posts.bluraven.io Open in urlscan Pro
162.159.153.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/QNLqtjWkg5?amp=1
Effective URL:
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw...
Submission: On July 29 via manual (July 29th 2021, 2:02:02 pm UTC) from FR

Summary HTTP 103 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 10 domains to perform 103 HTTP transactions. The main IP is 162.159.153.4, located in and belongs to CLOUDFLARENET, US. The main domain is posts.bluraven.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 23rd 2021. Valid for: a year.

This is the only time posts.bluraven.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1 1	13.57.121.49 13.57.121.49	16509 (AMAZON-02) (AMAZON-02)
1 1	2600:9000:219... 2600:9000:2190:ac00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2 59	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 20	162.159.153.4 162.159.153.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b7::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	13.224.99.23 13.224.99.23	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:219... 2600:9000:2190:d000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3032::6815:5081	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:219... 2600:9000:2190:8e00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.72.27.138 52.72.27.138	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5	14618 (AMAZON-AES) (AMAZON-AES)
103	14

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.57.121.49 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-57-121-49.us-west-1.compute.amazonaws.com

link.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:ac00:19:9934:6a80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rsci.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2606:4700:7::a29f:9904 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 162.159.153.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

posts.bluraven.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b7::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.99.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-99-23.zrh50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:d000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::6815:5081 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2190:8e00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.72.27.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-27-138.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	medium.com 3 redirects link.medium.com medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	1 MB
20	bluraven.io 1 redirects posts.bluraven.io	33 KB
5	branch.io cdn.branch.io api2.branch.io	26 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	95 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
2	medium.systems lightstep.medium.systems Failed
2	google-analytics.com www.google-analytics.com	19 KB
2	app.link 1 redirects rsci.app.link app.link	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
1	t.co t.co	502 B
103	10

	Domain	Requested by
41	cdn-client.medium.com	posts.bluraven.io cdn-client.medium.com
20	posts.bluraven.io	1 redirects t.co cdn-client.medium.com
15	miro.medium.com	posts.bluraven.io
9	glyph.medium.com	posts.bluraven.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
2	errors.client.optimizely.com	cdn-client.medium.com
2	lightstep.medium.systems	cdn-client.medium.com
2	www.google-analytics.com	t.co cdn-client.medium.com
2	medium.com	2 redirects
1	app.link	cdn.branch.io
1	cdn.branch.io	t.co
1	static.cloudflareinsights.com	posts.bluraven.io
1	cdn.optimizely.com	posts.bluraven.io
1	rsci.app.link	1 redirects
1	link.medium.com	1 redirects
1	t.co
103	17

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
www.bleepingcomputer.com
github.com
book.bluraven.io
derkvanderwoude.medium.com
drertugrulakbas.medium.com
palantir.medium.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
posts.bluraven.io Cloudflare Inc ECC CA-3	`2021-06-23` - `2022-06-22`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2021-10-01`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
errors.client.optimizely.com Amazon	`2020-09-02` - `2021-10-02`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Frame ID: 55E12DF675BC3FE9F4988780052ADE6B
Requests: 99 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/QNLqtjWkg5?amp=1 Page URL
https://link.medium.com/VBcpnITxgib HTTP 307
https://rsci.app.link/VBcpnITxgib?_p=c81d29c09c0b7af6e6038ffae9 HTTP 307
https://medium.com/p/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd... HTTP 301
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9e... HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-pe... HTTP 302
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9e... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /optimizely\.com.*\.js/i

Page Statistics

103
Requests

98 %
HTTPS

67 %
IPv6

10
Domains

17
Subdomains

14
IPs

3
Countries

1262 kB
Transfer

3411 kB
Size

16
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&source=post_page-----d3364bd9ee0a---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2Fd3364bd9ee0a&~feature=LoOpenInAppButton&~channel=ShowPostUnderUser&~stage=mobileNavBar&source=post_page-----d3364bd9ee0a--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Ff7cc596dfe41&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&user=Mehmet%20Ergene&userId=f7cc596dfe41&source=post_page-f7cc596dfe41----d3364bd9ee0a---------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&source=post_page-----d3364bd9ee0a---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-new-petitpotam-ntlm-relay-attack/
Title: Microsoft shares mitigations for new PetitPotam NTLM relay attackMicrosoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller…www.bleepingcomputer.com

Search URL Search Domain Scan URL

URL: https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection/blob/main/Credential%20Access/Suspicious%20TGT%20Request%20with%20a%20DC%20Account.md
Title: my GitHub repo

Search URL Search Domain Scan URL

URL: https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection/blob/main/Credential%20Access/Potential%20NTLM%20Realy%20Attack%20to%20Domain%20Controller.md
Title: here

Search URL Search Domain Scan URL

URL: http://book.bluraven.io/
Title: book.bluraven.io

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Ff7cc596dfe41%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&user=Mehmet%20Ergene&userId=f7cc596dfe41&source=post_sidebar-f7cc596dfe41-------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://derkvanderwoude.medium.com/?source=blogrolls_sidebar-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://drertugrulakbas.medium.com/?source=blogrolls_sidebar-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@anton.chuvakin?source=blogrolls_sidebar-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://palantir.medium.com/?source=blogrolls_sidebar-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@fduff?source=blogrolls_sidebar-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&user=Mehmet%20Ergene&userId=f7cc596dfe41&source=post_sidebar-----d3364bd9ee0a---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&source=post_sidebar-----d3364bd9ee0a---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&user=Mehmet%20Ergene&userId=f7cc596dfe41&source=post_actions_footer-----d3364bd9ee0a---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecurity
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://medium.com/tag/threat-hunting
Title: Threat Hunting

Search URL Search Domain Scan URL

URL: https://medium.com/tag/petitpotam
Title: Petitpotam

Search URL Search Domain Scan URL

URL: https://medium.com/tag/ntlm-relay
Title: Ntlm Relay

Search URL Search Domain Scan URL

URL: https://medium.com/tag/dfir
Title: Dfir

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Ff7cc596dfe41%2Fd3364bd9ee0a&operation=register&redirect=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&user=Mehmet%20Ergene&userId=f7cc596dfe41&source=follow_footer-f7cc596dfe41-------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----d3364bd9ee0a--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page-----d3364bd9ee0a--------------------------------
Title: Write

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----d3364bd9ee0a--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----d3364bd9ee0a--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----d3364bd9ee0a--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/QNLqtjWkg5?amp=1 Page URL
https://link.medium.com/VBcpnITxgib HTTP 307
https://rsci.app.link/VBcpnITxgib?_p=c81d29c09c0b7af6e6038ffae9 HTTP 307
https://medium.com/p/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&_branch_match_id=949292934991271987 HTTP 301
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a%3Fsource%3Dsocial.tw HTTP 302
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

103 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 QNLqtjWkg5 Show response
t.co/ 260 B
502 B 216ms
183ms Document
text/html 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/QNLqtjWkg5?amp=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

1df64477657fc39fda0471e018fcf7b888f6287e22e1f7da038cefa650532293

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /QNLqtjWkg5?amp=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:37 GMT
vary: Origin
server: tsa_o
expires: Thu, 29 Jul 2021 14:06:38 GMT
set-cookie: muc=160e536b-b5df-4fd0-b766-2681687c3c83; Max-Age=63072000; Expires=Sat, 29 Jul 2023 14:01:38 GMT; Domain=t.co; Secure; SameSite=None
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 185
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-connection-hash: d6ba8bdd853b001d8493d84eb6bc25aaf4769f26b0b2ab2b65764e8a74d0d2e4

GET
H3-29

200

Primary Request detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a Show response
posts.bluraven.io/
Redirect Chain

https://link.medium.com/VBcpnITxgib
https://rsci.app.link/VBcpnITxgib?_p=c81d29c09c0b7af6e6038ffae9
https://medium.com/p/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&_branch_match_id=949292934991271987
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a%3Fsource%3Dsocial.tw
https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

90 KB
23 KB

1295ms
1264ms

Document
text/html

162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Requested by

Host: t.co
URL: https://t.co/QNLqtjWkg5?amp=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad12ec9a2eba580842055e96409b60a39ee650a18dd9fbe784e3a3f44d0f215e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: posts.bluraven.io
:scheme: https
:path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfruid=d8936383796abfebea97195752a682703117af40-1627567300
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://t.co/QNLqtjWkg5?amp=1

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-type: text/html; charset=utf-8
cf-ray: 6766e16f0e363628-MAN
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: uid=lo_6f8b0b565a50; Path=/; Expires=Fri, 29 Jul 2022 14:01:41 GMT; HttpOnly; Secure; SameSite=None sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; Path=/; Expires=Fri, 29 Jul 2022 14:01:41 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_6f8b0b565a50; Path=/; Expires=Fri, 29 Jul 2022 14:01:41 GMT; Secure; SameSite=None
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' https://medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, lite/main-20210729-083823-199098d1db, rito/main-20210729-123158-e6d489bb37
medium-missing-time: 291
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1093
x-request-received-at: 1627567301341
server: cloudflare
content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Thu, 29 Jul 2021 14:01:40 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
cf-ray: 6766e16d8c73535d-FRA
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 58
x-frame-options: sameorigin
x-obvious-info: 20210729-0445-root,f67966c4
x-obvious-tid: 1627567300807:a8234cc1a2db
x-opentracing: {"ot-tracer-spanid":"5c82b37555ca8e3d","ot-tracer-traceid":"4283106e5124616f","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 39ms
30ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 355
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 6766e176f85dd6e5-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 29 Jul 2021 16:01:42 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 331 KB
95 KB 22ms
7ms Script
text/javascript 2a02:26f0:6c00:2b7::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2b7::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c0b96e1dcb807768651c6bb2ad8141464f4b7ef5364cc1f69bd5268e91334906

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: 58o.FwKoB63jE_oJMxKGxKEBQ8LuzWB_
content-encoding: gzip
etag: "a5e8022e7a7fe027b163026f02fa7905"
x-amz-request-id: N0QDYRV1NWCC4Y17
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 7071
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:2b7::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 96464
x-amz-id-2: wCMwfalRx5bPYlK5WJSEwJ6EXmH3RiLKsKWEce+xa4fgHoPhKl6Eg0+IHp0QAtsoS97Mlp6XbW4=
last-modified: Wed, 28 Jul 2021 19:48:17 GMT
server: AmazonS3
date: Thu, 29 Jul 2021 14:01:42 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 0*n3TQ_hF4J6tCz8iT
miro.medium.com/fit/c/56/56/ 2 KB
2 KB 110ms
109ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*n3TQ_hF4J6tCz8iT

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc20c20cdbaaa71056961219be10f09df0427b225e3c51291c0688d4e20e594b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 443
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2025
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210708-194908-a2c5797557
accept-ranges: bytes
cf-ray: 6766e176e846d6e5-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H2 200 0*5z-pM0es_H8t1hPY.jpg
miro.medium.com/max/1400/ 52 KB
53 KB 119ms
117ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/0*5z-pM0es_H8t1hPY.jpg

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83788be5811b59e17e25d6c585494302ebd654e718f77554b48a85a46a3e22df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 69
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 53692
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e176e84bd6e5-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H2 200 1*BEXOU5IGsN92Sb_9_i5zjg.png
miro.medium.com/max/60/ 2 KB
2 KB 105ms
104ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*BEXOU5IGsN92Sb_9_i5zjg.png?q=20

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15448e7caa99c8a2625550634b1ca141e05796c376e99258057d792435231a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 51
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1905
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e176e84ad6e5-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H2 200 manifest.a5bf5caf.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
5 KB 41ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.a5bf5caf.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b6485bfbcb7e3aab863c5eed03e20d52e6ca7faaaff00f33559cab8a43864a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18158
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJBVCAEH5YVTPGQ
x-amz-id-2: alCRFAmH5wt3J5Z9L7a3f4um+vf2m3Qxix5bxju6DR+eeQzfG6WdBlPUUWW901irYEl9Vs9b/68=
last-modified: Thu, 29 Jul 2021 07:12:35 GMT
server: cloudflare
etag: W/"7e811a0316bc72dbdda1be1cb0298c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _c6zBIDkF.ny1GmLcVmhmoIha8DBpz0i
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17718aad6e5-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H2 200 9115.1a9358c4.js Show response
cdn-client.medium.com/lite/static/js/ 732 KB
228 KB 77ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

038262231160fee976d84fa8d1db80567769112008a892e0edeb76f6c1121165

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1183246
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 9WCQMJXXDY7V1E5T
x-amz-id-2: yenI6fCJLrENlkqO2VHecbdeXoIeqtf9kfQS8Gz8dMYywh2HBIP47vsCHroQtTsLhkdCQ/i4JKM=
last-modified: Thu, 15 Jul 2021 18:50:35 GMT
server: cloudflare
etag: W/"3b5c778737b6d559ce5f7a8c478f6203"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QAH5KPPE7VyycTXphMPwmxvbaI8QEy7U
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17718a5d6e5-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H2 200 main.c1791826.js Show response
cdn-client.medium.com/lite/static/js/ 799 KB
211 KB 40ms
28ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ecee62070357edab5727659cb134bea62b8db3d37b0c8bc76a89f7fa53d6d99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18158
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJC27HJS32ZR9PH
x-amz-id-2: 7jBMpwOmRamZdR7mF8JZ6QNJ60qmzKSDDB4YsobekT85WIy4mWqb3D6TwjMUGIqIWyKxVWE6x0Y=
last-modified: Thu, 29 Jul 2021 07:12:29 GMT
server: cloudflare
etag: W/"d0e969fe7ee3b769053a0cd31ff77382"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0BB5UqlgZtL6Fs9u5hwvCeepuGxr0cez
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17718a8d6e5-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 38ms
27ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227912
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17718a6d6e5-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H2 200 instrumentation.6fa29f8a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 32ms
21ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.6fa29f8a.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f533eb639be3ba90e9031b71779c52cdc20698da99dc51b3b5ac2f91e7134aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 506944
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: FHA8A40J743DA5XW
x-amz-id-2: /tadu/KnxX9jH/CN5juvoR17bTIAzGfipCSVFBL/+gHr4ntd5Pywyt0YU83h2Qwwl73j2x1cPPI=
last-modified: Fri, 11 Jun 2021 03:03:38 GMT
server: cloudflare
etag: W/"2c6f1262e4dde3d463a8f6156e941f07"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 4vjabhlbU1g80tUyyLDf7tBjSbTI2iRB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17718a9d6e5-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H2 200 reporting.6471519f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 32ms
22ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.6471519f.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbacda37b119c290c184c6975dc0f9e7892a22c56bb572d70457e437484864d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 843624
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: Q0F7MQAAJVH2M7V8
x-amz-id-2: UGXQIw7HsYZm/FvYo7E+nq3jKishQRAFtyQb69eEX/C8myd/Yv4QrwPT9xzsKJnaEtF0J6LNuB8=
last-modified: Wed, 16 Jun 2021 18:41:31 GMT
server: cloudflare
etag: W/"69e0bbdc0c37d2f46b6be19732366a3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8sxb2msbxkYmtYsAbhhIRpG6q5cNmD6C
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17718a7d6e5-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 5279.a081d25f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 65ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5279.a081d25f.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bd46284abee72dbe93295f7b04a7297e851545b95fb9aa5e91237ff7b03fcf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1193969
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 357VKND0B1MB9J43
x-amz-id-2: qypHuL7v59Qjr316foZFZMTqjc3Muzdceb1uiNOE3RnQedPCAjRp3WuDT8clbLqd105LdvrVK/s=
last-modified: Wed, 14 Jul 2021 17:47:44 GMT
server: cloudflare
etag: W/"6b6b78b0ebe6013d82a69b0804acb3ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WGHdI13XLXqaDRlyjCbzo7hmZ7yJdTf8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cbc535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 192.267fdb68.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 52 KB
16 KB 54ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/192.267fdb68.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9971503ea5cbc832b9d030f04e7c4f4124148bc50c1d7f5dc16af968c6fccb27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 266363
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: V03VJJDQX9043FAN
x-amz-id-2: 9Q323gJ/iDOP7dr36EHFsTGneUGdtAna9tYI2MawqvO2JSLBjha93kwBBgKUdlhlvZkmmh6RxDw=
last-modified: Mon, 26 Jul 2021 11:53:36 GMT
server: cloudflare
etag: W/"5d23be876cd1fe13c5399ffbd93b3ea7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ez6HSEb_GTkfFzu1vh_rBzAQZC_3L5UV
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cbf535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7648.0aa0788a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 46ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7648.0aa0788a.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00678d84f34008f5f240d194ee80af4e17bcbc2b4aa552ccc1a71fc32542996b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53795
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: EG3MEY5KTZNDZ6QE
x-amz-id-2: 1Akp8TPhJlW3Efa1Lt6Xmbvxr9+7vDEeITKCa2McCtqadKARhUGdIZw2wqda7fS/uDEmuobNvvw=
last-modified: Wed, 28 Jul 2021 21:42:03 GMT
server: cloudflare
etag: W/"faff4ed06fd7c9c1398e0bf87e1f940e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: B1BIoxMInJM8gzcOZe8SFifUJJQD882_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cc4535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 1645.9072abeb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 56ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1645.9072abeb.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8aecc772988b29a46774bb5c5e2dd3373fca5cfab4122338414f41cfb6b656e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7031
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 8Y1BZDP093PPSAHS
x-amz-id-2: FIjGFaY4sJcupp5iVHBqOlAWX9tg1vCb61BmTjtSS2e7RTCrB015u7nrEYkK0srxsFUQL8seKBI=
last-modified: Thu, 15 Jul 2021 16:24:49 GMT
server: cloudflare
etag: W/"553495539d619e8ee0e59ed00fbcb539"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1VQTPBA3r6hhPyXFbJwQveM5ukBLc7iI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cc6535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 3930.c5902e0c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 31ms
27ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3930.c5902e0c.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fcdf1b9c29d79fa8679eeefa1573c239bc5bea4dd2eed064fc6e2a0d1c97f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 78809
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: B1CNWTWTNN7QJ84F
x-amz-id-2: JSd+QrBUwpEmhcSYy4DvM1h7ZQW7sCMrt74GmEqXXZ+c3mx49RTBMAiTPylkbzBtnlRhNAwa0EA=
last-modified: Tue, 27 Jul 2021 23:29:34 GMT
server: cloudflare
etag: W/"523e01f518bae7c704faab27ee48575b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: g1rcqxHIKxADWbGA9ykroZlFG2mBSbal
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cc9535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 6753.a47f7a06.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 32ms
28ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6753.a47f7a06.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e36f60c1e0446888159ec0619803a3767652dea057c46ee478322511d1c4bb34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7015
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJEK17XBYWVZJKG
x-amz-id-2: 5FHtT5ZvwhdnBOimKLr89S0Fuqcb4fUKHQtoUCgcF61YpMfVJk/84Ws7A5sMrndmbRqOYHudgng=
last-modified: Tue, 27 Jul 2021 17:24:49 GMT
server: cloudflare
etag: W/"7cbdcf64c7a172a36937acf5512ff4d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n1n4vsFPNcp968t5C6drlDn5QM48FmSg
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ccb535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7296.5f3dd7cb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 55 KB
16 KB 38ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7296.5f3dd7cb.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfbc5e87561169bfa5b0821ab995cbcfc9e27a58901d4a0bd07e68962a7aa85f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 59606
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TJEYXG434ZWT4K1A
x-amz-id-2: ABlEqO55zVnnHc3imZRJw5RAWV1rXMKey11lUmkKBjV/itIgTMtuLpPpWugihsEA7IMRIjylkBo=
last-modified: Wed, 28 Jul 2021 19:56:00 GMT
server: cloudflare
etag: W/"a573c8d79425e06abd5e8854a32b50f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 9NjYE.4Nbkn9C5EULy0qgF.o5ZVMHvrx
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cce535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 4881.687aa6c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 39ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4881.687aa6c4.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31841c0553a88ef72572428c8afe8696d589e27364b961199d15589399f73b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504578
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK67K342SA6YYTAR
x-amz-id-2: On4arbvR6g51l4FOq4cJmxqXkJEXxO+Gu512tt7xEkNADMBzOZ75wWMnw11vgT+OQUXUe8ZzfTg=
last-modified: Wed, 21 Jul 2021 16:14:47 GMT
server: cloudflare
etag: W/"0481b64d50d6bd6b3fc2018599c76a5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fKTjf6wOuvUm13ec8leMYVP4xZAgopPD
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cd0535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 5860.8bc682e1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
7 KB 47ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5860.8bc682e1.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

871f0d0eeff126b2d40b4befa97f7b74b3b62bd2fa6fc4ac58b46df09090fb64

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18158
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJ89HAE6MNVAANS
x-amz-id-2: 4kWwPWFpRBnQhPVILxQK7TkJz3UOzCPJOBkIZHW8FQ57rLYo2cVo6+eFtFDPMbzNIAmHOzOptBo=
last-modified: Tue, 27 Jul 2021 17:24:48 GMT
server: cloudflare
etag: W/"3d68a95f8dfc0c8272b8b4526af662d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: guUHTKfUCsvFVrpfNqLTgdNaXZLVTfCm
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cd4535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 5727.8c32a0a2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 46ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5727.8c32a0a2.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d1f284928f13cdec7b8185b66c2827c65f0a093f58e6e9aae2b030b9583579a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 246992
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: V8BGPT5P3Y731K28
x-amz-id-2: Ri54cGpgGD63sxol8xtj/iQuBaguwFLAnxVmB1jYACacyNINC2tSyzpcdj4UqOF3ZEmsF39FwT0=
last-modified: Mon, 12 Jul 2021 12:23:55 GMT
server: cloudflare
etag: W/"b5b5700cd1085211b1106867ce648df4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: aLEla.jHfC3x6XucihOC5u9SyhmFyJVf
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cd6535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 9068.81cc309b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 47ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9068.81cc309b.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0b9a2076b48c1e07a781fb9183d338b42e54fc014324fa0e7c597ae2e1a1dba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18157
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7WZ6QCEZ0HXW9V9Y
x-amz-id-2: ZW0k30aYkzGejvYAWhyQAqjZgFcFsqRlxoFTG42TR/6UrLBX+K1I50R6J/9aOV0M0mWcj+Jv1DU=
last-modified: Tue, 27 Jul 2021 17:24:50 GMT
server: cloudflare
etag: W/"2c53dfe5e838d1c5f2a6755cce84123e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1YXltLXp3YNzwNCJvNl8aAKN_IXjEUlv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cde535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 3810.5da23cd2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 47ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3810.5da23cd2.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e039a45cebc2581d5b9a67fbe4b2b00abfcbc22e3640f50f803b0eb578c886c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504574
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK6C88HK2KWPTK0C
x-amz-id-2: 6m0ZViNKsoLuVdGYAENeiKyppSLVg161HccX39Fxv++h3gOBwqdTsCzJqUYajp5hboQijHdzdro=
last-modified: Wed, 21 Jul 2021 16:14:46 GMT
server: cloudflare
etag: W/"bfd57986e4a22ed65a95db2641a09ef8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: yJ9jA9qiz0v2.hJh7tiPLHZqVYgGRy8M
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cdf535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7001.85fe76b0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 39ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7001.85fe76b0.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff9c6e1289121eb2965730e7f788666427f0c86802494f6197af3262fbb59764

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112775
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: DT8Q80DKZ1SECG03
x-amz-id-2: sW2FYII+nJWztMJHhhwIj2e3GvSOhWlpR/++FiJUE4098ccBP/mt3m9b06D/J4A5x+qFBFg+4KI=
last-modified: Thu, 15 Jul 2021 23:51:11 GMT
server: cloudflare
etag: W/"ba70e489f45dec06b79d13ebc170dd49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: scyZwakuCXKRJN8VIDx9xt_1x1HGWSk3
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ce1535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 570.d0e300dc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 48ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/570.d0e300dc.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b55d0d347de2ab251232dc88b19e4ea0c558a0a6b61ceb5147cf426117b7025f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6870
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJ8DGCQXSXXVD79
x-amz-id-2: Tt3fhVIIL3Rr0QLHviEIpgLm7DAK9UKKo29VeUr2AXj0ggQrFSA518KEianToD00tn+Hy4IZwCg=
last-modified: Wed, 28 Jul 2021 14:55:29 GMT
server: cloudflare
etag: W/"1ade17e0d236ead6e1f68482584f2be5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: k4VVtN9KcXCcAlodylWnzi6IUmvSwI5q
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ce2535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7546.d28b1760.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 56ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7546.d28b1760.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a18667452e11275bb7d1ba2c633defe922519dd81d9d29f1d60a5d53c76a1fad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18157
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJ2MDV5EAN6YA63
x-amz-id-2: LS3UFd+gkEvMQX8/HW08GBt/pgHRHj+EkkByqNuOLkslunYjNCRiAb2KW6xZD0KSoXhjQt65Ajg=
last-modified: Wed, 28 Jul 2021 13:18:29 GMT
server: cloudflare
etag: W/"9b45c6b8a022d5f0589c42420eb14788"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: z9M6PdcQLo4.01uhTLdynhYITebGuj0V
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ce3535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 3673.23d1046f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 49ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3673.23d1046f.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6acc85150ea38dbd83f49fdc685b2aa83a29959a74fb435aafd874c6d9a21ce3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53794
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: EG3XYQN8CRBKBYCY
x-amz-id-2: cOSzE5WUdJCqEw7kmAGrAyYGOjWBoRv4Wp/OHq0mOOw1fWGtxWbAUiRDTmZ7PWqupRh7u9ucJIQ=
last-modified: Wed, 28 Jul 2021 21:55:59 GMT
server: cloudflare
etag: W/"27b803cde677fa4319dfe6cecf1a28ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: siB0hhNU5IfLbgRRmAnCug.pWaAcucat
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ce6535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 1479.bc7f0761.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 56 KB
18 KB 50ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1479.bc7f0761.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92572895a32d8208bb119c210a1db6331bf2492d6a6a0364467b612875512129

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 78809
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: B1CGX565FZFVP83G
x-amz-id-2: qGD45SxqKP9vVf/iq783FaUnrvVLA2uVbZpwyxbhfhJiEjWA9asTHAVRGlemqCxomGKZEcgNUFY=
last-modified: Tue, 27 Jul 2021 23:29:32 GMT
server: cloudflare
etag: W/"a101a47343142657d0e153ae83bfe6aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: oLSF80Mq263mn_PpJINia3vI.L42MQcw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ce8535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7883.27cc2c5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 57ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7883.27cc2c5f.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f701c887b2e25cd543a5a533fcecf7ba585c4adbadf14463a9ff998a6ab3c7d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 74010
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 704DGPR8022S1VF7
x-amz-id-2: Gc2sA9RfN8/sigvyv5szJXdKJLU/1pu9Kr5/lUh0x89wVcKxKd8ONlq3AwAgheC2T3Icd944Z4o=
last-modified: Wed, 14 Jul 2021 17:03:53 GMT
server: cloudflare
etag: W/"3beeb202573ad14f06fd500687d99bb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sGgHdQ8DNnm1p1dVx60vcMQVICtr7zlP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cea535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 609.dc20663b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 58ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/609.dc20663b.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bffd86a9718f167caf12cd9a4f24b3e86f7789f918d472249976fb90122e654

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504529
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK6539Y16GK8THAJ
x-amz-id-2: YZtfgiOAJAYFebtZZFpDReVuXW8DiJDhgGmKTG5nTaa0ufWlokIuQW6ge/DPPuni49//JzsVr3k=
last-modified: Fri, 23 Jul 2021 17:42:20 GMT
server: cloudflare
etag: W/"181af4f105c53d7e4ea024fd18d5e674"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: p.fqF7.e5FOI6075a_MM1XMSh8qeN73Q
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774ceb535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 8886.c12d0b01.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 58ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8886.c12d0b01.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e1fe8bf6596a9d50a1bcec78ac5323c0c7adc44317312513e349ae955bb61d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 880615
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7WMZHFBV1CEZD8A0
x-amz-id-2: iNKyPaFKcSWF4tLCrBsyinuNPiqIQ7JsUeKo8hbar34eyBl0qX9otT7NVt+CF+OpRNWt0lIyKLY=
last-modified: Fri, 16 Jul 2021 17:01:46 GMT
server: cloudflare
etag: W/"105783a65501e03a83c52344cfe6775c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: KY5o1mtnpDGzf3txfkVlsRz4_UB70_V1
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cee535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 6297.b3e3438d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 58ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6297.b3e3438d.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

046b63e87de2c1a2348ac72a42d9919b307b0daa5da84a92ee4cd685401c43b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 503114
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: CTHSKNMSRN6WQTGS
x-amz-id-2: Gjt4aX79B5a2j6nPoIIrQ4TyHBA2Uu3+w6i3pr5n6NyAGZqHsZCgYB9IVJeLwG0Ey++hL+dOREk=
last-modified: Fri, 23 Jul 2021 02:52:26 GMT
server: cloudflare
etag: W/"1bbb71d949eb0d1543de09eeb135724b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ulsJ6A5CER4.T_U5fc9Ym0tlNbrhEdKe
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cf1535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 9972.370e8bc2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 58ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9972.370e8bc2.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f645c0679c81df44a885fe643440b95b9c14237f81923935f99e8954ebae9fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504529
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MKDV602DQA2XAP
x-amz-id-2: ftpqZfjFT2U3V5vN8HbQ1q7E/J0Jzay7w/LCk//8Tbe4NFmpH6TRgn5qBkClceqB362TlaEu2lA=
last-modified: Thu, 22 Jul 2021 23:37:26 GMT
server: cloudflare
etag: W/"ad7d3f6819ecac572db8d9d9a91bc9dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Xj5beO1shnnuMY8yvlODgYYJeIttPDFr
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cf3535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 6209.046a0cc0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 59ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6209.046a0cc0.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbd0ec2901332e0a1bf7c030a2ab761e119615ca1feb6a3d2944bf8a8f2a2fb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 189876
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57HN9F58KW6TG59Q
x-amz-id-2: bFSZDhcWeZY+hiEMEalbgJ41zh+qj5MWWA5aIc6P3gn9eOjzAYeMdACJMoigpuFW8GHWnUONrPQ=
last-modified: Mon, 26 Jul 2021 14:43:24 GMT
server: cloudflare
etag: W/"255326462f212c0f5068a193161d0e8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: k1FWyjK1ioYpkTuoB4iOIfFWGmZp0eg9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cf7535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7515.2a34216d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 41 KB
13 KB 59ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7515.2a34216d.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94e92593d6d7615639dd2cabe74fe55828eb97d57267420e88280b150321c8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 59606
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TJEZZDEZDAVHVVVW
x-amz-id-2: n+l1lh2EJqYdfTbfBKc6WjxdGJsO59jO0FM684AxtWrLLA7/XdAw6rUaip9mS7L0E+jnb6/UTW4=
last-modified: Wed, 28 Jul 2021 19:37:41 GMT
server: cloudflare
etag: W/"8b508dc9cf55208157ddcd8212415678"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: wRF11e52.PCrVeI7Eh.Db9hYvRd0SoAO
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774cfb535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 2182.649c2109.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
6 KB 62ms
58ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2182.649c2109.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72b3fc03c6f71dc1093a6b99778e58d9d48cf113a292c8abd4a218ff6fa0fd0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 59606
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TJEVJPYARZDWCH2S
x-amz-id-2: RlJJsMX2QzO8ZPA2nljCGL5/4/7wrD7OBC77iec7QP3+5dxq04tU4vCFG5Kuf6cwaD0LKAP5/oc=
last-modified: Wed, 28 Jul 2021 19:37:36 GMT
server: cloudflare
etag: W/"8b0128ac72cacf68196f3fbf77d4041a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: yybg6gQcyD6FQimh4H_61g4VCC_8y6OW
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774d00535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 5435.e060467a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 48 KB
15 KB 64ms
59ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5435.e060467a.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0286c4cd53c88b8bf7e8cd4d2d6ab1e76c4a5c54b7081fb0a45cad7f30ff5e3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 59606
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TJEP49B5YP32XC7F
x-amz-id-2: tbhceuxkaUW74n1e3lRvue9K9CRejXUoB9DnMtTwMRoVvP/d+mAr2TOTkJlC0fvkhqZ3Dn6UdVc=
last-modified: Wed, 28 Jul 2021 19:37:39 GMT
server: cloudflare
etag: W/"78a3d19924785a585067f78e5e0c8b70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: RseZcIfVUdpVg9yEap9jMa.Pq8A.MVzj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774d06535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 499.8ebd9851.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
8 KB 64ms
60ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/499.8ebd9851.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69ddf50a27f7d92397724e90079d5d899c20488b4bfa138be742398bf6629d7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504529
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MP4XT1BVFYP7N7
x-amz-id-2: ih9MIWKrt2KkCtso3+QaiN4xQCZL6UiaGDorz2XyqNL/GoULBBIedNT0J+S7Hh4nv3wX4RVFj90=
last-modified: Wed, 21 Jul 2021 16:14:47 GMT
server: cloudflare
etag: W/"23a4b057df4bb7f3c6b528bf9c16eb54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _9suw9zyZ6zcHIgCqLp4WnyEt4dQvmGB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774d07535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 1794.352c336e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 75ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1794.352c336e.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f35ff60ed98c7d2d3a27a9b8749a5bbf68abeeddac20fd9008cda90c8c58ca9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 229742
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: G4KDAEYGX3WC3VMY
x-amz-id-2: Ps6Pqu78W96NBb+B5ZXYwOXSV2bJf63tY2ep8JKPiaXstbGs1C3l4QEEZiJHbdElNiIaczRi1fc=
last-modified: Mon, 28 Jun 2021 18:51:06 GMT
server: cloudflare
etag: W/"720d34cd38d4cbbe7aa6e6312394d7db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8BxFNbk7CDAkRYEr9NTne6vczPvlmaVa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774d1b535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 7007.4c472921.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 47 KB
16 KB 65ms
60ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7007.4c472921.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5f83dc888d62e8a61ace73fc8a0d1426bf6c398f3ef62bfe734fc1edf2e1dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18157
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1EJFEEZT9RAWSPF9
x-amz-id-2: LAyYzqR6Iq5RDs3RTAuP7z3ywpwnBWaT0YzqL0FHOeVkjeWtU00Pa+5Se5XzWd8S+o/xLiuPtI8=
last-modified: Thu, 29 Jul 2021 07:12:03 GMT
server: cloudflare
etag: W/"e4ba7f6c9db7febdc3fd69990d28161b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _5tu4n9k9KNNTVkHI3JQ9Uez7Amg08l.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774d1c535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 Post.9df377e7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
6 KB 69ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.9df377e7.chunk.js

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f67d490239e98164bc4304ae4f91e5f0b6f23dc10b5866fb98653df050b77112

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504529
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MQCMQQAGXFET4Q
x-amz-id-2: lSakefE1EMD6ujic2gE7+ZwvdxUcOt1SnQhDU4QHfr4ui/DpdjqnVbLc4BQvej4dxswzo6GFKfs=
last-modified: Thu, 22 Jul 2021 23:37:37 GMT
server: cloudflare
etag: W/"f8d7b69a43ac8cc0ecf333e1c169aee1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tLmX.tF7Vul6msWWNnVhSM1TSfUbCAgh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e1774d1e535d-FRA
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 13 KB
5 KB 16ms
14ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e567066985125e7974f68b42914dcb134e3c38373a4a3d668bdb38a3e55f299

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
last-modified: Fri, 28 May 2021 17:24:20 GMT
server: cloudflare
etag: W/"5753bdd2-d310-49fa-bd2b-065a8e512116"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6766e1771fb64a68-FRA

GET
H2 200 0*L6YR7Iy9mj6dNra8
miro.medium.com/max/320/ 29 KB
29 KB 126ms
124ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/320/0*L6YR7Iy9mj6dNra8

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

828146603e56e76454e682d2eb73ebfa7e797baf8fdec31989f1f46bd9b1581c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 229
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 29535
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e177492bd6e5-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H2 200 0*X7ptlwKkhpByAkbc
miro.medium.com/max/320/ 8 KB
8 KB 121ms
119ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/320/0*X7ptlwKkhpByAkbc

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2b6b08e0920e67ccbb484f04c75acc1a4f4b7b4cf7f23753c5e88d164c12e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 107
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7816
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e1774933d6e5-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H2 200 0*XvSgt1r6RRaOHll1
miro.medium.com/max/320/ 8 KB
8 KB 125ms
124ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/320/0*XvSgt1r6RRaOHll1

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2b6b08e0920e67ccbb484f04c75acc1a4f4b7b4cf7f23753c5e88d164c12e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 118
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7816
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e1774936d6e5-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H3-29 200 1*p8EJYc9zSXRJfBbuplyBkw.png
miro.medium.com/max/320/ 24 KB
25 KB 284ms
266ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/320/1*p8EJYc9zSXRJfBbuplyBkw.png

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a06d347eb26628b07a89f26663e9d689e8bb26c502173c75ab7baaef4ae0f88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 158
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 24658
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e177bde7535d-FRA
expires: Sat, 28 Aug 2021 14:01:42 GMT

GET
H3-29 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 58ms
47ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

685ebea4a8c71de75cf3b4f8c51d8ca871eb2edfbe2b5ae36c2becd2b22c4629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11115671
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1775e3b16e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 49ms
38ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1972630
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1775e3816e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 67ms
55ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11118942
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1775e4216e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 65ms
54ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11118941
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1775e4016e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 64ms
52ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9088208
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1775e3f16e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 63ms
52ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11118941
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1775e3c16e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

GET
H3-29 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
29 KB 34ms
34ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b937bb95aee14bc0c2b8bcff6f39490a8845f18f86a192b1c0a001a5232616f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8918176
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1783fbf16e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:42 GMT

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 25 B
611 B 231ms
231ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7682fb89236766d039f9c72f89dca916ef0003a9c43eba22ca9704194c15115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 866
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: ViewerQuery
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 77
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 25
x-xss-protection: 0
server: cloudflare
etag: W/"19-AWcZ0/oWRZgbXds9xsp8WpnG9lI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37
set-cookie: __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
cf-ray: 6766e17acad13628-MAN
medium-missing-time: 0
x-request-received-at: 1627567302935

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 141 B
727 B 198ms
198ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c33b11a0ef4f62781947148f767a4060c0c9fbd5f7d2f56374d8deca94012062

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 195
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
set-cookie: __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
x-envoy-upstream-service-time: 69
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"8d-Zaj3TwelKStor2s7U1Tb1El046s"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37
medium-missing-time: 0
cf-ray: 6766e17acad53628-MAN
x-request-received-at: 1627567302916

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 25 KB
3 KB 290ms
290ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4affe9ac5e69dc6e99fa81c52963f3e3dcee77676122ae31f47ace08a88e72e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 368
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: VariantFlagsQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: VariantFlagsQuery
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
set-cookie: __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
x-envoy-upstream-service-time: 67
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"62ee-wtLypgIiC63ABQP8BulLn7p2Sao"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37
medium-missing-time: 0
cf-ray: 6766e17adadd3628-MAN
x-request-received-at: 1627567302931

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 106 B
737 B 314ms
314ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc7f5374915934df088c3de24215c20584ac328b642eddf2f7b892d2acf42455

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 1094
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: PostMeter
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: PostMeter
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
set-cookie: __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
x-envoy-upstream-service-time: 128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6a-Skg1smkdNd4bfaVJIQiRtmQHQWk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37, tutu/main-20210729-044416-f67966c436
medium-missing-time: 6
cf-ray: 6766e17aeb083628-MAN
x-request-received-at: 1627567302966

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 443 B
861 B 230ms
229ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c844834ff7cbeb0325495f69968e0a332acc440daf50e8297e707270c733254b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 603
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: UserViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
set-cookie: __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
x-envoy-upstream-service-time: 89
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1bb-hRB9DFjWrPNkCfTv+jDWScPecLg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37, tutu/main-20210729-044416-f67966c436
medium-missing-time: 2
cf-ray: 6766e17b4b543628-MAN
x-request-received-at: 1627567302997

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 281 B
840 B 493ms
492ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aef3def83c8a646f76a07e547597f9ecb1c15f045184de71db7cd114580449df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 451
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: PostViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: PostViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
set-cookie: __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
x-envoy-upstream-service-time: 340
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"119-yl2iQn8lFOOaJu7q6Kl0p0qNsug"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37, tutu/main-20210729-044416-f67966c436
medium-missing-time: 5
cf-ray: 6766e17b4b5e3628-MAN
x-request-received-at: 1627567303015

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 31 B
549 B 350ms
349ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff42ec6e6b9381e02b7306d3fa15cdd409fc3c73fb18733526af29f721587864

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 490
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a?source=social.tw&gi=1a435a1a32eb
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 104
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 31
x-xss-protection: 0
server: cloudflare
etag: W/"1f-ecPluy3OcG61FRPO3svThlqvbgU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37, tutu/main-20210729-044416-f67966c436
medium-missing-time: 2
cf-ray: 6766e17c1c5f3628-MAN
x-request-received-at: 1627567303127

GET
H3-29 200 8342.6aa0b45e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 21ms
21ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8342.6aa0b45e.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.a5bf5caf.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 221511
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: XZ1MCW81DYX4XYRA
x-amz-id-2: JBq2v1mt0X2gMH7anuTD0L29hBl6YEbcNFuFx4UcXyhBHZAwmrTku09UuVijG7UrHr9mRGJu58E=
last-modified: Fri, 14 May 2021 07:49:57 GMT
server: cloudflare
etag: W/"5daacb41c4e6b401be87ada016250ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QtuMS.aBLj19jleyzZwgHGYQHQ8_ziQc
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17c2929535d-FRA
expires: Fri, 29 Jul 2022 14:01:43 GMT

GET
H3-29 200 8698.667348ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
10 KB 24ms
23ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8698.667348ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.a5bf5caf.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7906af2d894a3d44ff1ec06feeb68e2ba73592d352ea46f750a7812b8b077541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 177026
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 30813J4S0STW673X
x-amz-id-2: 2ddoy/2Fb51xGEb2qofa1xM+yuUjfP43WXegzF8YHH2z10vgXWvjNRSQ1zKP+136CUxhwowOIvk=
last-modified: Thu, 24 Jun 2021 19:29:13 GMT
server: cloudflare
etag: W/"4685017117f36eac810ca87a483defc9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qOAyiPiHU69qia3mybHyZEGEgfKbYk_I
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17c2931535d-FRA
expires: Fri, 29 Jul 2022 14:01:43 GMT

GET
H3-29 200 9590.38fe4920.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 43 KB
12 KB 26ms
26ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9590.38fe4920.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.a5bf5caf.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48a83f55c7f2365ada26b4fe13b0bbe33a65e8536cc5f78e820228ace499727a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18157
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1FEMQ79Z86RBSNT8
x-amz-id-2: 1u/VW0QvoywVM4w2UewxAWQTuofYkoupn5uMadI2b7VbCVwCeKCjkjlRLpxsyuiiuiQqWpmt/Z0=
last-modified: Thu, 29 Jul 2021 07:12:05 GMT
server: cloudflare
etag: W/"789b8b45277acb6fec22df45b622e2f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: X0ZeJt_CeOjNHaJb41lp5OSBmKYndvZU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17c2934535d-FRA
expires: Fri, 29 Jul 2022 14:01:43 GMT

GET
H3-29 200 712.ed8f89f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 54 KB
18 KB 22ms
21ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/712.ed8f89f0.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.a5bf5caf.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3093c1c942dcdc1048de34714d04cea8a1dfa69f1c2164dbec7c4494fab1e883

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18157
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1FEQNM2BPQBESPHG
x-amz-id-2: X3HP+jXxYYShD5y4vHb5gU+3hDi+kJG09hUbYoKI8f2fe6QQKVdwOByJOTityy0LUaGAvHOfZGY=
last-modified: Wed, 28 Jul 2021 15:22:03 GMT
server: cloudflare
etag: W/"f66c3c67f085d87b82e0c7a2204f0166"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: UetzaHg.i5Sj.4AvwCQHCn_rzxbdypFU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17c2937535d-FRA
expires: Fri, 29 Jul 2022 14:01:43 GMT

GET
H3-29 200 ThreadedResponsesSidebar.a6f5bdb2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 48ms
48ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.a6f5bdb2.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.a5bf5caf.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d74eecbdd43b1d9a073a69572dc9d5f2726ae317dd1e9bb2fac9e0c0bc4c94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18157
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1FEW0YTGDK6ZWNPY
x-amz-id-2: mxObpgcqeDNC91Qq+d9HXj56sgGf1rUy1vPBXhkNNiFkrB7aV3yoaCQmSd9TGgywN85i3PyCJZc=
last-modified: Wed, 28 Jul 2021 14:55:48 GMT
server: cloudflare
etag: W/"87f3cfaa63daa617594a244618938b02"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tSg69gHj2SBlfhd5Avxi2NqeNn3viRwX
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6766e17c293a535d-FRA
expires: Fri, 29 Jul 2022 14:01:43 GMT

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 3 KB
1 KB 507ms
506ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e9df234ccaf8f5e9d8c5b55be076b5fb2fece269c2854ff167c1036b8025c11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; dd_cookie_test_038a77b2-1422-4a58-a3a0-88b081124517=test; _dd_s=rum=0&expire=1627568203092; dd_cookie_test_e0aa3ced-ab41-4758-88c0-061735b4ee52=test; dd_cookie_test_28d5824f-1eaa-43fb-9ce6-53189eee2d95=test
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 3223
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
graphql-operation: PublisherSidebarFollowsQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
Graphql-Operation: PublisherSidebarFollowsQuery
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 347
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"a76-7C52V9v5YYalJFmBEtExl+iuGfY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37, tutu/main-20210729-044416-f67966c436
medium-missing-time: 223
cf-ray: 6766e17d5dfb3628-MAN
x-request-received-at: 1627567303343

POST
H3-29 200 graphql Show response
posts.bluraven.io/_/ 94 B
629 B 456ms
455ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

959894ee3e8d6bacdf9419f2d8f81de021459cd59904033dbe90cd589ad41f5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 5ef8315b2802ab5a
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; dd_cookie_test_038a77b2-1422-4a58-a3a0-88b081124517=test; _dd_s=rum=0&expire=1627568203092; dd_cookie_test_e0aa3ced-ab41-4758-88c0-061735b4ee52=test; dd_cookie_test_28d5824f-1eaa-43fb-9ce6-53189eee2d95=test
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210729-083823-199098d1db
content-length: 5605
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
medium-frontend-path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
apollographql-client-version: main-20210729-083823-199098d1db
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 48c36d5d889d7aff
Medium-Frontend-Path: /detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
Medium-Frontend-App: lite/main-20210729-083823-199098d1db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210729-083823-199098d1db
ot-tracer-spanid: 5ef8315b2802ab5a

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 322
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"5e-uQOzFuAmgeTZvCIfaubNk5W8szc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, rito/main-20210729-123158-e6d489bb37, tutu/main-20210729-044416-f67966c436
medium-missing-time: 3
cf-ray: 6766e17d5e013628-MAN
x-request-received-at: 1627567303322

GET
H3-29 200 1*BEXOU5IGsN92Sb_9_i5zjg.png
miro.medium.com/max/571/ 15 KB
15 KB 164ms
163ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/571/1*BEXOU5IGsN92Sb_9_i5zjg.png

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9875d5c007ac1f0ec5a4b3fa3113ca4f7d254283f93ea6da42914baca710d79e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 76
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15239
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6766e17e0e64535d-FRA
expires: Sat, 28 Aug 2021 14:01:43 GMT

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 153ms
153ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; dd_cookie_test_038a77b2-1422-4a58-a3a0-88b081124517=test; _dd_s=rum=0&expire=1627568203092; dd_cookie_test_e0aa3ced-ab41-4758-88c0-061735b4ee52=test; dd_cookie_test_28d5824f-1eaa-43fb-9ce6-53189eee2d95=test; dd_cookie_test_50e25845-ea47-445b-9e90-f45189d41756=test; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_f656da40-5a95-4b03-8bd4-bba6677f133c=test
content-length: 195
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 7
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e17eafb73628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 186ms
186ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; dd_cookie_test_038a77b2-1422-4a58-a3a0-88b081124517=test; _dd_s=rum=0&expire=1627568203092; dd_cookie_test_e0aa3ced-ab41-4758-88c0-061735b4ee52=test; dd_cookie_test_28d5824f-1eaa-43fb-9ce6-53189eee2d95=test; dd_cookie_test_50e25845-ea47-445b-9e90-f45189d41756=test; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_f656da40-5a95-4b03-8bd4-bba6677f133c=test; dd_cookie_test_30aa3b3b-e858-4abd-bbf3-9d28775dfd16=test
content-length: 240
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 9
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e17ebfbc3628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 141ms
140ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; _dd_s=rum=0&expire=1627568203092; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea=test; dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c=test; dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce=test; dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474=test; dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa=test; dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a=test
content-length: 240
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 7
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e1832cf83628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 307ms
305ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; _dd_s=rum=0&expire=1627568203092; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea=test; dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c=test; dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce=test; dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474=test; dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa=test; dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a=test
content-length: 240
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 5
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e1833d013628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: t.co
URL: https://t.co/QNLqtjWkg5?amp=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 5541
date: Thu, 29 Jul 2021 12:29:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 29 Jul 2021 14:29:23 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 93ms
33ms Script
text/javascript 13.224.99.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: t.co
URL: https://t.co/QNLqtjWkg5?amp=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.99.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-99-23.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00ea178cbba5d3f907ab88426a2380ee06fc6267ea1e7e9815e4063fcdd8d8ac

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: qarmcwXsLN.jA_Lr9PtDBnGJTnfPptaQ
content-encoding: gzip
last-modified: Mon, 24 May 2021 20:22:06 GMT
server: AmazonS3
age: 72
etag: "611960e84a5f2287a232699af98b27d9"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 cd66c5a89ae3376f15c155e3b52a758d.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Thu, 29 Jul 2021 14:00:32 GMT
x-amz-cf-pop: ZRH50-C1
content-length: 23842
x-amz-cf-id: gOrAl7HyQe_Zc6bcEvPk4JJlrnmFXr9VpGgmUxMTnyw8J7f5YlF3Fw==

GET
H3-29 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 31ms
31ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.bluraven.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8412481
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6766e1854a4b16e6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 29 Jul 2022 14:01:44 GMT

GET
H3-29 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/135/ 4 KB
4 KB 29ms
28ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2348194
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cached-on: Fri, 02 Jul 2021 09:34:39 GMT, Fri, 02 Jul 2021 09:40:57 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4048
pragma: public
sepia-upstream: medium
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210610-161437-d086756654
accept-ranges: bytes
cf-ray: 6766e185da54535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

GET
H3-29 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/135/ 4 KB
5 KB 29ms
29ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2347786
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cached-on: Wed, 30 Jun 2021 07:14:29 GMT, Fri, 02 Jul 2021 09:40:57 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4354
pragma: public
sepia-upstream: medium
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210617-165854-e4900a530f
accept-ranges: bytes
cf-ray: 6766e185da57535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

GET
H3-29 200 1*QetsZNud-IhpScZxKiVgUg.jpeg
miro.medium.com/fit/c/20/20/ 882 B
1 KB 108ms
107ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*QetsZNud-IhpScZxKiVgUg.jpeg

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca2c461caa017b830e013b2598a4aba24c72e5f55127b6cef479688ed3b771f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 36
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 882
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 6766e1862ae9535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

GET
H3-29 200 1*T76EgjtWu9n4YagNcYcf3Q.png
miro.medium.com/fit/c/20/20/ 988 B
1 KB 104ms
104ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*T76EgjtWu9n4YagNcYcf3Q.png

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be37c0fb57ec713418339538dfdcbf76d4f81206cb3cd12d57b670ef05fa5bc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 86
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 988
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 6766e1862aed535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

GET
H3-29 200 0*888-kwdspzu5MKfg.jpg
miro.medium.com/fit/c/20/20/ 1004 B
1 KB 38ms
37ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*888-kwdspzu5MKfg.jpg

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c75275aec56d790a4bdc229256f894e74c55fc9bf803117b127c31f8d334aba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 271
x-envoy-upstream-service-time: 53
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1004
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210524-162717-f383c62fea
accept-ranges: bytes
cf-ray: 6766e1862af4535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

GET
H3-29 200 1*yFp1VmXHPcrYrYrDNlD_7A.png
miro.medium.com/fit/c/20/20/ 258 B
696 B 129ms
129ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*yFp1VmXHPcrYrYrDNlD_7A.png

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2275818f67e5eb48a475e1b6078f2fd32b0bc869c46b48e0cc0a47026a32fb00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 73
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 258
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 6766e1862af6535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

GET
H3-29 200 1*4IkVg3KcPy35k2ibhWmaag.jpeg
miro.medium.com/fit/c/20/20/ 989 B
1 KB 111ms
110ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*4IkVg3KcPy35k2ibhWmaag.jpeg

Requested by

Host: posts.bluraven.io
URL: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c3b1287f6309b00ef4aab1b14affa565d35f570be101411b36cc026b6cc94d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 989
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210610-161437-d086756654
accept-ranges: bytes
cf-ray: 6766e1862afa535d-FRA
expires: Sat, 28 Aug 2021 14:01:44 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=152926835&t=pageview&_s=1&dl=https%3A%2F%2Fposts.bluraven.io%2Fdetecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Detecting%20PetitPotam%20AD%20CS%20and%20other%20Domain%20Controller%20Account%20Takeovers%20%7C%20by%20Mehmet%20Ergene%20%7C%20Jul%2C%202021%20%7C%20Medium&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=618918876&gjid=1964196529&cid=2124129923.1627567305&tid=UA-24232453-2&_gid=1310248234.1627567305&_r=1&_slc=1&z=187730499

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 14:01:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.bluraven.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 90 B
564 B 213ms
185ms Script
text/javascript 2600:9000:2190:d000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.58.2&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:d000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

44262f71476ba8c64683bf6057641797a6bd415b1a42811d7b48201e333ba517

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: ZRH50-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 90
etag: W/"5a-i4Qop3+SMbq96tf/f2H/INx7CPQ"
x-amz-cf-id: ULEKtmsyg0IYUSYlteCoMTGcOwDP3DvMn_wXBCsFpD1aFfQck5jJVw==

POST reports
lightstep.medium.systems/api/v0/ 0
0

OPTIONS
H2 503 reports
lightstep.medium.systems/api/v0/ 0
0 157ms
134ms Preflight
text/plain 2606:4700:3032::6815:5081
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3032::6815:5081 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.bluraven.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
content-type: text/plain
content-length: 91
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2BByCpBmskhOMVs4IgaKP8latCyhkgtBhcA%2B6FF2Zzfm%2FAhSjZb3HNc8lWuCMzX4PS%2FfymVicKZzSsJIGGv1V0huOkMHRIxfVIxbfcQauBho6HvA4nvFaJWLqOeRC7phDIWDFimcPFQTjVx8kdmqgdnQHBkk%2Feg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6766e1875da72bb9-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
626 B 204ms
176ms XHR
application/json 2600:9000:2190:8e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:8e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8ba03bf70a0f0e21212e5fd93041a167ea3b0053383173213fdeef2b14b46c8f

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
via: 1.1 4ee178becf6bd81a5ce90c64ae0621b5.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: a8942f4e11a74074b75295ee6472c108-2021072914
content-length: 312
x-amz-cf-id: 8LFRMfxLgtlCgRQHLT6hSa7RNC9KR03c3rtNGVjjxJqDd-LtMTwIww==

OPTIONS
H/1.1 200
OK log
errors.client.optimizely.com/ 0
0 419ms
102ms Preflight
text/plain 52.72.27.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Server: 52.72.27.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-27-138.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://posts.bluraven.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://posts.bluraven.io
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Thu, 29 Jul 2021 14:01:45 GMT
Content-Length: 13
Connection: keep-alive

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
243 B 103ms
102ms XHR
text/plain 52.72.27.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.27.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-27-138.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://posts.bluraven.io
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Thu, 29 Jul 2021 14:01:45 GMT
Content-Type: text/plain

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 226ms
226ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; _dd_s=rum=0&expire=1627568203092; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea=test; dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c=test; dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce=test; dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474=test; dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa=test; dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a=test; _ga=GA1.2.2124129923.1627567305; _gid=GA1.2.1310248234.1627567305; _gat=1
content-length: 1633
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 6
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e187ca7f3628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 155ms
155ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; _dd_s=rum=0&expire=1627568203092; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea=test; dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c=test; dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce=test; dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474=test; dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa=test; dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a=test; _ga=GA1.2.2124129923.1627567305; _gid=GA1.2.1310248234.1627567305; _gat=1
content-length: 1633
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 6
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e187ca863628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

POST
H3-29 200 /
posts.bluraven.io/_/clientele/reports/performance/ 0
0 406ms
406ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; _dd_s=rum=0&expire=1627568203092; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea=test; dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c=test; dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce=test; dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474=test; dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa=test; dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a=test; _ga=GA1.2.2124129923.1627567305; _gid=GA1.2.1310248234.1627567305; _gat=1
content-length: 1633
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 13
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e, clientele/main-20210709-175524-eebd6c4731
cf-ray: 6766e187ca893628-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

POST
H3-29 200 rum Show response
posts.bluraven.io/cdn-cgi/ 0
167 B 35ms
31ms XHR
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/cdn-cgi/rum?req_id=6766e16f0e363628

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_6f8b0b565a50; sid=1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==; optimizelyEndUserId=lo_6f8b0b565a50; __cfruid=99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303; _dd_s=rum=0&expire=1627568203092; lightstep_guid/lite-web=4c79ace33f87f831; lightstep_session_id=4176ad9c1e4338c1; dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea=test; dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c=test; dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce=test; dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474=test; dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa=test; dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a=test; _ga=GA1.2.2124129923.1627567305; _gid=GA1.2.1310248234.1627567305; _gat=1
content-length: 22021
:path: /cdn-cgi/rum?req_id=6766e16f0e363628
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://posts.bluraven.io
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6766e187da8c3628-MAN
vary: Origin

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
565 B 216ms
216ms XHR
application/json 2600:9000:2190:8e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

02f51a27d1d26a4d88d7fed33eb58fb1914eb6af0bda6cc2012619db6ddd9be8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
via: 1.1 4ee178becf6bd81a5ce90c64ae0621b5.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: ZRH50-C1
x-powered-by: Express
etag: W/"b4-elNh4jE1VOYPou+ueKqhgCxWkF4"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 1f594ab37aa8409685cb15184757fed0-2021072914
content-length: 180
x-amz-cf-id: dZsNEwfESLQgARuLTQmZRwuID33-PM9bIJGkh-Yrm2mGdDCzRSjwig==

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 117ms
117ms Fetch
application/json 2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 29 Jul 2021 14:01:45 GMT
content-length: 2
content-type: application/json

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ 0
0 507ms
96ms Preflight 2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://posts.bluraven.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 207ms
207ms XHR
application/json 2600:9000:2190:8e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:8e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
via: 1.1 4ee178becf6bd81a5ce90c64ae0621b5.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 61dd6e3ba0fb464293d9cc8f5e98b067-2021072914
content-length: 28
x-amz-cf-id: -hrMKJHKDBQu4APIF3P1Gf_GACXEhYdSZrxX6I5q-KqXrGiWJncoBQ==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
387 B 361ms
361ms XHR
application/json 2600:9000:2190:8e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:8e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 29 Jul 2021 14:01:45 GMT
via: 1.1 4ee178becf6bd81a5ce90c64ae0621b5.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: a27f2e81c97146ed81b3c1210a12733c-2021072914
content-length: 28
x-amz-cf-id: jctXghNzTHx5k3TJEaSlXon_qYEhgKiEewaxed7iaWfg4ytH-czwBw==

POST
H2 200 batch Show response
posts.bluraven.io/_/ 17 B
279 B 619ms
619ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.bluraven.io/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://posts.bluraven.io
x-xsrf-token: 1
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
content-length: 11989
:path: /_/batch
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.bluraven.io
referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.bluraven.io/detecting-petitpotam-and-other-domain-controller-account-takeovers-d3364bd9ee0a
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Thu, 29 Jul 2021 14:01:48 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json
vary: Accept-Encoding
medium-fulfilled-by: edgy/4, valencia/main-20210728-235701-3844dd290e
x-envoy-upstream-service-time: 147
set-cookie: uid=lo_7bb09a754737; Path=/; Expires=Fri, 29 Jul 2022 14:01:48 GMT; HttpOnly; Secure __cfruid=c6c064c72a530a35197418b8438fb1788b3cabd1-1627567308; path=/; domain=.posts.bluraven.io; HttpOnly; Secure; SameSite=None
cf-ray: 6766e19b7a48d20c-MAN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 17

POST reports
lightstep.medium.systems/api/v0/ 0
0

OPTIONS
H2 503 reports
lightstep.medium.systems/api/v0/ 0
0 143ms
143ms Preflight
text/plain 2606:4700:3032::6815:5081
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3032::6815:5081 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.bluraven.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Jul 2021 14:01:51 GMT
content-type: text/plain
content-length: 91
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1QPhPYsl91DzrsydJOGF1ckDLF9%2BdFIi1ow3xYOJCUBYQ3uU8SNbkE99nLa4JwrXOyTFfA7HnxKtwiKqPuI%2FArwEZXfpKZpBzlLFR9z91hOYh2GR9w877uEH6bXLIKKam9xhb3STOnE%2B8s5k8RnEa3WtRqPpQY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6766e1ad3ee52bb9-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lightstep.medium.systems
URL: https://lightstep.medium.systems/api/v0/reports

Domain: lightstep.medium.systems
URL: https://lightstep.medium.systems/api/v0/reports

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bluraven.io/	1970-01-20 13:37:19	Name: _ga Value: GA1.2.2124129923.1627567305
posts.bluraven.io/	1970-01-19 20:06:07	Name: dd_cookie_test_3f10d56b-b2b5-45d8-ac41-169cfbc7071a Value: test
posts.bluraven.io/	1970-01-19 20:06:07	Name: dd_cookie_test_c8b54204-a31d-4680-97ac-93aebfd963fa Value: test
posts.bluraven.io/	1970-01-19 20:06:07	Name: dd_cookie_test_b10ea737-bf47-4127-8667-be986c510474 Value: test
posts.bluraven.io/	1970-01-19 20:06:07	Name: dd_cookie_test_9a9fa8d1-c8e9-4d66-884f-cd242d92217c Value: test
posts.bluraven.io/	1970-01-19 20:06:08	Name: _dd_s Value: rum=0&expire=1627568203092
posts.bluraven.io/	1970-01-19 20:16:12	Name: lightstep_session_id Value: 4176ad9c1e4338c1
.bluraven.io/	1970-01-19 20:06:07	Name: _gat Value: 1
.bluraven.io/	1970-01-19 20:07:33	Name: _gid Value: GA1.2.1310248234.1627567305
posts.bluraven.io/	1970-01-19 20:16:12	Name: lightstep_guid/lite-web Value: 4c79ace33f87f831
posts.bluraven.io/	1970-01-20 04:51:43	Name: optimizelyEndUserId Value: lo_6f8b0b565a50
.posts.bluraven.io/	1969-12-31 23:59:59	Name: __cfruid Value: 99afc5cb4820986d8c049d3e732a99091b67bf85-1627567303
posts.bluraven.io/	1970-01-19 20:06:07	Name: dd_cookie_test_172003eb-63d4-4c6b-9895-0cef065ff4ce Value: test
posts.bluraven.io/	1970-01-19 20:06:07	Name: dd_cookie_test_662b314e-eaab-43a9-9782-a3ffc88380ea Value: test
posts.bluraven.io/	1970-01-20 04:51:43	Name: sid Value: 1:3B2LKFUxhKsUsRZ+T1nWt8HuX1sgHfs5ogsrRieuB3cmRIwKke4qORnVyTALczsLMZ4UNDwjfRLqVPuOYj6t1Q==
posts.bluraven.io/	1970-01-20 04:51:43	Name: uid Value: lo_6f8b0b565a50

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js(Line 1) Message: ... .,ok000Oxc. 'oxo, .' ,kWMMMMMMMMXo;. ;KMWMX: lK, ,0MMMMMMMMMMMWNd'xMMMMMO;xWl lWMMMMMMMMMMMMM0lOMMMMMKoOMo cNMMMMMMMMMMMMMk:OMMMMM0lkWl .dNMMMMMMMMMMKx; lWMMMWd.dN: ;kXWMMMMWKd' .oXWXx. ;o. .;ccc:,. .,.
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.c1791826.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
errors.client.optimizely.com
glyph.medium.com
lightstep.medium.systems
link.medium.com
medium.com
miro.medium.com
posts.bluraven.io
rsci.app.link
static.cloudflareinsights.com
t.co
www.google-analytics.com
lightstep.medium.systems
104.244.42.5
13.224.99.23
13.57.121.49
162.159.153.4
2600:1f18:24e6:b901:a5bf:d48:8f31:c6c5
2600:9000:2190:8e00:11:f728:3040:93a1
2600:9000:2190:ac00:19:9934:6a80:93a1
2600:9000:2190:d000:19:9934:6a80:93a1
2606:4700:3032::6815:5081
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:5f41
2a00:1450:4001:828::200e
2a02:26f0:6c00:2b7::13b8
52.72.27.138
00678d84f34008f5f240d194ee80af4e17bcbc2b4aa552ccc1a71fc32542996b
00ea178cbba5d3f907ab88426a2380ee06fc6267ea1e7e9815e4063fcdd8d8ac
0286c4cd53c88b8bf7e8cd4d2d6ab1e76c4a5c54b7081fb0a45cad7f30ff5e3a
02f51a27d1d26a4d88d7fed33eb58fb1914eb6af0bda6cc2012619db6ddd9be8
038262231160fee976d84fa8d1db80567769112008a892e0edeb76f6c1121165
046b63e87de2c1a2348ac72a42d9919b307b0daa5da84a92ee4cd685401c43b9
0bffd86a9718f167caf12cd9a4f24b3e86f7789f918d472249976fb90122e654
0e567066985125e7974f68b42914dcb134e3c38373a4a3d668bdb38a3e55f299
0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107
0fcdf1b9c29d79fa8679eeefa1573c239bc5bea4dd2eed064fc6e2a0d1c97f4b
15448e7caa99c8a2625550634b1ca141e05796c376e99258057d792435231a9c
1bd46284abee72dbe93295f7b04a7297e851545b95fb9aa5e91237ff7b03fcf4
1df64477657fc39fda0471e018fcf7b888f6287e22e1f7da038cefa650532293
1e1fe8bf6596a9d50a1bcec78ac5323c0c7adc44317312513e349ae955bb61d6
2275818f67e5eb48a475e1b6078f2fd32b0bc869c46b48e0cc0a47026a32fb00
23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7
2b6485bfbcb7e3aab863c5eed03e20d52e6ca7faaaff00f33559cab8a43864a1
3093c1c942dcdc1048de34714d04cea8a1dfa69f1c2164dbec7c4494fab1e883
31841c0553a88ef72572428c8afe8696d589e27364b961199d15589399f73b50
37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44262f71476ba8c64683bf6057641797a6bd415b1a42811d7b48201e333ba517
48a83f55c7f2365ada26b4fe13b0bbe33a65e8536cc5f78e820228ace499727a
5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285
685ebea4a8c71de75cf3b4f8c51d8ca871eb2edfbe2b5ae36c2becd2b22c4629
69ddf50a27f7d92397724e90079d5d899c20488b4bfa138be742398bf6629d7e
6acc85150ea38dbd83f49fdc685b2aa83a29959a74fb435aafd874c6d9a21ce3
6ca2c461caa017b830e013b2598a4aba24c72e5f55127b6cef479688ed3b771f
72b3fc03c6f71dc1093a6b99778e58d9d48cf113a292c8abd4a218ff6fa0fd0d
78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee
7906af2d894a3d44ff1ec06feeb68e2ba73592d352ea46f750a7812b8b077541
828146603e56e76454e682d2eb73ebfa7e797baf8fdec31989f1f46bd9b1581c
83788be5811b59e17e25d6c585494302ebd654e718f77554b48a85a46a3e22df
871f0d0eeff126b2d40b4befa97f7b74b3b62bd2fa6fc4ac58b46df09090fb64
8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d
8ba03bf70a0f0e21212e5fd93041a167ea3b0053383173213fdeef2b14b46c8f
8bbacda37b119c290c184c6975dc0f9e7892a22c56bb572d70457e437484864d
8d1f284928f13cdec7b8185b66c2827c65f0a093f58e6e9aae2b030b9583579a
8e039a45cebc2581d5b9a67fbe4b2b00abfcbc22e3640f50f803b0eb578c886c
8ecee62070357edab5727659cb134bea62b8db3d37b0c8bc76a89f7fa53d6d99
92572895a32d8208bb119c210a1db6331bf2492d6a6a0364467b612875512129
94e92593d6d7615639dd2cabe74fe55828eb97d57267420e88280b150321c8ba
959894ee3e8d6bacdf9419f2d8f81de021459cd59904033dbe90cd589ad41f5c
971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea
9875d5c007ac1f0ec5a4b3fa3113ca4f7d254283f93ea6da42914baca710d79e
9971503ea5cbc832b9d030f04e7c4f4124148bc50c1d7f5dc16af968c6fccb27
9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16
9d74eecbdd43b1d9a073a69572dc9d5f2726ae317dd1e9bb2fac9e0c0bc4c94a
9e9df234ccaf8f5e9d8c5b55be076b5fb2fece269c2854ff167c1036b8025c11
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a06d347eb26628b07a89f26663e9d689e8bb26c502173c75ab7baaef4ae0f88b
a18667452e11275bb7d1ba2c633defe922519dd81d9d29f1d60a5d53c76a1fad
a2b6b08e0920e67ccbb484f04c75acc1a4f4b7b4cf7f23753c5e88d164c12e5f
a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ad12ec9a2eba580842055e96409b60a39ee650a18dd9fbe784e3a3f44d0f215e
aef3def83c8a646f76a07e547597f9ecb1c15f045184de71db7cd114580449df
b55d0d347de2ab251232dc88b19e4ea0c558a0a6b61ceb5147cf426117b7025f
b8aecc772988b29a46774bb5c5e2dd3373fca5cfab4122338414f41cfb6b656e
b937bb95aee14bc0c2b8bcff6f39490a8845f18f86a192b1c0a001a5232616f1
bbd0ec2901332e0a1bf7c030a2ab761e119615ca1feb6a3d2944bf8a8f2a2fb7
bc7f5374915934df088c3de24215c20584ac328b642eddf2f7b892d2acf42455
be37c0fb57ec713418339538dfdcbf76d4f81206cb3cd12d57b670ef05fa5bc9
bfbc5e87561169bfa5b0821ab995cbcfc9e27a58901d4a0bd07e68962a7aa85f
c0b96e1dcb807768651c6bb2ad8141464f4b7ef5364cc1f69bd5268e91334906
c33b11a0ef4f62781947148f767a4060c0c9fbd5f7d2f56374d8deca94012062
c4affe9ac5e69dc6e99fa81c52963f3e3dcee77676122ae31f47ace08a88e72e
c5f83dc888d62e8a61ace73fc8a0d1426bf6c398f3ef62bfe734fc1edf2e1dd2
c75275aec56d790a4bdc229256f894e74c55fc9bf803117b127c31f8d334aba4
c7682fb89236766d039f9c72f89dca916ef0003a9c43eba22ca9704194c15115
c844834ff7cbeb0325495f69968e0a332acc440daf50e8297e707270c733254b
cc20c20cdbaaa71056961219be10f09df0427b225e3c51291c0688d4e20e594b
d7c3b1287f6309b00ef4aab1b14affa565d35f570be101411b36cc026b6cc94d
e0b9a2076b48c1e07a781fb9183d338b42e54fc014324fa0e7c597ae2e1a1dba
e36f60c1e0446888159ec0619803a3767652dea057c46ee478322511d1c4bb34
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f35ff60ed98c7d2d3a27a9b8749a5bbf68abeeddac20fd9008cda90c8c58ca9e
f533eb639be3ba90e9031b71779c52cdc20698da99dc51b3b5ac2f91e7134aaf
f645c0679c81df44a885fe643440b95b9c14237f81923935f99e8954ebae9fd6
f67d490239e98164bc4304ae4f91e5f0b6f23dc10b5866fb98653df050b77112
f701c887b2e25cd543a5a533fcecf7ba585c4adbadf14463a9ff998a6ab3c7d5
ff42ec6e6b9381e02b7306d3fa15cdd409fc3c73fb18733526af29f721587864
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1
ff9c6e1289121eb2965730e7f788666427f0c86802494f6197af3262fbb59764

posts.bluraven.io Open in urlscan Pro 162.159.153.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

103 Requests

98 %HTTPS

67 %IPv6

10 Domains

17 Subdomains

14 IPs

3 Countries

1262 kBTransfer

3411 kBSize

16 Cookies

34 Outgoing links

Page URL History

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

posts.bluraven.io Open in urlscan Pro
162.159.153.4 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

98 %
HTTPS

67 %
IPv6

10
Domains

17
Subdomains

14
IPs

3
Countries

1262 kB
Transfer

3411 kB
Size

16
Cookies

103 HTTP transactions
0 data transactions