getastra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.80 (None, )

ASN- ()

serve.albacross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	getastra.com www.getastra.com api.getastra.com whatsnew.getastra.com dash.getastra.com	383 KB
9	getbeamer.com app.getbeamer.com backend.getbeamer.com static.getbeamer.com realtime.getbeamer.com	47 KB
9	youtube.com www.youtube.com	681 KB
6	crisp.chat client.crisp.chat	143 KB
6	webflow.com uploads-ssl.webflow.com
5	doubleclick.net 1 redirects googleads.g.doubleclick.net static.doubleclick.net stats.g.doubleclick.net	3 KB
5	cloudflare.com cdnjs.cloudflare.com	116 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	77 KB
4	jsdelivr.net cdn.jsdelivr.net	30 KB
3	google.com www.google.com	14 KB
3	google-analytics.com www.google-analytics.com	57 KB
2	google.de www.google.de	586 B
2	facebook.com www.facebook.com	443 B
2	facebook.net connect.facebook.net	170 KB
2	convertful.com app.convertful.com	32 KB
2	googletagmanager.com www.googletagmanager.com	89 KB
2	googleapis.com ajax.googleapis.com fonts.googleapis.com	7 KB
1	albacross.com serve.albacross.com	5 KB
1	ytimg.com i.ytimg.com	28 KB
1	ggpht.com yt3.ggpht.com	3 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	amazonaws.com 8s3p7omfd6.execute-api.us-west-2.amazonaws.com	252 B
1	cux.io dc.cux.io	21 KB
1	tapfiliate.com script.tapfiliate.com	12 KB
1	letconvert.com cdn.letconvert.com	11 KB
1	ipapi.co ipapi.co	897 B
1	instant.page instant.page	1 KB
1	imgur.com i.imgur.com	300 KB
107	28

	Domain	Requested by
24	www.getastra.com	www.getastra.com
9	www.youtube.com	www.getastra.com www.youtube.com
6	client.crisp.chat	www.getastra.com client.crisp.chat
6	uploads-ssl.webflow.com	www.getastra.com
5	app.getbeamer.com	www.googletagmanager.com app.getbeamer.com whatsnew.getastra.com
5	cdnjs.cloudflare.com	www.getastra.com cdnjs.cloudflare.com
4	dash.getastra.com	www.getastra.com dash.getastra.com
4	cdn.jsdelivr.net	www.getastra.com www.googletagmanager.com
3	www.google.com	www.youtube.com www.getastra.com
3	googleads.g.doubleclick.net	1 redirects www.youtube.com www.googleadservices.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	backend.getbeamer.com	app.getbeamer.com
2	www.google.de	www.getastra.com
2	www.facebook.com	www.getastra.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	connect.facebook.net	www.getastra.com connect.facebook.net
2	app.convertful.com	www.googletagmanager.com app.convertful.com
2	api.getastra.com	www.getastra.com
2	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
2	www.googletagmanager.com	www.getastra.com www.googletagmanager.com
1	serve.albacross.com	www.getastra.com
1	realtime.getbeamer.com	whatsnew.getastra.com
1	static.getbeamer.com	app.getbeamer.com
1	whatsnew.getastra.com	app.getbeamer.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	www.googleadservices.com	www.googletagmanager.com
1	8s3p7omfd6.execute-api.us-west-2.amazonaws.com	cdn.letconvert.com
1	dc.cux.io	www.getastra.com
1	script.tapfiliate.com	www.googletagmanager.com
1	cdn.letconvert.com	www.googletagmanager.com
1	ipapi.co	cdnjs.cloudflare.com
1	fonts.googleapis.com	ajax.googleapis.com
1	instant.page	www.getastra.com
1	ajax.googleapis.com	www.getastra.com
1	i.imgur.com	www.getastra.com
107	38

This site contains links to these domains. Also see Links.

Domain
securityscan.getastra.com
dash.getastra.com
twitter.com
www.facebook.com
www.youtube.com
medium.com
www.trustpilot.com
www.capterra.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-07` - `2022-07-06`	a year	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-30` - `2022-06-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
uploads-ssl.webflow.com Amazon	`2021-09-27` - `2022-10-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
crisp.chat Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
cdn.letconvert.com Amazon	`2021-09-10` - `2022-10-09`	a year	crt.sh
tapfiliate.com Amazon	`2020-11-20` - `2021-12-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-09` - `2021-12-08`	3 months	crt.sh
dc.cux.io R3	`2021-08-17` - `2021-11-15`	3 months	crt.sh
*.execute-api.us-west-2.amazonaws.com Amazon	`2021-08-01` - `2022-08-30`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
whatsnew.getastra.com R3	`2021-09-15` - `2021-12-14`	3 months	crt.sh
*.albacross.com Amazon	`2021-08-23` - `2022-09-21`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Frame ID: 3A0CA46BC7ED34BC1FA3EEDA4EE2DBE5
Requests: 82 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
Frame ID: E241727C37C15808E0E21C4E9210A8D4
Requests: 18 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8783CF66254DAE7DBB29474DA30CB264
Requests: 1 HTTP requests in this frame

Frame: https://whatsnew.getastra.com/utilities?app_id=VKmdxiII13240
Frame ID: B1DD39B8645BBF2BC19EC2ADD2CDF16C
Requests: 4 HTTP requests in this frame

Frame: https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110
Frame ID: 3306ECAC1A3785FE2BE0346EC988EF0D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hacked wp-admin loads different UI | Astra Website Security

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

YouTube (Video Players) Expand

Overall confidence: 100%
Detected patterns

<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/(?:([\d.])+/)?highlight(?:\.min)?\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

107
Requests

100 %
HTTPS

0 %
IPv6

28
Domains

38
Subdomains

35
IPs

4
Countries

2244 kB
Transfer

6580 kB
Size

22
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://securityscan.getastra.com/
Title: Resources

Search URL Search Domain Scan URL

URL: https://dash.getastra.com/
Title: Sign in

Search URL Search Domain Scan URL

URL: https://twitter.com/getAstra

Search URL Search Domain Scan URL

URL: https://www.facebook.com/getAstra

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/CzarSecurities/

Search URL Search Domain Scan URL

URL: https://medium.com/astra-security

Search URL Search Domain Scan URL

URL: https://www.trustpilot.com/review/getastra.com

Search URL Search Domain Scan URL

URL: https://www.capterra.com/p/162941/Astra-Security/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

107 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request wordpress-security-hacked-wp-admin-loads-different-ui Show response
www.getastra.com/e/malware/infections/ 30 KB
9 KB 313ms
249ms Document
text/html 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86b73b53ce39ec4c1ef0d37d47bae6ba71d2888ada66f9b32a72671807bcf2c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.getastra.com
:scheme: https
:path: /e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate max-age=0, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
set-cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; expires=Wed, 29-Sep-2021 04:04:28 GMT; Max-Age=7200; path=/ ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh; expires=Wed, 29-Sep-2021 04:04:28 GMT; Max-Age=7200; path=/; HttpOnly
content-security-policy: upgrade-insecure-requests;
vary: X-Forwarded-Proto,Accept-Encoding
x-mod-pagespeed: 1.13.35.2-0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: same-origin
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2%2Br2ePTLiBnN3Ylsm%2BMd9ub18XoBFBg57Ag56dCawXif%2Fnu2lZq1QM8Buexxcs3udY8nYXEjSQf4tE4GilXYq6Zq0icli1eRnexhPx4MUAMlN060FLGfu1oPvhE10MyKX0W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 6961a415fab83a35-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 jSscO-IEdbgOmqabm4JqEfVEIAc.js Show response
www.getastra.com/cdn-cgi/apps/head/ 7 KB
3 KB 24ms
22ms Script
application/javascript 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/cdn-cgi/apps/head/jSscO-IEdbgOmqabm4JqEfVEIAc.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd71a9264f56c0d43f3122826b3c21ee9b41157fc7065d5acba749a045d28802

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/head/jSscO-IEdbgOmqabm4JqEfVEIAc.js
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2942728
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 1S4ST1XRMYC6D747
x-amz-id-2: ApoMPaVaIZwwco3IMpdPHRLDxKZqpOU8ybKqjdB+w2le2+jfST4m19ZC+9uY8z7zsm49TzED+FA=
last-modified: Thu, 19 Aug 2021 13:00:22 GMT
server: cloudflare
etag: W/"b89917619835640b33426f5fad66fd5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9bp4vIg2rWyhWDwZ6OXSn7kGNNnqiq8b09yTZhTm00qo%2FYDh%2F5vdh%2Bg%2BNuROzO0nGr58Ddqx4yV3NWORzs8HeURI%2Fvhn%2B8z6n02i0yTaYQJxhVF6G%2B9krOSB4UFfni8HI3h"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: abxbh0KptqvM3rNdnSvV2t_podgV3Fmo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6961a417eb7a3a35-CDG

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/ 27 KB
6 KB 38ms
14ms Stylesheet
text/css 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2871823
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4972
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-6b4a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNufreYlN%2B4DRBW4p5gNVZ7OURYhnkz%2FdnOOvjoX6emei6pSudDNq0tYdjd8kX7SbvtWzrZltcm%2FJtK%2BV25OqXKwNc7G6llmYg%2Bo7fz0Dj9kpM0a1oh7Wi3nUyJ0h4zj6cj8N3ke"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6961a4180fc92151-DUS
expires: Mon, 19 Sep 2022 02:04:28 GMT

GET
H2 200 A.bootstrap-paper.min.css.pagespeed.cf.dO0pqsU8jU.css
www.getastra.com/assets/bootstrap/css/ 135 KB
23 KB 27ms
25ms Stylesheet
text/css 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/bootstrap/css/A.bootstrap-paper.min.css.pagespeed.cf.dO0pqsU8jU.css

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6b3232b77f68d4305c4c6422e1e6f01fbddbd3cd38f6be9e2d28be3de52ff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /assets/bootstrap/css/A.bootstrap-paper.min.css.pagespeed.cf.dO0pqsU8jU.css
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-original-content-length: 141235
age: 457343
cf-polished: origSize=139327
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sat, 04 Sep 2021 03:19:26 GMT
server: cloudflare
etag: W/"0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3OSpfj6XfNIfdlULVbs8r8JAJQsx7oGvTBdHcvfPG%2BFlYQE3IKDGattVuyqYKjTz9Z7%2FjFjNv5XbCX7RSwvyhXQpjHmSW%2BpioytSTWmWgLFUD%2BW8qY%2FNrsSNhIHMRB6jvpCf"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-bgj: minify
cache-control: max-age=31536000
cf-ray: 6961a417eb7b3a35-CDG
expires: Sun, 04 Sep 2022 03:19:26 GMT

GET
H2 200 style.css
www.getastra.com/assets/css/ 75 KB
16 KB 24ms
23ms Stylesheet
text/css 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/css/style.css?v=1.5.49

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d5edfa980907259bcfd97e5a2c7588aeff65ba961bad422963f48d415ed0f18

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /assets/css/style.css?v=1.5.49
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-original-content-length: 101912
age: 2922755
cf-polished: origSize=77221
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-xC14WiON7t"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ok4mc0PaWMGy5X4UNJDrU92Oj1d%2FazYpgxg%2Bt5DEbbSXdDwuhsQ%2BpxcWGqrRMLGONvNWc1rX%2BrB4euZFiJbtD3rV0QXkMFbWdRH4lcvi%2FIFC5LE2w9z4OafSJtkLjIwHwNg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=31513369
cf-ray: 6961a417eb7c3a35-CDG
expires: Thu, 25 Aug 2022 23:54:43 GMT

GET
H2 200 A.pricing.css,qv=1.5.49.pagespeed.cf.dZglwEeWVs.css
www.getastra.com/assets/css/pages/ 12 KB
3 KB 36ms
36ms Stylesheet
text/css 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/css/pages/A.pricing.css,qv=1.5.49.pagespeed.cf.dZglwEeWVs.css

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a090a7422999f24c113ae123ca7b9b9f51a4ee590e22d2a60f3f25f03a464cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /assets/css/pages/A.pricing.css,qv=1.5.49.pagespeed.cf.dZglwEeWVs.css
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-original-content-length: 17265
age: 2918556
cf-polished: origSize=12312
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 26 Aug 2021 00:02:25 GMT
server: cloudflare
etag: W/"0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVubbZoDHXCmNUt9IWZhHrjw94DAN7VI%2FEUAPQ6p1RpZA86OX6bOlVNGTUSxXjW8APdW%2FwAWQ0c%2BydFJGU5JwAY5BAr2a0dfG6VLGDpajg2TJ2l%2BpA5vm%2BDTCbzb5u14zPvn"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-bgj: minify
cache-control: max-age=31536000
cf-ray: 6961a417eb7d3a35-CDG
expires: Fri, 26 Aug 2022 00:02:25 GMT

GET
H2 200 e.css
www.getastra.com/assets/css/webflow/ 7 KB
2 KB 187ms
186ms Stylesheet
text/css 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89a272899871a1ab98bb380c3de55251b6a0cd7f81ef38952badb085d22b9338

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /assets/css/webflow/e.css?v=1.5.49
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcdeSZ3R2ki7ynhwMj32BCUGrBUNROU0sMtmbFCZtrUj2rTVQr62VbbrBhQuPx6rA6YfkXrko3QSQR6fENNvXMmxT6hxVX%2FNQgrfhgwSwQ0Pj%2BC%2B2febduEPrEmDq%2Bx%2BN5r8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=691200, s-maxage=10
cf-ray: 6961a417eb7e3a35-CDG
expires: Wed, 29 Sep 2021 02:09:28 GMT

GET
H3 200 modernizr.min.js Show response
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ 11 KB
5 KB 14ms
14ms Script
application/javascript 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 546641
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3980
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f26-2b4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEQME%2BgdRcyz6cqGvWPB0qNNh6B%2BqqWk5QSS0LK5BMF7NAwrqxWYXiOVN1JYdHQAYSuRpOmZXg3m4vBaNZEyCR8wAVsnW8560qNyx2TVu5z7edkyqdslKYRZPIfFSfBbDEXu1BmC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6961a41908882151-DUS
expires: Mon, 19 Sep 2022 02:04:28 GMT

GET
H3 200 astra-logo.svg
www.getastra.com/assets/images/webflow/ 5 KB
3 KB 30ms
29ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/astra-logo.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b2bec94e6e2ff2b4fb08ac2529266dbd6b3f595c9a2c6fa88115f788273579b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/astra-logo.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2358
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ugQwvSCzFq3lTmy9eRQoc%2Bdb%2Bn7j%2FeZ5eMWo6E7lq%2B5kTU%2FANazYaxDzxX30mnMqHVvLnkSMHNpkXtwU83N%2BvJ%2BY2MmHnuCQyANzqK6twU%2FDOIVqmCWVRs9txox8QDzyZ1kE"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4191c7a403d-CDG

GET
H3 200 warning.svg
www.getastra.com/assets/images/webflow/ 1 KB
1 KB 25ms
24ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/warning.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2c14ae540b4cb971a62da8309565fe9d0c78e767fd2071bf53cae5bc87cdab5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/warning.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2358
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N6nuRTQgtErRUBlvAg3JG0KdFw1yYSvdIM8EDY4TltBjKq8Ux6KG7%2BIwXNrXNes%2FYxJOXeOrKaGQFWL2b4Ql7Hy33m7XHOBVeRuVk%2B5S2KmPuj1uYWyz%2Bh1FUKDVimXbNrdd"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4191c7c403d-CDG

GET
H2 200 A8w5ud6.png
i.imgur.com/ 299 KB
300 KB 57ms
25ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/A8w5ud6.png

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

739865a043e533c69bd6fc5017f4831ab770a2932e48d54a1fa58a96774fe7ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
x-content-type-options: nosniff
age: 224809
x-cache: HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 306179
x-served-by: cache-bwi5127-BWI, cache-fra19142-FRA
last-modified: Fri, 01 Jun 2018 17:27:25 GMT
server: cat factory 1.0
x-timer: S1632881069.000492,VS0,VE2
etag: "90a64e8bbebdc3de556482fe5f6158db"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H3 200 astra-logo-white.svg
www.getastra.com/assets/images/webflow/ 5 KB
3 KB 40ms
39ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/astra-logo-white.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85001e4a67ca0e1d705e757a4fd84271865d3757a361c9aec1f461ed02612ccb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/astra-logo-white.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2358
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gc2Asyi4bSPDVTd%2BB9Kh%2BHlP8yzn8nZniHb7kjM%2B8qWXAE2i%2FT%2FBBZW1yJ%2Ble%2BCyDw2KZrAzQDXBxaUBehhLXBmSesSDsXI6Lh26RFpmzTr628TVJiWncVayoXUrVi40sxdb"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4191c7d403d-CDG

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 13 KB
6 KB 69ms
20ms Script
text/javascript 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 13:42:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44524
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Wed, 28 Sep 2022 13:42:24 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.0/ 95 KB
30 KB 27ms
15ms Script
application/javascript 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.0/jquery.min.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 50297
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 30405
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-17c52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAUKfFHANq3c%2BkzOsgpkTvTTM3eLwM2gq3mE9683uk3hN5AJ3IMb%2Bp4ueNXYbak2h8dxW0hJ%2F%2B420KXGM3Iq7tk5WhlkbdCTI%2FS%2FvK9%2BkoDoJH4Sljlu%2BeFlxCWhn1vqD18MLdoC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6961a418a8362151-DUS
expires: Mon, 19 Sep 2022 02:04:28 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/ 36 KB
9 KB 15ms
14ms Script
application/javascript 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 53019
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8654
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-9004"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6H10KQGUuVOPIESfomzw5ryt%2FVnN%2Bd7QqJlXwHybCtccp8ppS2go%2FwJBNnlmAFMk3mj24bVUsUUIlrwDTroCub3Xs%2BhY7hk1S8oo20r%2Fa2OybSQTuqqa82K3KS7nNM7y2NIlHZ9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6961a418d85f2151-DUS
expires: Mon, 19 Sep 2022 02:04:28 GMT

GET
H3 200 main.js Show response
www.getastra.com/assets/js/ 13 KB
6 KB 206ms
205ms Script
application/javascript 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/js/main.js?v=1.5.49

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c0bd7613f38fc5ba7da3d0edfb2acefbf309df478c3c69119d2c4e9d5665805

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /assets/js/main.js?v=1.5.49
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-original-content-length: 19689
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-DnlZTQyUlY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrPtCAiVTVEDCbuqQDRJHJW3KtJqBAj9VsyoyuTDsQIts0v1KgYkE6JaiZ1nvX3zNaQZONa%2Bz15lUka7VZ%2FEdZVxYNuwxPrigS%2BJZeCWbGp%2FOBs%2Fkf3BbttnBztCvAtGBMdT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=691200
cf-ray: 6961a418ec61403d-CDG
expires: Mon, 06 Sep 2021 09:12:45 GMT

GET
H2 200 highlight.min.js Show response
cdn.jsdelivr.net/highlight.js/9.11.0/ 45 KB
19 KB 23ms
7ms Script
application/javascript 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/highlight.js/9.11.0/highlight.min.js?ver=0.6.2

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f9b8554da46627f734ede57cd2753c803d9c041174ad891fd6dc6a5e5adbbdbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1679753
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
content-length: 18660
etag: W/"b35f-8M24mvS309deb9M1qD22HN2GzRo"
x-served-by: cache-fra19143-FRA, cache-hhn4062-HHN
date: Wed, 29 Sep 2021 02:04:28 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 3.0.0 Show response
instant.page/ 2 KB
1 KB 87ms
20ms Script
text/javascript 104.17.10.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://instant.page/3.0.0
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.10.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f0ad9f3ff31904d6a4962296240ac2afa342ab957442389db0d04a33b40ef78

Request headers

Referer
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 6961a4197d0dfaee-DUS

GET
H3 200 HDBaI3TEfOa-RZ1-tgLDoxABaUE.js Show response
www.getastra.com/cdn-cgi/apps/body/ 33 KB
12 KB 30ms
29ms Script
application/javascript 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/cdn-cgi/apps/body/HDBaI3TEfOa-RZ1-tgLDoxABaUE.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/cdn-cgi/apps/head/jSscO-IEdbgOmqabm4JqEfVEIAc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7cd3e4c127daccac292779eae92b1b8b644772efb0bcdf4ced7ef7a73a8286b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/body/HDBaI3TEfOa-RZ1-tgLDoxABaUE.js
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2942728
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 1S4YJETKNMX5098E
x-amz-id-2: tYRnahuUNiXOHX8vLISrePq/8W2qbqJPJ1T3gO0iUTwbdF1Ie5Te2HEjX5XP/6+KYixnBnX+1SI=
last-modified: Thu, 19 Aug 2021 13:00:21 GMT
server: cloudflare
etag: W/"5cdb6552f6a72755b9c180c02d8ed6cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1qx%2Bs1P7DGiusZSwQy8HrDlHOIRCqKNY5qktcU8m4pPSzlZik5m1egvBmFhGRBkLL0AvjerTkDj0IOpEqtEBIjUxGpLonIRXU%2FJpsQKNbdH%2FMI9fawZIBOhrlchLUMctUrn"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: f12jJHZOrYUnDei4A1SCtU_DfS8Xd8bL
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6961a4191c7e403d-CDG

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 153 KB
50 KB 108ms
40ms Script
application/javascript 142.250.186.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6d5d82a85ace762f6478baf666e059daab9861bed98da094ec6102a3aa35a3fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51004
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Sep 2021 02:04:29 GMT

GET
H2 200 ScFVHeKZD60 Show response
www.youtube.com/embed/ Frame E241 56 KB
24 KB 160ms
88ms Document
text/html 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

ESF /

Resource Hash

475d5877118470a57e6861b9518b12befcbc3fe202a3cc291dc213eedec53425

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 29 Sep 2021 02:04:29 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"
report-to: {"group":"AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=40jJb7mf8Lc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=CIFj6JYURCQ; Domain=.youtube.com; Expires=Mon, 28-Mar-2022 02:04:29 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+231; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 MarkProMedium.otf
www.getastra.com/assets/fonts/ 158 KB
64 KB 195ms
194ms Font
application/font-sfnt 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/fonts/MarkProMedium.otf

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.getastra.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
:path: /assets/fonts/MarkProMedium.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3iskaCJNt9viGeAj4xQbKRAHD2G4UV%2Ba67ja3vshFYti1UNFeeJ2LNwWXIT7glSRbcU7AyzzVJIu8Yfhp%2Fkit3Pq6%2B86aiwRJCzlmkY9GSCYLCUlNXWEl0T%2BTjxvoD%2BiNekQ"}],"group":"cf-nel","max_age":604800}
content-type: application/font-sfnt
cache-control: max-age=691200, s-maxage=10
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4192c81403d-CDG

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/fonts/ 65 KB
66 KB 29ms
18ms Font
application/octet-stream 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f2721fcaed5436f55432318b274d1542e96753b56c6ec6cdbd1c0fdd46bc66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:28 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 545832
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 66624
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-10440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fk51avRGhsbunI6jqleuIOAksbQ6NnPTVk0198p%2BxqOqMWt9cqU9vY%2BwDuJBIVKwsebbNmRZlmJv4Z5aoOTWOtVLZDMAY20bGMEsK5b%2BBBua6fhLKi7ULFlvB88JO%2FrGKoT52KZC"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6961a4192cfefaf6-DUS
expires: Mon, 19 Sep 2022 02:04:28 GMT

GET
H3 200 MarkProBold.otf
www.getastra.com/assets/fonts/ 162 KB
67 KB 225ms
225ms Font
application/font-sfnt 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/fonts/MarkProBold.otf

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

979af22174e46123e6fb3c96d96360ba0ea7a5dbd00ae97ab1ebefae9c284d37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.getastra.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
:path: /assets/fonts/MarkProBold.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SuXMm%2B%2FHNLRa7Q32RB6FEzl9%2BlWj4SbwC0UnfYxP9IjOFzUreg0ce9mgn07UpVytb2uH24ZyXlWa8ztKf8j7HilvAZfZVlnAq8%2BOJpjOICAQ4hwpaJJCR4iLf5Xb5sepdLIZ"}],"group":"cf-nel","max_age":604800}
content-type: application/font-sfnt
cache-control: max-age=691200, s-maxage=10
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4192c82403d-CDG

GET
H3 200 MarkProHeavy.otf
www.getastra.com/assets/fonts/ 161 KB
67 KB 229ms
228ms Font
application/font-sfnt 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/fonts/MarkProHeavy.otf

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ee29eaed3e7871ec26a9015448275754abd192c89d0dd72ca1454451eee9d58

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.getastra.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
:path: /assets/fonts/MarkProHeavy.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ib8jmRWNAt64YnesMedi4GJPeOtSvPy9usS%2BEFYmsMdXJxirJzhv57aqHgKJo4E7qcBnkjb8xPZs8HtRRdttYAdxSPtGX5POuMGAh9cAYtcETRMHRaJO%2Fn32UmdhL%2B%2BsCFEV"}],"group":"cf-nel","max_age":604800}
content-type: application/font-sfnt
cache-control: max-age=691200, s-maxage=10
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4192c85403d-CDG

GET
H3 200 MarkPro-Book.otf
www.getastra.com/assets/fonts/ 118 KB
68 KB 250ms
249ms Font
application/font-sfnt 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/assets/fonts/MarkPro-Book.otf

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0dec0173dde5da3c461a6ab299b786e6e95ff0ab31a8952c8fb4698479bc8167

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.getastra.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
:path: /assets/fonts/MarkPro-Book.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7I56LkkwOpxAmPSbPiAIZTo%2FblkoveLFPPI%2Bm65%2Fb9AGsgej77MgqiueIIGeuUdfyl5wPuO86v81S8BdgoIxpZmEvmKY%2BHGKz2av%2Fym4E529ABIiBIz6unXfVApf2V6idvC"}],"group":"cf-nel","max_age":604800}
content-type: application/font-sfnt
cache-control: max-age=691200, s-maxage=10
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4192c86403d-CDG

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 95ms
34ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

8c0e5c2f898c9c6ae0c1aff2eca3068d28c9545f8b8c4458d912b27f93d7280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 01:02:04 GMT
server: ESF
date: Wed, 29 Sep 2021 02:04:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Sep 2021 02:04:29 GMT

GET
H3 200 angle-right.svg
www.getastra.com/assets/images/webflow/ 1 KB
1 KB 25ms
23ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/angle-right.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee17acf36679912939aa00c61b227af5a5ad28d55ebc38d4893e5e753628aa53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/angle-right.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpYNLJNd3zTpsor3v1DId8Iqeal%2BYLijkbDzfCFTgpGKEErFKFjzMrBcF70SCVm9iWZ6NHO2HDNh%2BDQ327FB7ax4hy9cd9IKj8hPCq%2Fgqe0k9EKXEUEYoVH7FYnHUM6kjvYR"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc0403d-CDG

GET
H3 200 tick.svg
www.getastra.com/assets/images/webflow/ 1 KB
1 KB 29ms
26ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/tick.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1411250814c4052f3001babbf9bb6c502281711c2b401958a0a481c662fed86

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/tick.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/webflow/e.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v9v2UIpocarQ6t7lB2kX%2BSsN7M6hKYNlvHmXTLq%2BfxfRCxtB%2F6Q3agQZ96yNrYRiMvP%2FT6Gd2abnXhewjOy2Fyb9py0AcPYG4dXGi0LM7h6ciUGv5L7quKs8Z9j8O1IX%2F06Z"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc1403d-CDG

GET
H3 200 social-twitter.svg
www.getastra.com/assets/images/webflow/ 3 KB
2 KB 29ms
26ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/social-twitter.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc0e65582c22595fe621e1101834879cec63b7ac5a1588105043f07f82b942a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/social-twitter.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S332aO5KscBcNA6hxsHsHKftu24WkgviXiD048T8kzBlCrFbz%2BqbQBSeCb0SPMz3VcAc5m6tFXZ9Wsw%2B6fhkkhxmpwXesnhju%2FJSPwm%2B%2F0soYtkwCv6AyInsEkhNtQ%2FZqPD6"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc3403d-CDG

GET
H3 200 social-fb.svg
www.getastra.com/assets/images/webflow/ 2 KB
1 KB 26ms
23ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/social-fb.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8098e4df09d2276b21109071061a2327c92b52ed141edaae441860c5fd6b3d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/social-fb.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8AeHXirwVa6e%2BXa09az9fhBPwwqlcRgV96PlzFxJ02LTwupHxHVlj6BjS3KnaVgLnkMP4F9vLD7e5eMxV1RlLUaZWQmHYBiTcC9isYzFaypCbYUiQ4lbizpt%2B3bm7%2BOIHXm7"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc4403d-CDG

GET
H3 200 social-youtube.svg
www.getastra.com/assets/images/webflow/ 2 KB
2 KB 30ms
26ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/social-youtube.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c89399e7b68f026fc9071b43d3f00940b09fe77b1510b0c8abbb27e609955f4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/social-youtube.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPVPOp3da4QVOb%2FOh%2BRNhPpM1yDYBuEznxBgBkkoBSvDF%2B0%2F2FWbWvoScop8tizmHFTbfYgDtJJi%2B%2F68J%2FU7%2BpI6GIqe66B%2F35xq0%2FHvmmcgv6%2Fn2X2O2PL%2FTQQ6CWelAVfI"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc5403d-CDG

GET
H3 200 social-wordpress.svg
www.getastra.com/assets/images/webflow/ 6 KB
2 KB 30ms
27ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/social-wordpress.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b10c68cdd92c01d2435f9c9e3d1d6ab9c6ed6cf331462dead92477ae093937f8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/social-wordpress.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8x3EFbhniFO74pVDejs17zxblMXauSVf658FT4%2B4L0FXgobMph7bnC%2FD2b0wSjPKOFXk%2BjoX%2FaoBQzSdyXQIbykrosvW0OGg6za1l%2BD%2FNdG3dP3SJ23U6SL9HD0GNdrNv1av"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc7403d-CDG

GET
H3 200 social-medium.svg
www.getastra.com/assets/images/webflow/ 2 KB
2 KB 30ms
26ms Image
image/svg+xml 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/webflow/social-medium.svg

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d275921adca68568ba61ebf050aebc9c31aead0870d54d8607f3c9b24573950

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /assets/images/webflow/social-medium.svg
pragma: no-cache
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.getastra.com
referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/assets/css/style.css?v=1.5.49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2359
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: same-origin
last-modified: Fri, 01 May 2020 07:04:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsOHhAilISl%2FVE0PF3SKmd3UWiavwt2cKOpU2sOks%2BLAKuV9hI1bBAmQqPQZAnz%2BujJIrLUHzmj2fsKofIa4XALOJMxFPqu%2Bs0yuhGLt20FIAYH7s3%2FwzXVBoaYjoh5K1JnO"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=691200
permissions-policy: accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
content-security-policy: upgrade-insecure-requests;
cf-ray: 6961a4197cc8403d-CDG

GET
H2 403 5e4e5258be89044117a2bc28_hf.svg
uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/ 0
0 153ms
105ms Image
application/xml 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e4e5258be89044117a2bc28_hf.svg
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 403 5e4e525a47c62011672f1121_ghc.svg
uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/ 0
0 428ms
379ms Image
application/xml 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e4e525a47c62011672f1121_ghc.svg
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 403 5e7a4421f2ca0326994c1ef6_299722.png
uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/ 0
0 154ms
105ms Image
application/xml 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a4421f2ca0326994c1ef6_299722.png
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 403 5e7a44217b761b2663556f63_299753.png
uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/ 0
0 434ms
386ms Image
application/xml 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a44217b761b2663556f63_299753.png
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 403 5e7a44210a14ec605636228d_299786.png
uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/ 0
0 435ms
387ms Image
application/xml 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a44210a14ec605636228d_299786.png
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 403 5e7a441f94560d6fc2906a62_299702.png
uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/ 0
0 437ms
389ms Image
application/xml 18.66.112.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a441f94560d6fc2906a62_299702.png
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/assets/css/style.css?v=1.5.49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 3 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ 44 KB
44 KB 87ms
24ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 17:04:31 GMT
x-content-type-options: nosniff
age: 464398
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44760
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 16:50:17 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 23 Sep 2022 17:04:31 GMT

GET
H2 200 l.js Show response
client.crisp.chat/ 8 KB
3 KB 62ms
15ms Script
application/javascript 104.18.29.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/l.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

589ee9b72c357818cdabb776e5b811d7a176fa6afe046bb00c3194826e3e6ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 38037
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 10 Sep 2021 15:29:30 GMT
server: cloudflare
etag: W/"613b79da-1e7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=86400
access-control-allow-credentials: false
cf-ray: 6961a41b09af21c3-DUS
access-control-allow-headers: Content-Type, Origin
expires: Thu, 30 Sep 2021 02:04:29 GMT

GET
H2 200 / Show response
ipapi.co/json/ 713 B
897 B 273ms
214ms XHR
application/json 172.67.69.226
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/json/

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.0/jquery.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.67.69.226 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

744235fdccb21018568eba1f1a4ca606c6f47bcdaaf32421e672d60ea1401a03

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
allow: GET, OPTIONS, OPTIONS, POST, HEAD
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Host, Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B28z7AHqDu5K3U25jM1m6PE2U6AHCpOLbyfGv58qcewtxWHK6xc8zaQbW6oTddy1EPrjDN%2FsxHWWMBxFqyfEUdTEP0zXN0ljl8nnwlrTn6GQxu84kvxfAwTG"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.getastra.com
cf-ray: 6961a41b19d040f3-CDG

OPTIONS
H2 200 events
api.getastra.com/public-api/v1/logging/ Frame 0
0 260ms
199ms Preflight
text/html 104.21.66.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.getastra.com/public-api/v1/logging/events

Protocol

Server

104.21.66.247 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.getastra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private max-age=0, no-cache
vary: Origin
access-control-allow-methods: GET, OPTIONS, POST, PUT, PATCH, DELETE
access-control-allow-headers: content-type, authorization
access-control-max-age: 3600
access-control-allow-origin: https://www.getastra.com
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99Hk6LNA9k5Lwz2YKn4IIfjqRmLpUk6TMGg7wyOlXPW8BEgT8XGCd6%2Bsu3yhpWNsOg2i3kLvN%2FQXqIV73blR%2BzNY23G4WCzJNYrnpr7CeVmPmMNThf%2B40H6dxS8JHJ%2Bp%2BoIS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6961a41cfae83b97-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 72ms
20ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 4349
date: Wed, 29 Sep 2021 00:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Wed, 29 Sep 2021 02:52:00 GMT

GET
H2 200 0e9eadcc8ebabd45e01a31ac5abd41a8.js Show response
cdn.letconvert.com/js/main/ 57 KB
11 KB 79ms
10ms Script
application/javascript 18.66.122.38

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.letconvert.com/js/main/0e9eadcc8ebabd45e01a31ac5abd41a8.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.38 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b21f1ab87f7778a3e6ae8b9aebff331b9a5cb8c8cca9d5676ad09abe02d3b081

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 08:37:10 GMT
content-encoding: gzip
last-modified: Tue, 18 Aug 2020 16:57:08 GMT
server: AmazonS3
age: 2222840
etag: W/"0ca3ecef3c5d9c9ad63854c27e6bdb23"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-storage-class: REDUCED_REDUNDANCY
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: W60PbM01mW6qbiYlAwm9WGh6f1SWX4JRbswI4tOuuZsJhvaNLJ-ebA==
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)

GET
H2 200 tapfiliate.js Show response
script.tapfiliate.com/ 11 KB
12 KB 50ms
7ms Script
text/javascript 13.32.121.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.tapfiliate.com/tapfiliate.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-127.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75cdd0cd8782116ba8444dabd993758b1b349843584c9631f4f24a4295b98940

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 20:19:38 GMT
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
last-modified: Fri, 10 Jul 2020 09:38:20 GMT
server: AmazonS3
age: 46578
etag: W/"3a5177f5482ab61da6a0eb7587446403"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 11599
x-amz-cf-id: 69pOv-UhjTH7ylzkKRonq6m8AoZbaiSyycxpvgHoWM9MF2ncJtfpUA==

GET
H2 200 Convertful.js Show response
app.convertful.com/ 53 KB
17 KB 98ms
31ms Script
application/javascript 104.26.1.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.convertful.com/Convertful.js?owner=4475

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.1.112 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b39174505617ab9bb4519602b789c69af8fa36459dbf7efe1f4d0732d74e63aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 613
cf-polished: origSize=54290
strict-transport-security: max-age=0; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: public
last-modified: Wed, 15 Sep 2021 16:05:27 GMT
server: cloudflare
etag: W/"614219c7-d412"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yf2HXoxqK4G6vXYsKNRSf9M8%2BRix%2FSoU7EawNOQt1rHj55rihalQ8FcMhC4Rc8X%2BVuyL%2FuXAU%2F6HHo6fkHqIuvtpYu%2FLTL2XqtXbSWNRaYaM%2F22QeVA6Wbm9XTPZzM%2FtVK1prw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-bgj: minify
cache-control: max-age=1800, public
cf-ray: 6961a41d0906dbef-LHR
expires: Wed, 29 Sep 2021 02:01:25 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 26ms
7ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-frx5.fbcdn.net

Software

Resource Hash

4b5e988359c30afd1d84b7a5118296f1fc33f4527d530b096ca27aa7fbfef99a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25969
x-xss-protection: 0
pragma: public
x-fb-debug: nOypK/1ZqBog9NXCJOM36aK1quARcPfDcG2HNVj0ihCRKb2s/YoTab3bwiwsZx7Uatcfut2zGdP1jZOYTpyVOA==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 29 Sep 2021 02:04:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 events Show response
api.getastra.com/public-api/v1/logging/ 72 B
705 B 327ms
299ms Fetch
application/json 104.21.66.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.getastra.com/public-api/v1/logging/events

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.66.247 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c80cbb49f1456d1b800f2486cca5a945e3b283a69ceda8728fba0f6592bac160

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LH03u1hfKeaS9qCTu1H1AVf4vqo3X3gN14fix7g82tYlax5eDpv4AzW8lMvkrjreEFeRUZaZm2riiLmyJUVfV9e9oS1NqY0d4eaeIUfmeutjcr4kthRU%2BNCjJnU1ULqoNvP5"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.getastra.com
access-control-expose-headers: link
cache-control: max-age=0, must-revalidate, private
cf-ray: 6961a41e7dbb69b6-CDG
expires: Wed, 29 Sep 2021 02:04:30 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 69ms
40ms Script
application/javascript 142.250.186.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-672227654

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c9f561b5d76865246ee0cdbe40e84093766cb1ba5eb2aab8694d00568e6e66c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39167
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Sep 2021 02:04:29 GMT

GET
H2 200 cookieconsent.min.css
cdn.jsdelivr.net/gh/ga-delivr/cookie-consent@latest/ 4 KB
1 KB 8ms
7ms Stylesheet
text/css 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/ga-delivr/cookie-consent@latest/cookieconsent.min.css

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5697bdf4d0c6463f169f852fd90a1d722f01fe07f5154a33259335dbe5806791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 9297
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 1220
etag: W/"100e-gRpRv7eni79UuhXRfgjn/KZ8H9g"
x-served-by: cache-fra19128-FRA, cache-hhn4062-HHN
x-jsd-version-type: branch
date: Wed, 29 Sep 2021 02:04:29 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 cookieconsent.min.js Show response
cdn.jsdelivr.net/gh/ga-delivr/cookie-consent@latest/ 22 KB
7 KB 9ms
8ms Script
application/javascript 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/ga-delivr/cookie-consent@latest/cookieconsent.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

48efdd0fffa872b868edf778aec4cd1bc99afeb30ef2cbee16f762f44ce39bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 5635
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 7065
etag: W/"5610-2anIc8m8ei6LNpV9z2HnPgHXbeg"
x-served-by: cache-fra19134-FRA, cache-hhn4062-HHN
x-jsd-version-type: branch
date: Wed, 29 Sep 2021 02:04:29 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 beamer-embed.js Show response
app.getbeamer.com/js/ 78 KB
19 KB 106ms
36ms Script
application/javascript 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.getbeamer.com/js/beamer-embed.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JQNQC6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bb902bfbe8dea2ba325509916a406428e7fee302db67ca7325c441b624ad036

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4890
cf-polished: origSize=80409
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 28 Sep 2021 14:15:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yquYph5RQOKlzd4ocdE474quwEPZkNjyMWkiBzv1kpsDJMauRh8khCjwGB2g3BRJfhjyNWFVHVhbmk0A8O%2FPz5jT6mqfFlE24nskwLIF0kNTJ6Tu6Tjv29%2BoL6CtPIXrvI6H"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cf-ray: 6961a41d1e2a6553-LHR
cf-bgj: minify

GET
H2 200 analyzer.js Show response
dc.cux.io/ 80 KB
21 KB 142ms
44ms Script
application/javascript 46.105.201.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://dc.cux.io/analyzer.js
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.105.201.116 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 921bedcfb68b5ce3310cc4d74fdaed60f673194dee68e5dfdbccce283d6831fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 00:47:16 GMT
content-encoding: br
last-modified: Mon, 13 Sep 2021 20:36:37 GMT
x-cdn-pop-ip: 137.74.120.0/27
etag: "613fb655-14125"
x-cacheable: Matched cache
content-type: application/javascript
cache-control: max-age=7200
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 21291
x-request-id: 543327888

GET
H3 200 www-player-webp.css
www.youtube.com/s/player/d82ca80e/ Frame E241 330 KB
45 KB 116ms
56ms Stylesheet
text/css 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d82ca80e/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

sffe /

Resource Hash

98246f79b1495fa4d547fc6bdff6a3de6cf8064d5cb9e5d877adee9171a7f99d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 04:53:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76263
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46472
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 00:00:24 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 28 Sep 2022 04:53:26 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/ Frame E241 201 KB
66 KB 114ms
55ms Script
text/javascript 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

sffe /

Resource Hash

045fd4ce57343257588e028026d314db88e7cc03aa84ec98ead1197bafe8c598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 17:15:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67318
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 00:00:24 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 28 Sep 2022 17:15:29 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/ Frame E241 2 MB
506 KB 134ms
75ms Script
text/javascript 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

sffe /

Resource Hash

8ac79395ad2c8c0efaf5a734544089eab4a8dce163f3b97f86d08921df5faafb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 01:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 347209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 518228
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 00:00:24 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 25 Sep 2022 01:37:40 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/d82ca80e/fetch-polyfill.vflset/ Frame E241 8 KB
3 KB 104ms
46ms Script
text/javascript 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d82ca80e/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 04:40:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77065
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 00:00:24 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 28 Sep 2022 04:40:04 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E241 15 KB
15 KB 103ms
62ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 09:07:47 GMT
x-content-type-options: nosniff
age: 61002
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Sep 2022 09:07:47 GMT

GET
H3 200 client.js Show response
client.crisp.chat/static/javascripts/ 384 KB
90 KB 73ms
50ms Script
application/javascript 104.18.29.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/javascripts/client.js?5147960

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/l.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.29.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c56e9da103cef51354e475a6a3431f75f3ce750edbdeaa68eaa43c7de08c49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 38010
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 10 Sep 2021 15:29:30 GMT
server: cloudflare
etag: W/"613b79da-6014f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6961a41dffcbfaf6-DUS
access-control-allow-headers: Content-Type, Origin
expires: Sat, 27 Sep 2031 02:04:29 GMT

GET
H3 200 client_default.css
client.crisp.chat/static/stylesheets/ 328 KB
40 KB 48ms
28ms Stylesheet
text/css 104.18.29.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/stylesheets/client_default.css?5147960

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/l.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.29.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35fb10c43bbcac422e48e9f6f35465e2a20b3f49c4d70e52c97fab3909fb72bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 38017
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 10 Sep 2021 15:29:30 GMT
server: cloudflare
etag: W/"613b79da-5216e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6961a41dffc8faf6-DUS
access-control-allow-headers: Content-Type, Origin
expires: Sat, 27 Sep 2031 02:04:29 GMT

GET
H3 200 js Show response
www.google-analytics.com/gtm/ 94 KB
37 KB 84ms
46ms Script
application/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-59XRP4S&t=gtm4&cid=1105668794.1632881070

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Google Tag Manager /

Resource Hash

059b026b3c39638a9338873cad632827df77e7f09698379c9b0bb452b327977a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38105
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Sep 2021 02:04:29 GMT

GET
H2 200 / Show response
8s3p7omfd6.execute-api.us-west-2.amazonaws.com/Production/ 34 B
252 B 611ms
250ms XHR
text/html 44.240.205.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://8s3p7omfd6.execute-api.us-west-2.amazonaws.com/Production/?reqdata=%7B%22location%22%3A%7B%22ancestorOrigins%22%3A%7B%7D%2C%22href%22%3A%22https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui%22%2C%22origin%22%3A%22https%3A%2F%2Fwww.getastra.com%22%2C%22protocol%22%3A%22https%3A%22%2C%22host%22%3A%22www.getastra.com%22%2C%22hostname%22%3A%22www.getastra.com%22%2C%22port%22%3A%22%22%2C%22pathname%22%3A%22%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui%22%2C%22search%22%3A%22%22%2C%22hash%22%3A%22%22%7D%2C%22domid%22%3A%225cb6ee645a914f99638b4572%22%2C%22device%22%3A%22desktop%22%7D&type=trackVisitorJourney
Requested by: Host: cdn.letconvert.com
URL: https://cdn.letconvert.com/js/main/0e9eadcc8ebabd45e01a31ac5abd41a8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.240.205.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-205-144.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: bccc360d018fbda432f547de40e03de4c4f5d37befce007f3c9802b76f8fc18f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 29 Sep 2021 02:04:30 GMT
x-amzn-requestid: c40e4ac5-d2c4-44c5-a8fa-e59768ccba6c
x-amz-apigw-id: GZxzQGgIvHcFzfw=
x-amzn-trace-id: Root=1-6153c9ae-29b7303702b12ad566ca2684;Sampled=0
content-length: 34
content-type: text/html;charset=utf-8

GET
H3 200 1463527970389398 Show response
connect.facebook.net/signals/config/ 490 KB
144 KB 352ms
334ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1463527970389398?v=2.9.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-frx5.fbcdn.net

Software

Resource Hash

0bc2aec1ed398028201e91e633934b280742841ccbee9f6aebf36567e3de2e3c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: ESaOhUPBuB3IQ9AsX7K1rJMzof1OpcG9TUjTP2Gv/ejhnNlsJnQE0Om4ge1krJukb7lSOROqrrzH/SfTeqOkdA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 29 Sep 2021 02:04:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 export Show response
app.convertful.com/api/widget/ 132 KB
15 KB 176ms
149ms XHR
application/json 104.26.1.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.convertful.com/api/widget/export?owner=4475&domain=www.getastra.com&subscriber_uid=null

Requested by

Host: app.convertful.com
URL: https://app.convertful.com/Convertful.js?owner=4475

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.1.112 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

765dbb0a7d8a1fc3cf52bccb6f1969d850e02565623fd20ccc15fdcb7157b0c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
etag: W/"7030f64f6733151945c79a4e01e04593ee81328c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l7nvcvDwkBoc3ly82lR1c4cyLQ%2FZhgra0OuhkkvAKhPVK87ggc4K1AYqoF7ZRcGRskvzh5Gijdkfpv%2FFEisVuc1i2%2FIVG7l9qDdAH122I5iAVkjhbZjuZ2Q5wq1mKKi2FszqTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.getastra.com
access-control-expose-headers: ETag
cache-control: private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6961a41ecc5965c8-LHR
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, ETag, If-None-Match, Cache-Control

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
14 KB 100ms
41ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-672227654

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

3b843d8505c200af17cdbf0a534faf3a5e6d41e67068387787984470ea717c97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14160
x-xss-protection: 0
server: cafe
etag: 14207842493151788310
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 02:04:29 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame E241
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

60ms
31ms

XHR
application/json

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

67d1674a7fd9aea9a8dfe9a8151eaacfe43878d9a002756c11f5d3fb05b44e79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame E241 29 B
424 B 85ms
23ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:00:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 265
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Wed, 29 Sep 2021 02:15:05 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 33ms
33ms XHR
text/plain 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2015467860&t=pageview&_s=1&dl=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui&ul=en-us&de=UTF-8&dt=Hacked%20wp-admin%20loads%20different%20UI%20%7C%20Astra%20Website%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEADRAAAAC~&jid=1442830829&gjid=179900027&cid=1105668794.1632881070&tid=UA-62532637-1&_gid=326233605.1632881070&_r=1&gtm=2wg9r05JQNQC6&z=1993720508

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.getastra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
client.crisp.chat/settings/website/b13579b1-ab47-49ee-b13a-d933e23722bc/prelude/ 78 B
493 B 104ms
104ms Script
application/javascript 104.18.29.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/settings/website/b13579b1-ab47-49ee-b13a-d933e23722bc/prelude/?callback=window.%24crisp.__spool.website_handler&2021-8-29-2-4

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?5147960

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.29.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16616f5bcc366b8db59f45daa8ecc1e41501abab19e3330525f8ed0e400811e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-credentials: false
cf-ray: 6961a4204918faf6-DUS
access-control-allow-headers: Content-Type, Origin
expires: Wed, 29 Sep 2021 06:04:30 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/ Frame E241 95 KB
29 KB 27ms
26ms Script
text/javascript 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

sffe /

Resource Hash

62b97aca219dc9aa7b073a1871afc7e9af2f5beea5df283c94841f53a264042c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 01:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 347210
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29952
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 00:00:24 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 25 Sep 2022 01:37:40 GMT

GET
H2 200 _BTDBRqVZF82b0PNoURLX8_bnSCxvVrWrPBmJ3D7Rm0.js Show response
www.google.com/js/th/ Frame E241 35 KB
14 KB 82ms
24ms Script
text/javascript 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/_BTDBRqVZF82b0PNoURLX8_bnSCxvVrWrPBmJ3D7Rm0.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

fc14c3051a95645f366f43cda1444b5fcfdb9d20b1bd5ad6acf0662770fb466d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 05:11:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 593596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13242
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 22 Sep 2022 05:11:14 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/ Frame E241 25 KB
7 KB 24ms
24ms Script
text/javascript 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

sffe /

Resource Hash

5cf2d602e6a7b16bf2a0b1866e945e014d8d08ecb9603a36943b8da90499a96e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 01:39:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 347094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7358
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 00:00:24 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 25 Sep 2022 01:39:36 GMT

GET
DATA 200
OK truncated
/ Frame E241 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLTiwxFGTTfU3G26aSV0sbdxQRKCYcHcZeauXDDNGw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame E241 2 KB
3 KB 97ms
41ms Image
image/jpeg 142.250.184.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTiwxFGTTfU3G26aSV0sbdxQRKCYcHcZeauXDDNGw=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f1.1e100.net

Software

fife /

Resource Hash

9ded054427d6ac35a16039ac5b9f95947b635ae5fe0e693f0582c9880529aef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2359
x-xss-protection: 0
server: fife
etag: "v140"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 08 Sep 2021 06:09:20 GMT

GET
H2 200 maxresdefault.webp
i.ytimg.com/vi_webp/ScFVHeKZD60/ Frame E241 28 KB
28 KB 88ms
35ms Image
image/webp 142.250.185.86
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/ScFVHeKZD60/maxresdefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.86 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f22.1e100.net

Software

sffe /

Resource Hash

9420d072c58b435f94e2e387e30386fbb1da5d1c3640f1db94c89078a69d01f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28190
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 29 Sep 2021 04:04:30 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
464 B 68ms
22ms XHR
text/plain 108.177.15.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-62532637-1&cid=1105668794.1632881070&jid=1442830829&gjid=179900027&_gid=326233605.1632881070&_u=aGDACEACRAAAAC~&z=1238566445

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.177.15.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 29 Sep 2021 02:04:30 GMT
content-type: text/plain
access-control-allow-origin: https://www.getastra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/672227654/ 2 KB
1 KB 424ms
406ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/672227654/?random=1632881070249&cv=9&fst=1632881070249&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9r0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui&tiba=Hacked%20wp-admin%20loads%20different%20UI%20%7C%20Astra%20Website%20Security&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

5904a19511c330a1cc29436eeb3cc585196c98e282edcc5961324447bff166d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1117
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame E241 4 KB
3 KB 78ms
28ms Script
text/javascript 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/d82ca80e/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview"
expires: Wed, 29 Sep 2021 02:04:30 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
425 B 24ms
7ms Image
image/gif 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1463527970389398&ev=PageView&dl=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui&rl=&if=false&ts=1632881070351&cd[eventID]=event.PageView.216.131.111.41632881069527&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22683165172534708%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%221850534168422712%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1632881070349.1406718332&it=1632881069807&coo=false&rqm=GET

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-frx5.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 29 Sep 2021 02:04:30 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 89ms
36ms Image
image/gif 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-62532637-1&cid=1105668794.1632881070&jid=1442830829&_u=aGDACEACRAAAAC~&z=903777005

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 73ms
28ms Image
image/gif 216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-62532637-1&cid=1105668794.1632881070&jid=1442830829&_u=aGDACEACRAAAAC~&z=903777005

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.163 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame E241 0
9 B 25ms
24ms Image
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?TUi8YA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f14.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 initialize Show response
backend.getbeamer.com/ 410 B
908 B 210ms
139ms XHR
application/json 104.26.2.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://backend.getbeamer.com/initialize?product=VKmdxiII13240&domain=www.getastra.com&language=EN

Requested by

Host: app.getbeamer.com
URL: https://app.getbeamer.com/js/beamer-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.2.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

751ca5efa40972f8beffbf997b602ea8c26568efeb641057a002c37093e3a004

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 29 Sep 2021 00:03:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2BJMC0IfV5g4XWXQYoDhEOuzkLsTyhswQxhHPOjg6LCzVmzh7qkK%2FlDGVOFf1B16Fxlvp8XYOS8rw0jPURnk41Cd7W7gRf4l6t1IqC2keesINYKATEcr229C0xxPPWvOlMqm2yn0Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300, s-maxage=300
cf-ray: 6961a4232b4e4262-LHR

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/93/ Frame E241 52 KB
15 KB 55ms
22ms Script
text/javascript 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/93/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

66b3a50b1f61027459efda3192f4265a316f43a8d770a7135c956bea688fe4d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 16:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35581
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15346
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 17:05:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview-release"
expires: Wed, 29 Sep 2021 16:11:29 GMT

GET
H3 200 / Show response
client.crisp.chat/settings/website/b13579b1-ab47-49ee-b13a-d933e23722bc/ 30 KB
7 KB 28ms
28ms Script
application/javascript 104.18.29.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/settings/website/b13579b1-ab47-49ee-b13a-d933e23722bc/?callback=window.%24crisp.__spool.website_handler&1632129406334

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?5147960

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.29.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f793a32803fbdb4538ada3f382a0c4ad5938fc4a8fd88db96b2d6e86582f907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-credentials: false
cf-ray: 6961a4233ae9faf6-DUS
access-control-allow-headers: Content-Type, Origin
expires: Wed, 29 Sep 2021 06:04:30 GMT

GET
H3 200 en.js Show response
client.crisp.chat/static/javascripts/locales/ 6 KB
3 KB 19ms
19ms Script
application/javascript 104.18.29.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/javascripts/locales/en.js?5147960

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?5147960

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.29.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e6a02537662d902138b1d3d4a392a9c77f5db17f359e3c88bd5a68cf38d5f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37915
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 10 Sep 2021 15:29:30 GMT
server: cloudflare
etag: W/"613b79da-1822"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6961a4237b00faf6-DUS
access-control-allow-headers: Content-Type, Origin
expires: Sat, 27 Sep 2031 02:04:30 GMT

GET
DATA 200
OK truncated
/ 881 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c8faba32cf813d34a373a7528d2446d0f2b061f8dd6900391af20ac718f69bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 /
www.google.com/pagead/1p-user-list/672227654/ 42 B
64 B 36ms
35ms Image
image/gif 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/672227654/?random=1632881070249&cv=9&fst=1632880800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9r0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui&tiba=Hacked%20wp-admin%20loads%20different%20UI%20%7C%20Astra%20Website%20Security&async=1&fmt=3&is_vtc=1&random=2409186056&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/672227654/ 42 B
64 B 48ms
26ms Image
image/gif 216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/672227654/?random=1632881070249&cv=9&fst=1632880800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9r0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui&tiba=Hacked%20wp-admin%20loads%20different%20UI%20%7C%20Astra%20Website%20Security&async=1&fmt=3&is_vtc=1&random=2409186056&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.163 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 beamer-embed.css
app.getbeamer.com/styles/ 15 KB
4 KB 49ms
26ms Stylesheet
text/css 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.getbeamer.com/styles/beamer-embed.css

Requested by

Host: app.getbeamer.com
URL: https://app.getbeamer.com/js/beamer-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9a7779955cbdec06f427bac1a16cf875d1ed2141b84b6edeae3d98a281b4725

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4886
cf-polished: origSize=15694
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 28 Sep 2021 14:15:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MpZIH5ZLKC9jCU4utK6KC4TWyLFxWyoSi6Mi%2FsiBNOKVDjd6DFkHlXCkQJZ%2F2uZbJ4e2zRZEuZkrLLdC5pKaWHnjBoUuEoeHHy7SkeZJoBCXjgGQPYsvxuMHxVZrh9ZGGjgX"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=utf-8
cf-ray: 6961a424399b5415-LHR
cf-bgj: minify

GET
H3 200 numberFeatures Show response
backend.getbeamer.com/ 49 B
698 B 200ms
176ms XHR
application/json 104.26.2.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://backend.getbeamer.com/numberFeatures?url=www.getastra.com&product=VKmdxiII13240&v=1&language=EN&user_id=f6fad25a-66f5-418c-a990-f4afeb648f25

Requested by

Host: app.getbeamer.com
URL: https://app.getbeamer.com/js/beamer-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.2.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f467a1880d280f5e10e0a1d3ac87150f866fd3fd118338e9fbf64ffac781da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 29 Sep 2021 02:04:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GUODCAGiFXNKo0t45iBN%2BKxxmYM30AZRS0TkOkZDIGs93eh8Il0C8wS3Gyo%2BbxBZbZJpkNsHuWKounlVpLgWcQ2ZdnEIb2qYG0BwYjsLN%2FN2iqMfYQ0EXIBSg6t%2F73bKJ%2BUeLZOgFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800
cf-ray: 6961a4243d3adbdf-LHR

GET
H2 200 SecurityPoweredByAstra.png
cdn.jsdelivr.net/gh/ga-delivr/cookie-consent@latest/ 3 KB
3 KB 7ms
6ms Image
image/png 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/gh/ga-delivr/cookie-consent@latest/SecurityPoweredByAstra.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e1f25fe89b20305f5203a78b764eaa596083e081de1af678c81003e25ba5ca94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 21068
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 2944
etag: W/"b80-0thswSVu97e2w3OIOPSvVwXBGvM"
x-served-by: cache-fra19149-FRA, cache-hhn4062-HHN
x-jsd-version-type: branch
date: Wed, 29 Sep 2021 02:04:30 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H3 204 mod_pagespeed_beacon Show response
www.getastra.com/ 0
576 B 199ms
198ms XHR
text/plain 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.getastra.com/mod_pagespeed_beacon?url=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.getastra.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh; _ga=GA1.2.1105668794.1632881070; _gid=GA1.2.326233605.1632881070; conv_person={"$visitNum":1,"$fvDate":1632881069}; _gcl_au=1.1.39033347.1632881070; _gat_UA-62532637-1=1; conv_geoip=216.131.111.4,113021,113262,113263; conv_session={"start":1632881069,"shown":[],"startUrl":"https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui","referrer":"","expires":1632882870,"isNew":false,"pageViews":1,"ab":[27061,29670,31031]}; _fbp=fb.1.1632881070349.1406718332; LTCNVRT_VISITOR_ID=fe70f46b0b41c63b79a1af6d75a8b07f; crisp-client%2Fsession%2Fb13579b1-ab47-49ee-b13a-d933e23722bc=session_cb7c2d35-3191-4b57-b6c7-e57f3f8330c3; _BEAMER_USER_ID_VKmdxiII13240=f6fad25a-66f5-418c-a990-f4afeb648f25; _BEAMER_FIRST_VISIT_VKmdxiII13240=2021-09-29T02:04:30.724Z
content-length: 61
:path: /mod_pagespeed_beacon?url=https%3A%2F%2Fwww.getastra.com%2Fe%2Fmalware%2Finfections%2Fwordpress-security-hacked-wp-admin-loads-different-ui
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
cache-control: no-cache
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 29 Sep 2021 02:04:30 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=df6%2BtdbiawV8XlRvCCJadRXaJRaWqbDsh7DKZl0tVyaZG0rHAs7VxbVzq8tCOiQoHgcBN3asaBFCnaCK0cmIbgDUkGWww4%2FCrg9DbpKp7Lv6nQm7BPSGtQ5S6Q%2F1NWw4NFZ3"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache
content-security-policy: upgrade-insecure-requests;
strict-transport-security: max-age=2592000
cf-ray: 6961a4247b76403d-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8783 0
18 B 16ms
8ms Document
text/plain 185.60.216.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-frx5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 2254
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: null
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
cookie: fr=07CkCL65CRSbj1TGG..BhU8mu...1.0.BhU8mu.
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/plain
access-control-allow-origin: null
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
date: Wed, 29 Sep 2021 02:04:30 GMT

GET
H3 200 bell-full.svg
app.getbeamer.com/images/ 929 B
1 KB 29ms
28ms Image
image/svg+xml 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.getbeamer.com/images/bell-full.svg

Requested by

Host: app.getbeamer.com
URL: https://app.getbeamer.com/styles/beamer-embed.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1e87c0d4c679825d45f0eec702cf539c90ddd1af7eaacdfe074f43846cc7c18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.getbeamer.com/styles/beamer-embed.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

cf-ray: 6961a4255a245415-LHR
date: Wed, 29 Sep 2021 02:04:30 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 14:15:40 GMT
server: cloudflare
age: 4870
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42BJDB%2BIQjsUARkQ3LsNKsunymrytEg1qbz9Xg72yBKRQ%2BVhTtvscSbeKxYVtFylGYOtWCxo7lnmb2sVKGMbVzqr%2F7pNtZbDoCMKsGJ4gMGpEyTr5QIVmrSUPJ3tGWMrSW%2FD"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 utilities Show response
whatsnew.getastra.com/ Frame B1DD 600 B
413 B 438ms
115ms Document
text/html 35.207.24.13
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://whatsnew.getastra.com/utilities?app_id=VKmdxiII13240
Requested by: Host: app.getbeamer.com
URL: https://app.getbeamer.com/js/beamer-embed.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.207.24.13 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 13.24.207.35.bc.googleusercontent.com
Software: /
Resource Hash: f499697a47319a1453429271a4d67166300442ad7c057e44a3d67e221783268c

Request headers

:method: GET
:authority: whatsnew.getastra.com
:scheme: https
:path: /utilities?app_id=VKmdxiII13240
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
cookie: _ga=GA1.2.1105668794.1632881070; _gid=GA1.2.326233605.1632881070; _gcl_au=1.1.39033347.1632881070; _gat_UA-62532637-1=1; _fbp=fb.1.1632881070349.1406718332; crisp-client%2Fsession%2Fb13579b1-ab47-49ee-b13a-d933e23722bc=session_cb7c2d35-3191-4b57-b6c7-e57f3f8330c3; _BEAMER_USER_ID_VKmdxiII13240=f6fad25a-66f5-418c-a990-f4afeb648f25; _BEAMER_FIRST_VISIT_VKmdxiII13240=2021-09-29T02:04:30.724Z; _BEAMER_FILTER_BY_URL_VKmdxiII13240=false
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 28 Sep 2021 13:52:09 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
cache-control: public, max-age=86400
content-length: 283
age: 43942

GET
H2 200 favico.js Show response
static.getbeamer.com/ 9 KB
4 KB 52ms
29ms Script
text/javascript 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.getbeamer.com/favico.js

Requested by

Host: app.getbeamer.com
URL: https://app.getbeamer.com/js/beamer-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2de0a175959463ba0645154ce17d43e756d8b100b77e69b6626ba728fabf374b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash: crc32c=8qYgtA==, md5=PsdC4FOmHT5YLwNPMX1qSQ==
date: Wed, 29 Sep 2021 02:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1261
cf-polished: origSize=9033
x-guploader-uploadid: ADPycdt4WJIFwor100FM0ygDR3X9UMulRGCXptcc_BML17UkIoOeynY7xFXTrwDETUFDNebpP4BvYf-fNzGeGBmhLGfCLASMhQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Wed, 29 Sep 2021 02:43:28 GMT
last-modified: Tue, 16 Jun 2020 17:18:54 GMT
server: cloudflare
etag: W/"3ec742e053a61d3e582f034f317d6a49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5u3q%2FRLkCSz5FoJ2EnG3BcQhzXthYMOvu9dBFkRCTIxsm%2FN6X1H8bldkMbIE0HXNgZD93ODvnkPRO4KfVzo4cm4EigfcVlDoxkahVhny0QEdC0HWoiLXIML8iyVnefFHFDywBlmJ"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1592327934651350
access-control-allow-origin: *
content-type: text/javascript
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 9033
cf-ray: 6961a4258c376553-LHR
cf-bgj: minify

GET
H3 200 xfavicon.png.pagespeed.ic.gnFGP8HKaj.webp
www.getastra.com/assets/images/ 300 B
1015 B 26ms
26ms Image
image/webp 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.getastra.com/assets/images/xfavicon.png.pagespeed.ic.gnFGP8HKaj.webp

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95ce2da31c4891f1925d15c617aceee98f8dd5fefe2caf5845ba17d1f83838e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://www.getastra.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: image
cookie: cz_astra_csrf_cookie=ceffb352f96fcc616abf69ef8c27dc24; ci_session=vm5s9junk3vel9e27d3k6qiv6mvduvrh; _ga=GA1.2.1105668794.1632881070; _gid=GA1.2.326233605.1632881070; conv_person={"$visitNum":1,"$fvDate":1632881069}; _gcl_au=1.1.39033347.1632881070; _gat_UA-62532637-1=1; conv_geoip=216.131.111.4,113021,113262,113263; conv_session={"start":1632881069,"shown":[],"startUrl":"https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui","referrer":"","expires":1632882870,"isNew":false,"pageViews":1,"ab":[27061,29670,31031]}; _fbp=fb.1.1632881070349.1406718332; LTCNVRT_VISITOR_ID=fe70f46b0b41c63b79a1af6d75a8b07f; crisp-client%2Fsession%2Fb13579b1-ab47-49ee-b13a-d933e23722bc=session_cb7c2d35-3191-4b57-b6c7-e57f3f8330c3; _BEAMER_USER_ID_VKmdxiII13240=f6fad25a-66f5-418c-a990-f4afeb648f25; _BEAMER_FIRST_VISIT_VKmdxiII13240=2021-09-29T02:04:30.724Z; _BEAMER_FILTER_BY_URL_VKmdxiII13240=false
:path: /assets/images/xfavicon.png.pagespeed.ic.gnFGP8HKaj.webp
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.getastra.com
referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Origin: https://www.getastra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-original-content-length: 760
age: 182377
strict-transport-security: max-age=2592000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 26 Aug 2021 00:09:11 GMT
server: cloudflare
etag: W/"0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6VaVMOGJHhgnTXOKfKJasl4gzPAEwO4CcVqs7bKKDc%2B9p%2FFLsAgYxcx8pagLISHWqpCo2iNixQf2GFtzpnaOfU%2FOPlb%2BhC7xzttFXTsRY9MFinGfhKM9Lynt0NheGzIFHvH"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=31536000
cf-ray: 6961a425bc3f403d-CDG
link: <https://www.getastra.com/assets/images/favicon.png>; rel="canonical"
expires: Fri, 26 Aug 2022 00:09:11 GMT

GET
H3 200 cookieSetter.js Show response
app.getbeamer.com/js/ Frame B1DD 774 B
1 KB 26ms
25ms Script
application/javascript 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.getbeamer.com/js/cookieSetter.js

Requested by

Host: whatsnew.getastra.com
URL: https://whatsnew.getastra.com/utilities?app_id=VKmdxiII13240

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e76a248218d1eb86d8b40c031bbb973839712fd52c0ff1436e9c22642ed63646

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://whatsnew.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:31 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4877
cf-polished: origSize=775
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 28 Sep 2021 14:15:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRXu7%2B%2BhF3zeB1loHtp%2BBx6FNiNBqrlxpcN8YHVkOqmiZ7s%2Bl3BYCv4xaw0zUsiiygvAefRVg1R21hW6ksVY1nSVkglfY%2F%2F44fD%2BtOl9rtKIO3GWwnEM%2B0IxALUmWwHm4r68"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cf-ray: 6961a4288bcf5415-LHR
cf-bgj: minify

GET
H2 200 socket.io.min.js Show response
realtime.getbeamer.com/socket.io/ Frame B1DD 60 KB
15 KB 51ms
28ms Script
application/javascript 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://realtime.getbeamer.com/socket.io/socket.io.min.js

Requested by

Host: whatsnew.getastra.com
URL: https://whatsnew.getastra.com/utilities?app_id=VKmdxiII13240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52c39ac29a79d395e21859f5670c767786815a735c234ca6801d5ba5d18f1d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://whatsnew.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:31 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4891
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
x-sourcemap: socket.io.min.js.map
etag: W/"3.1.0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ssxrF8lEtb%2BTFexGui4%2F63SNwoXkVPX72vd38QXO%2F9M5FbRNdbbNH3IU1Ys7nhBzVCha70y80IbBYeP%2BgG0rOpQg3tudbOk4ibW7t9wyPdJXI1mRa1TP9hl07wtsy2%2BqaKh%2BBJGrBY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400
cf-ray: 6961a428be3c6553-LHR

GET
H3 200 socketUtils.js Show response
app.getbeamer.com/js/ Frame B1DD 2 KB
2 KB 24ms
24ms Script
application/javascript 104.26.3.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.getbeamer.com/js/socketUtils.js?v=2

Requested by

Host: whatsnew.getastra.com
URL: https://whatsnew.getastra.com/utilities?app_id=VKmdxiII13240

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.3.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

772eeff230305742b78fdf87112c9283593a62c23a483afac471dc4cf4dd618c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://whatsnew.getastra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:31 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4891
cf-polished: origSize=2226
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 28 Sep 2021 14:15:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQdtKGILL63aHx7RvNR5xBXLREsGiiGa6dUGVf7%2F9M%2B85wnGG2FNEdHv7i2AByx0AnZtoeSaq8iPu5fZAa8b%2BHQTi5uXxEaIWOavSsu1OW3D2udMCIIcqKFIGjetI%2BuiCTlk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cf-ray: 6961a4288bd05415-LHR
cf-bgj: minify

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E241 28 B
54 B 41ms
40ms XHR
application/json 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/d82ca80e/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ScFVHeKZD60?rel=0&controls=1&showinfo=0
X-YouTube-Client-Version: 1.20210922.1.1
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtDSUZqNkpZVVJDUSitk8-KBg%3D%3D
X-YouTube-Ad-Signals: dt=1632881069946&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java&u_nplug=3&u_nmime=4&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C846%2C477&vis=1&wgl=true&ca_type=image&bid=ANyPxKoEMN7Y6aAm27bwxMN4QAAACrv9_BerICFJd5nQSXZSCmEHI1FfoWjkV3u83tPMn1GcSFg93jyKBhIaUPP4rD5OaripuA

Response headers

date: Wed, 29 Sep 2021 02:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 29 Sep 2021 02:04:32 GMT

GET
H2 200 110 Show response
dash.getastra.com/seal/draw/qEmJ5EdfzT16/ Frame 3306 4 KB
5 KB 230ms
207ms Document
text/html 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110

Requested by

Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a4201ed6221579396e95195b7901d487ee8e9fe4778022027332668aca085d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: dash.getastra.com
:scheme: https
:path: /seal/draw/qEmJ5EdfzT16/110
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
cookie: _ga=GA1.2.1105668794.1632881070; _gid=GA1.2.326233605.1632881070; _gcl_au=1.1.39033347.1632881070; _gat_UA-62532637-1=1; _fbp=fb.1.1632881070349.1406718332; crisp-client%2Fsession%2Fb13579b1-ab47-49ee-b13a-d933e23722bc=session_cb7c2d35-3191-4b57-b6c7-e57f3f8330c3; _BEAMER_USER_ID_VKmdxiII13240=f6fad25a-66f5-418c-a990-f4afeb648f25; _BEAMER_FIRST_VISIT_VKmdxiII13240=2021-09-29T02:04:30.724Z; _BEAMER_FILTER_BY_URL_VKmdxiII13240=false
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 29 Sep 2021 02:04:34 GMT
content-type: text/html; charset=UTF-8
set-cookie: csrf_cz_cld=9ce6ebdf5cd4341ffaa0ad721b587137; expires=Wed, 29-Sep-2021 02:24:34 GMT; Max-Age=1200; path=/ cz_astra_v2=1%2B1pM657YTyv9tehBMSj28N4lNQ%2BlmU9cFTBknl8HfVAoyjFCQ644%2FMzLL%2Fra%2BuaUZUt3OCSMrqOIf5lIcPXNs2ijtw%2F%2BNyZ8vmifbaiz%2FgMKSK%2FYbOgn9Hs4GYtGmePkSRD2fahyqV3G549YZkcW0WQ01ejPKG9rQhemjFkbImei9DDzH%2FARyn9qAOZ9sCzM5F2f%2FBavS99EA0Vj3I1pIgpkhQ88%2FvWsAhKcFErCmMF9ZLgS2Tx%2Fsxj3UCCiuQVjOdV3K4e%2B3bbucJr7%2FNKwTUypa%2BlDPngYC1GKRKrO4frrm2oG172O%2FQnNVezso8xC2%2FcQnLLtRhXGpvdnSpnedeAy%2FTGw98LoqdTnO7CSZv1AfKEGdT5bPnkOAUDxLwE30lnYvT6Nu9xXLDs%2FZBYhuwnw1StYKFEq3isr%2FtKFsxOroBNuBs1S3lPE%2B7eI5PP1g5PZUOP6uag%2FKLc9C%2Fbbg%3D%3Daa80c672ccfe94226fc72da5772f930edb7f1372; path=/ cz_astra_v2=O2SBe6aK4eku6EF909axp7sN24Qbzy83wsVRDthu2xLplB8r8pvhaoV%2BQu4su89q7JX4dnYDbeyqfKMr2ng6FuCAEZZVuPy5i1alueSoZYYXYwlXL38L9m3I6oOm9VzPLx0W%2BGgQHQ2EGFbSQtNy8GIMs64TC7novaRXpmzLYFPIhdX0YFEoDY6u6bjuiyPKf4FHlKf9o6co%2BO50KsyLmggvu7Ag7TEkXYXpbxvoJL6hblR1cFeS1bjpXIYBKeY6OJdlwAdBS87a9mDO%2FAvcjBTICNBu%2Bff4EluLRTPG4L9ep2bB2fg4n7TQBbb%2BN8EtLLskk3QzRd7ledxPU2rs8FWmvYdqKWEfVMH13Qd6uSH89R2wKLA27bUJKLnvOewmMyeggpX4PJ5o0Pk2KX5GP643HOAXTzlBj3bGAaM7Ad0TqUvoY0KYa9qBzNvtH2ZZJOQtXpLZJ34iF5vS67H3uMc44swCqBsbHH7zSYrc7p%2Ffi5%2FFqPHCV1Y8KoCl23we9e7a68e63d7165091cbbee4dae65b65198bb079a; path=/ cz_astra_v2=%2BQQnfEedZeRW4T6WiPCgfMz7dsHJD06sDfNp8c%2FcD4KW14wezd82EEAh0o%2BPDD%2FJFH9DWktZhWUsbn4%2B8Yr2mMhe7GayiqydVAUNAacqlglFpojvqtLDjA7%2F3owqXA%2Bl5aHaCjYycJpe9kIHZ2dSNi6C3pxeTduek42NlTtOispCDfVIvG8Cy7aVfgOgIYyMNIWrNmrwnYg%2F0cgmtBPF9ZhT3FItciQrY%2BHSDgJ2ZgDIZQktZcb685SHCzNXhpZVEKFEzFsgKYAy1H47dEQ%2BSnBu7Pz5r2yhNFg3agdJXR75WUcF3QirjEvJXPyTDFt%2F9WBmqT9Mdnf9NFRMitTC8Qm6vdPmAIGeMXI98muSZ2iuqiQhKrz8vm3KXb8pHBNYXz%2B1a0Oc%2F4dze0I%2B9qMWL4Q8r6G%2BoXFSZnmh44VJ8Yk%2FKAKHkgKzYbR4r3BJgPA71Mh8GHX%2BU45Io2yLquCGkaEn%2FnsYpuA%2F%2FPKTg80hNoUH4n3vdTqctmOD3MqSGMrg67c428209a401e5c2be7e88abb0ad22580af9983; path=/
x-mod-pagespeed: 1.13.35.2-0
vary: Accept-Encoding
cache-control: max-age=0, no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FPmESeS9eazpM3qmPYTfBCePUuQA2mdFbr3%2BQarRC3NdpKryFFUf86n5uLNpSmH8yYXdW9vurtDJ%2FCxN42DfjPlbqP2fEDYG%2FQN9g8re8Teeoxn7GegVnC2PVhAJyyRMtptKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6961a43c08a43a35-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK track.js Show response
serve.albacross.com/ 10 KB
5 KB 293ms
7ms Script
application/javascript 52.222.236.80

General

Check archive.org

Show headers Download Go to

Full URL: https://serve.albacross.com/track.js
Requested by: Host: www.getastra.com
URL: https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.80 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 38fbe56978cc73ba5a5f8c85b360f71aca125c2cd850a3cd6c3683385e388702

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 29 Sep 2021 02:03:01 GMT
Content-Encoding: gzip
Age: 94
Transfer-Encoding: chunked
X-Edge-Origin-Shield-Skipped: 0
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 13:13:21 GMT
Server: AmazonS3
ETag: W/"b769e9b4f23be6c9bab7c715fdf2526a"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 ce765e91525a836efb6bc0a409334a5f.cloudfront.net (CloudFront)
Cache-Control: max-age=120
X-Amz-Cf-Pop: FRA56-P4
X-Amz-Cf-Id: WBhwmn_Q7LCgWPNIKuFU8gYw6J2_4OchksWiWz1UtXdXHTE_W4dK1g==

GET
H3 200 jSscO-IEdbgOmqabm4JqEfVEIAc.js Show response
dash.getastra.com/cdn-cgi/apps/head/ Frame 3306 7 KB
3 KB 31ms
31ms Script
application/javascript 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dash.getastra.com/cdn-cgi/apps/head/jSscO-IEdbgOmqabm4JqEfVEIAc.js

Requested by

Host: dash.getastra.com
URL: https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd71a9264f56c0d43f3122826b3c21ee9b41157fc7065d5acba749a045d28802

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2945525
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: REHB1BAHKE82VQ39
x-amz-id-2: KaHoDLl9SMHiRS8EV+9GR7aSPOazYOnnr6D4WbUMTERXGuhE3Bi9vA4twp58aoRViUqiWoILDaI=
last-modified: Thu, 19 Aug 2021 13:00:22 GMT
server: cloudflare
etag: W/"b89917619835640b33426f5fad66fd5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iudTVsGaTHJIQm4W6gcmROfqkQ8rewulqZI2TIsYjmLJtp%2BvG%2B651IEoIKJCev0%2BO1puy8IE%2F9YuNyvREDQobMrwXGt9GnnkbW08XFkn1eV%2BBdmSWsYS%2F6c3fjTbAteHrwT4bw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: abxbh0KptqvM3rNdnSvV2t_podgV3Fmo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6961a43dedba403d-CDG

GET
H3 200 xastra-seal-v3-back.png.pagespeed.ic.m6LzNA9m8a.webp
dash.getastra.com/assets/seal/ Frame 3306 2 KB
2 KB 23ms
23ms Image
image/webp 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dash.getastra.com/assets/seal/xastra-seal-v3-back.png.pagespeed.ic.m6LzNA9m8a.webp

Requested by

Host: dash.getastra.com
URL: https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24f753d4174315d26cce93e771d6457a7c4f72df58eb3bc73ea79ad7e2352f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-original-content-length: 24864
age: 2944224
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-length: 1552
last-modified: Wed, 25 Aug 2021 23:51:45 GMT
server: cloudflare
etag: W/"0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9m%2F1gWJ%2FGy7kAu3ka9h327okbjZdn0tzlpNpZuB331NmhTwpT1F4MYJcihMwILTAtfndO%2BSDyKPedTaXZhCpUdwPGHJ%2BJ0r17Wnk8ptIkQ6M6PuTEIXosO%2BkzMu9SxIWf7s3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6961a43dedbf403d-CDG
link: <https://dash.getastra.com/assets/seal/astra-seal-v3-back.png>; rel="canonical"
expires: Thu, 25 Aug 2022 23:51:45 GMT

GET
H3 200 HDBaI3TEfOa-RZ1-tgLDoxABaUE.js Show response
dash.getastra.com/cdn-cgi/apps/body/ Frame 3306 33 KB
12 KB 24ms
24ms Script
application/javascript 172.67.166.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dash.getastra.com/cdn-cgi/apps/body/HDBaI3TEfOa-RZ1-tgLDoxABaUE.js

Requested by

Host: dash.getastra.com
URL: https://dash.getastra.com/cdn-cgi/apps/head/jSscO-IEdbgOmqabm4JqEfVEIAc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.136 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7cd3e4c127daccac292779eae92b1b8b644772efb0bcdf4ced7ef7a73a8286b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dash.getastra.com/seal/draw/qEmJ5EdfzT16/110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 02:04:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2945520
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: ZPRFF1YVWKC4FF7F
x-amz-id-2: 61gOqQFmVwFSMPrCAG+A5hzHqWIDt8mE4yddWGiRv5GmGJZJHnibI4gb4khdAhNUX9FoeW8mZnQ=
last-modified: Thu, 19 Aug 2021 13:00:21 GMT
server: cloudflare
etag: W/"5cdb6552f6a72755b9c180c02d8ed6cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vldVljbR63V6tv1x8Wm4DyNvoIE5ryuePKBU%2F%2FKh%2FZcx6cp7awmGFb4ZaL5VtqesuKT%2BHOYfKB%2FNz8lNUWbckJlY4m9RlGueI9yEr6p%2Fr8pWXsJwBUUINPOhyOj3n%2FLW2ODETA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: f12jJHZOrYUnDei4A1SCtU_DfS8Xd8bL
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6961a43e1de5403d-CDG

GET
DATA 200
OK truncated
/ Frame 3306 2 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3c53cf862125379af4f415d0faae379166d55e0d4b0fb82bad41caf8426453ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ Frame 3306 3 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.getastra.com/	1970-01-19 21:34:48	Name: cz_astra_csrf_cookie Value: ceffb352f96fcc616abf69ef8c27dc24
www.getastra.com/	1970-01-19 21:34:48	Name: ci_session Value: vm5s9junk3vel9e27d3k6qiv6mvduvrh
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 40jJb7mf8Lc
.youtube.com/	1970-01-20 01:53:53	Name: VISITOR_INFO1_LIVE Value: CIFj6JYURCQ
.getastra.com/	1970-01-20 15:05:53	Name: _ga Value: GA1.2.1105668794.1632881070
.getastra.com/	1970-01-19 21:36:07	Name: _gid Value: GA1.2.326233605.1632881070
www.getastra.com/	1970-01-20 15:05:53	Name: conv_person Value: {"$visitNum":1,"$fvDate":1632881069}
.getastra.com/	1970-01-19 23:44:17	Name: _gcl_au Value: 1.1.39033347.1632881070
app.convertful.com/	1969-12-31 23:59:59	Name: session Value: i73vm6md7mcutenlc921n2oam4
app.convertful.com/	1970-01-19 21:34:42	Name: site_6090_session_id Value: edbd0213413040bd225e3bfb280efc250904aa28~6090
.getastra.com/	1970-01-19 21:34:41	Name: _gat_UA-62532637-1 Value: 1
www.getastra.com/	1969-12-31 23:59:59	Name: conv_geoip Value: 216.131.111.4,113021,113262,113263
www.getastra.com/	1970-01-20 15:05:53	Name: conv_session Value: {"start":1632881069,"shown":[],"startUrl":"https://www.getastra.com/e/malware/infections/wordpress-security-hacked-wp-admin-loads-different-ui","referrer":"","expires":1632882870,"isNew":false,"pageViews":1,"ab":[27061,29670,31031]}
.getastra.com/	1970-01-19 23:44:17	Name: _fbp Value: fb.1.1632881070349.1406718332
.facebook.com/	1970-01-19 23:44:17	Name: fr Value: 07CkCL65CRSbj1TGG..BhU8mu...1.0.BhU8mu.
www.getastra.com/	1970-01-19 21:56:17	Name: LTCNVRT_VISITOR_ID Value: fe70f46b0b41c63b79a1af6d75a8b07f
.getastra.com/	1970-01-20 01:57:29	Name: crisp-client%2Fsession%2Fb13579b1-ab47-49ee-b13a-d933e23722bc Value: session_cb7c2d35-3191-4b57-b6c7-e57f3f8330c3
.doubleclick.net/	1970-01-20 06:56:17	Name: IDE Value: AHWqTUmnbKPKlFjoYwlLBxuprCVwcbwq52L_STUicKxFP1HK-XYDWSoTjsHZwJQ3
.getastra.com/	1970-01-20 04:46:41	Name: _BEAMER_USER_ID_VKmdxiII13240 Value: f6fad25a-66f5-418c-a990-f4afeb648f25
.getastra.com/	1970-01-20 04:46:41	Name: _BEAMER_FIRST_VISIT_VKmdxiII13240 Value: 2021-09-29T02:04:30.724Z
.getastra.com/	1970-01-19 21:34:42	Name: _BEAMER_FILTER_BY_URL_VKmdxiII13240 Value: false
whatsnew.getastra.com/	1970-01-20 04:46:41	Name: _BEAMER_USER_ID_VKmdxiII13240 Value: f6fad25a-66f5-418c-a990-f4afeb648f25

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e4e5258be89044117a2bc28_hf.svg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a4421f2ca0326994c1ef6_299722.png Message: Failed to load resource: the server responded with a status of 403 ()
deprecation	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.0/jquery.min.js(Line 3) Message: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
network	error	URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e4e525a47c62011672f1121_ghc.svg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a44217b761b2663556f63_299753.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a44210a14ec605636228d_299786.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://uploads-ssl.webflow.com/5dc26be7acd63f5a7106c2b4/5e7a441f94560d6fc2906a62_299702.png Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8s3p7omfd6.execute-api.us-west-2.amazonaws.com
ajax.googleapis.com
api.getastra.com
app.convertful.com
app.getbeamer.com
backend.getbeamer.com
cdn.jsdelivr.net
cdn.letconvert.com
cdnjs.cloudflare.com
client.crisp.chat
connect.facebook.net
dash.getastra.com
dc.cux.io
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.imgur.com
i.ytimg.com
instant.page
ipapi.co
realtime.getbeamer.com
script.tapfiliate.com
serve.albacross.com
static.doubleclick.net
static.getbeamer.com
stats.g.doubleclick.net
uploads-ssl.webflow.com
whatsnew.getastra.com
www.facebook.com
www.getastra.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
104.16.19.94
104.17.10.26
104.18.29.91
104.21.66.247
104.26.1.112
104.26.2.186
104.26.3.186
108.177.15.154
13.32.121.127
142.250.181.227
142.250.184.225
142.250.185.202
142.250.185.206
142.250.185.66
142.250.185.68
142.250.185.74
142.250.185.86
142.250.186.166
142.250.186.168
142.250.186.66
142.250.186.78
151.101.12.193
151.101.65.229
172.67.166.136
172.67.69.226
18.66.112.117
18.66.122.38
185.60.216.19
185.60.216.35
216.58.212.163
35.207.24.13
44.240.205.144
46.105.201.116
52.222.236.80
045fd4ce57343257588e028026d314db88e7cc03aa84ec98ead1197bafe8c598
059b026b3c39638a9338873cad632827df77e7f09698379c9b0bb452b327977a
0bc2aec1ed398028201e91e633934b280742841ccbee9f6aebf36567e3de2e3c
0dec0173dde5da3c461a6ab299b786e6e95ff0ab31a8952c8fb4698479bc8167
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14c56e9da103cef51354e475a6a3431f75f3ce750edbdeaa68eaa43c7de08c49
16616f5bcc366b8db59f45daa8ecc1e41501abab19e3330525f8ed0e400811e5
1c0bd7613f38fc5ba7da3d0edfb2acefbf309df478c3c69119d2c4e9d5665805
1d275921adca68568ba61ebf050aebc9c31aead0870d54d8607f3c9b24573950
1e6a02537662d902138b1d3d4a392a9c77f5db17f359e3c88bd5a68cf38d5f2d
1f467a1880d280f5e10e0a1d3ac87150f866fd3fd118338e9fbf64ffac781da2
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2c89399e7b68f026fc9071b43d3f00940b09fe77b1510b0c8abbb27e609955f4
2de0a175959463ba0645154ce17d43e756d8b100b77e69b6626ba728fabf374b
35fb10c43bbcac422e48e9f6f35465e2a20b3f49c4d70e52c97fab3909fb72bb
38fbe56978cc73ba5a5f8c85b360f71aca125c2cd850a3cd6c3683385e388702
3a090a7422999f24c113ae123ca7b9b9f51a4ee590e22d2a60f3f25f03a464cd
3b843d8505c200af17cdbf0a534faf3a5e6d41e67068387787984470ea717c97
3c53cf862125379af4f415d0faae379166d55e0d4b0fb82bad41caf8426453ad
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
475d5877118470a57e6861b9518b12befcbc3fe202a3cc291dc213eedec53425
48efdd0fffa872b868edf778aec4cd1bc99afeb30ef2cbee16f762f44ce39bb8
4b5e988359c30afd1d84b7a5118296f1fc33f4527d530b096ca27aa7fbfef99a
4f2721fcaed5436f55432318b274d1542e96753b56c6ec6cdbd1c0fdd46bc66d
52c39ac29a79d395e21859f5670c767786815a735c234ca6801d5ba5d18f1d71
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
5697bdf4d0c6463f169f852fd90a1d722f01fe07f5154a33259335dbe5806791
589ee9b72c357818cdabb776e5b811d7a176fa6afe046bb00c3194826e3e6ce4
5904a19511c330a1cc29436eeb3cc585196c98e282edcc5961324447bff166d9
5cf2d602e6a7b16bf2a0b1866e945e014d8d08ecb9603a36943b8da90499a96e
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf
5f793a32803fbdb4538ada3f382a0c4ad5938fc4a8fd88db96b2d6e86582f907
62b97aca219dc9aa7b073a1871afc7e9af2f5beea5df283c94841f53a264042c
66b3a50b1f61027459efda3192f4265a316f43a8d770a7135c956bea688fe4d8
67d1674a7fd9aea9a8dfe9a8151eaacfe43878d9a002756c11f5d3fb05b44e79
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6d5d82a85ace762f6478baf666e059daab9861bed98da094ec6102a3aa35a3fd
6ee29eaed3e7871ec26a9015448275754abd192c89d0dd72ca1454451eee9d58
6f0ad9f3ff31904d6a4962296240ac2afa342ab957442389db0d04a33b40ef78
739865a043e533c69bd6fc5017f4831ab770a2932e48d54a1fa58a96774fe7ce
744235fdccb21018568eba1f1a4ca606c6f47bcdaaf32421e672d60ea1401a03
751ca5efa40972f8beffbf997b602ea8c26568efeb641057a002c37093e3a004
75cdd0cd8782116ba8444dabd993758b1b349843584c9631f4f24a4295b98940
765dbb0a7d8a1fc3cf52bccb6f1969d850e02565623fd20ccc15fdcb7157b0c0
772eeff230305742b78fdf87112c9283593a62c23a483afac471dc4cf4dd618c
7a4201ed6221579396e95195b7901d487ee8e9fe4778022027332668aca085d9
7b2bec94e6e2ff2b4fb08ac2529266dbd6b3f595c9a2c6fa88115f788273579b
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85001e4a67ca0e1d705e757a4fd84271865d3757a361c9aec1f461ed02612ccb
86b73b53ce39ec4c1ef0d37d47bae6ba71d2888ada66f9b32a72671807bcf2c2
89a272899871a1ab98bb380c3de55251b6a0cd7f81ef38952badb085d22b9338
8ac79395ad2c8c0efaf5a734544089eab4a8dce163f3b97f86d08921df5faafb
8c0e5c2f898c9c6ae0c1aff2eca3068d28c9545f8b8c4458d912b27f93d7280a
8d5edfa980907259bcfd97e5a2c7588aeff65ba961bad422963f48d415ed0f18
921bedcfb68b5ce3310cc4d74fdaed60f673194dee68e5dfdbccce283d6831fe
9420d072c58b435f94e2e387e30386fbb1da5d1c3640f1db94c89078a69d01f1
95ce2da31c4891f1925d15c617aceee98f8dd5fefe2caf5845ba17d1f83838e9
979af22174e46123e6fb3c96d96360ba0ea7a5dbd00ae97ab1ebefae9c284d37
98246f79b1495fa4d547fc6bdff6a3de6cf8064d5cb9e5d877adee9171a7f99d
9bb902bfbe8dea2ba325509916a406428e7fee302db67ca7325c441b624ad036
9c8faba32cf813d34a373a7528d2446d0f2b061f8dd6900391af20ac718f69bd
9ded054427d6ac35a16039ac5b9f95947b635ae5fe0e693f0582c9880529aef1
a24f753d4174315d26cce93e771d6457a7c4f72df58eb3bc73ea79ad7e2352f9
ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb
b10c68cdd92c01d2435f9c9e3d1d6ab9c6ed6cf331462dead92477ae093937f8
b1e87c0d4c679825d45f0eec702cf539c90ddd1af7eaacdfe074f43846cc7c18
b21f1ab87f7778a3e6ae8b9aebff331b9a5cb8c8cca9d5676ad09abe02d3b081
b39174505617ab9bb4519602b789c69af8fa36459dbf7efe1f4d0732d74e63aa
bc0e65582c22595fe621e1101834879cec63b7ac5a1588105043f07f82b942a8
bccc360d018fbda432f547de40e03de4c4f5d37befce007f3c9802b76f8fc18f
bd6b3232b77f68d4305c4c6422e1e6f01fbddbd3cd38f6be9e2d28be3de52ff6
c7cd3e4c127daccac292779eae92b1b8b644772efb0bcdf4ced7ef7a73a8286b
c80cbb49f1456d1b800f2486cca5a945e3b283a69ceda8728fba0f6592bac160
c9f561b5d76865246ee0cdbe40e84093766cb1ba5eb2aab8694d00568e6e66c9
d1411250814c4052f3001babbf9bb6c502281711c2b401958a0a481c662fed86
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
dd71a9264f56c0d43f3122826b3c21ee9b41157fc7065d5acba749a045d28802
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e1f25fe89b20305f5203a78b764eaa596083e081de1af678c81003e25ba5ca94
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e76a248218d1eb86d8b40c031bbb973839712fd52c0ff1436e9c22642ed63646
e9a7779955cbdec06f427bac1a16cf875d1ed2141b84b6edeae3d98a281b4725
ead9d662556a3bcfddaccb89f85f4877a8c2cd7b8aabc4400aa69fc839ddf2f0
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee17acf36679912939aa00c61b227af5a5ad28d55ebc38d4893e5e753628aa53
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c14ae540b4cb971a62da8309565fe9d0c78e767fd2071bf53cae5bc87cdab5
f499697a47319a1453429271a4d67166300442ad7c057e44a3d67e221783268c
f8098e4df09d2276b21109071061a2327c92b52ed141edaae441860c5fd6b3d0
f9b8554da46627f734ede57cd2753c803d9c041174ad891fd6dc6a5e5adbbdbd
fc14c3051a95645f366f43cda1444b5fcfdb9d20b1bd5ad6acf0662770fb466d
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

www.getastra.com Open in urlscan Pro 172.67.166.136 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

107 Requests

100 %HTTPS

0 %IPv6

28 Domains

38 Subdomains

35 IPs

4 Countries

2244 kBTransfer

6580 kBSize

22 Cookies

8 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.getastra.com Open in urlscan Pro
172.67.166.136 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

100 %
HTTPS

0 %
IPv6

28
Domains

38
Subdomains

35
IPs

4
Countries

2244 kB
Transfer

6580 kB
Size

22
Cookies

107 HTTP transactions
5 data transactions