www.blackhillsinfosec.com Open in urlscan Pro
2606:4700:3108::ac42:2ae0 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
Submission: On February 19 via api (February 19th 2024, 9:14:53 am UTC) from BE — Scanned from DE

Summary HTTP 52 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 52 HTTP transactions. The main IP is 2606:4700:3108::ac42:2ae0, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.blackhillsinfosec.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 6th 2023. Valid for: a year.

This is the only time www.blackhillsinfosec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18 59	2606:4700:310... 2606:4700:3108::ac42:2ae0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
52	7

59 2606:4700:3108::ac42:2ae0 (United States) 18 redirects

ASN13335 (CLOUDFLARENET, US)

www.blackhillsinfosec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
blackhillsinfosec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	blackhillsinfosec.com 18 redirects www.blackhillsinfosec.com blackhillsinfosec.com	3 MB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	337 KB
3	gstatic.com fonts.gstatic.com	129 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	21 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 113	353 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 996	7 KB
52	6

	Domain	Requested by
42	www.blackhillsinfosec.com	1 redirects www.blackhillsinfosec.com static.cloudflareinsights.com
17	blackhillsinfosec.com	17 redirects
4	www.googletagmanager.com	www.blackhillsinfosec.com www.googletagmanager.com
3	fonts.gstatic.com	www.blackhillsinfosec.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.cloudflareinsights.com	www.blackhillsinfosec.com
52	7

This site contains links to these domains. Also see Links.

Domain
www.antisyphontraining.com
mailchi.mp
www.activecountermeasures.com
wildwesthackinfest.com
podcasts.apple.com
blackhillsinfosec.com
www.youtube.com
discord.gg
www.linkedin.com
spearphish-general-store.myshopify.com
twitter.com
antisyphontraining.com
www.hasecuritysolutions.com
www.data-sentry.com
itunes.apple.com
www.stitcher.com

Subject Issuer	Validity	Valid
blackhillsinfosec.com Cloudflare Inc ECC CA-3	`2023-05-06` - `2024-05-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
Frame ID: F05719C23B4268DAE198A134D4DE89BF
Requests: 52 HTTP requests in this frame

Frame: https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Frame ID: 8FBC31A24466F194516901022A868733
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Powershell Without Powershell - How To Bypass Application Whitelisting, Environment Restrictions & AV - Black Hills Information Security Black Hills Information Security

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

52
Requests

65 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

3078 kB
Transfer

4211 kB
Size

6
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://www.antisyphontraining.com/event/2024-most-offensive-summit-bypass-edition/
Title: Join us for the Most Offensive Con that Ever Offensived – Bypass Edition on March 13, 2024!

Search URL Search Domain Scan URL

URL: https://mailchi.mp/blackhillsinfosec.com/bhis-sign-up
Title: Email Sign-Up

Search URL Search Domain Scan URL

URL: https://www.activecountermeasures.com/free-tools/rita/
Title: RITA

Search URL Search Domain Scan URL

URL: https://wildwesthackinfest.com/
Title: Conference

Search URL Search Domain Scan URL

URL: https://podcasts.apple.com/us/podcast/black-hills-information-security/id1410835265
Title: Podcasts

Search URL Search Domain Scan URL

URL: https://blackhillsinfosec.com/events
Title: Upcoming Events

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/BlackHillsInformationSecurity/videos
Title: Webcasts

Search URL Search Domain Scan URL

URL: https://discord.gg/BHIS
Title: Discord

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/black-hills-information-security/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://spearphish-general-store.myshopify.com/
Title: T-Shirts & Hoodies

Search URL Search Domain Scan URL

URL: https://twitter.com/BHinfoSecurity
Title: Twitter

Search URL Search Domain Scan URL

URL: https://antisyphontraining.com/
Title: Training

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=DzC8jJ0ESJ0
Title: Sacred Cash Cow tipping series

Search URL Search Domain Scan URL

URL: https://www.antisyphontraining.com/pay-what-you-can/
Title: Pay-What-You-Can Training

Search URL Search Domain Scan URL

URL: http://www.hasecuritysolutions.com/
Title: Justin Henderson

Search URL Search Domain Scan URL

URL: https://blackhillsinfosec.com/
Title: Brian Fehrman (fullmetalcache)

Search URL Search Domain Scan URL

URL: http://www.data-sentry.com/
Title: Tim Pierson

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/black-hills-information-security

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@BlackHillsInformationSecurity/

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/podcast/black-hills-information-security/id1410835265?mt=2

Search URL Search Domain Scan URL

URL: https://www.stitcher.com/podcast/black-hills-information-security

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://blackhillsinfosec.com/wp-content/uploads/legacy/1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz

Request Chain 13

https://blackhillsinfosec.com/wp-content/uploads/legacy/0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2 HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2

Request Chain 14

https://blackhillsinfosec.com/wp-content/uploads/legacy/9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s

Request Chain 15

https://blackhillsinfosec.com/wp-content/uploads/legacy/9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8 HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8

Request Chain 16

https://blackhillsinfosec.com/wp-content/uploads/legacy/u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i

Request Chain 17

https://blackhillsinfosec.com/wp-content/uploads/legacy/tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy

Request Chain 18

https://blackhillsinfosec.com/wp-content/uploads/legacy/ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo

Request Chain 19

https://blackhillsinfosec.com/wp-content/uploads/legacy/4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94 HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94

Request Chain 20

https://blackhillsinfosec.com/wp-content/uploads/legacy/eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh

Request Chain 21

https://blackhillsinfosec.com/wp-content/uploads/legacy/pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK

Request Chain 22

https://blackhillsinfosec.com/wp-content/uploads/legacy/42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm

Request Chain 23

https://blackhillsinfosec.com/wp-content/uploads/legacy/-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_ HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_

Request Chain 24

https://blackhillsinfosec.com/wp-content/uploads/legacy/h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk

Request Chain 25

https://blackhillsinfosec.com/wp-content/uploads/legacy/vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95 HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95

Request Chain 26

https://blackhillsinfosec.com/wp-content/uploads/legacy/YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe

Request Chain 27

https://blackhillsinfosec.com/wp-content/uploads/legacy/PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS

Request Chain 28

https://blackhillsinfosec.com/wp-content/uploads/legacy/K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8 HTTP 301
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8

Request Chain 41

https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js

52 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/ 198 KB
34 KB 236ms
52ms Document
text/html 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87820fa502a1bc3d21f3f4dc6f544423c449578302e2d1a2dd1cf097690fd7b6

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 122238
alt-svc: h3=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
cf-edge-cache: cache,platform=wordpress
cf-ray: 857d66d57fe503f8-FRA
content-encoding: br
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"
date: Mon, 19 Feb 2024 09:14:48 GMT
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
last-modified: Sat, 17 Feb 2024 00:11:28 GMT
link: <https://www.blackhillsinfosec.com/wp-json/>; rel="https://api.w.org/", <https://www.blackhillsinfosec.com/wp-json/wp/v2/posts/5257>; rel="alternate"; type="application/json", <https://www.blackhillsinfosec.com/?p=5257>; rel=shortlink
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
referrer-policy: same-origin
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tec-api-origin: https://www.blackhillsinfosec.com
x-tec-api-root: https://www.blackhillsinfosec.com/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: 1; mode=block

GET
H2 200 frontend.min.css
www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/css/ 29 KB
6 KB 36ms
34ms Stylesheet
text/css 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/css/frontend.min.css?ver=4.2.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

316a308f7f072efd9044e2bad379035a4e5f1d27ff9fece18bf829162aea0e50

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 208983
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Thu, 28 Sep 2023 15:42:02 GMT
server: cloudflare
etag: W/"731d-6066d26304042"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/css
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82003f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 tribe-events-pro-mini-calendar-block.min.css
www.blackhillsinfosec.com/wp-content/plugins/events-calendar-pro/src/resources/css/ 655 B
395 B 37ms
37ms Stylesheet
text/css 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/events-calendar-pro/src/resources/css/tribe-events-pro-mini-calendar-block.min.css?ver=6.3.1

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d330f53cdfd25a188faebfc07535a76190bcc529946b09c74d0971e84b53cd

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 208983
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Wed, 24 Jan 2024 21:11:52 GMT
server: cloudflare
etag: W/"28f-60fb7830b4d92"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/css
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82203f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 simple-banner.css
www.blackhillsinfosec.com/wp-content/plugins/simple-banner/ 383 B
399 B 34ms
33ms Stylesheet
text/css 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/simple-banner/simple-banner.css?ver=2.17.0

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6548eebed7e17fdcf480962fc28d83ca014a0f349a3b20dcf4141ba71aa9c3d0

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 375838
cf-polished: origSize=470
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Sat, 23 Dec 2023 09:12:05 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1d6-60d29b9ffaa84"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/css
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82403f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 dark-mode.min.js Show response
www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/js/ 60 KB
20 KB 39ms
39ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/js/dark-mode.min.js?ver=4.2.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d230fa6c14bf1f2df177f38c46f0d091f90ea57753e36e035616a381bd43a2db

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 208983
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Thu, 28 Sep 2023 15:42:02 GMT
server: cloudflare
etag: W/"ee60-6066d26309e02"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82503f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 frontend.min.js Show response
www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/js/ 5 KB
2 KB 36ms
35ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/js/frontend.min.js?ver=4.2.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95c212910ebf54b89de652fda2a870facc0e7c9b0b9bc0975fe399df1d1087de

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 208983
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Thu, 28 Sep 2023 15:42:02 GMT
server: cloudflare
etag: W/"137d-6066d26309e02"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82603f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 jquery.min.js Show response
www.blackhillsinfosec.com/wp-includes/js/jquery/ 86 KB
33 KB 40ms
39ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 208983
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Tue, 07 Nov 2023 21:12:43 GMT
server: cloudflare
etag: W/"15601-609966e753798"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82703f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 simple-banner.js Show response
www.blackhillsinfosec.com/wp-content/plugins/simple-banner/ 4 KB
2 KB 40ms
40ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/simple-banner/simple-banner.js?ver=2.17.0

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0b785fabfc0d6ccb3e952c93eb5e67c3904a047168f60a0ce280a65df5c56ab

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 208983
cf-polished: origSize=5993
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Sat, 23 Dec 2023 09:12:05 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1769-60d29b9ffaa84"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d5d82803f8-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 279 KB
93 KB 54ms
31ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-K525RNT

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cdc579f122b1ddc7db5d42ac62b99c8547d36d3d27d3b57498d0e4561def37d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95009
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 19 Feb 2024 09:14:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
70 KB 45ms
22ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-71314509-1

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

98bfb841b45a93e4cab3ce8d0c070a55d456523ff17199bc2ccce879c8f04a50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 70838
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 19 Feb 2024 09:14:48 GMT

GET
H3 200 BHIS-logo-web.png
www.blackhillsinfosec.com/wp-content/uploads/2016/03/ 10 KB
10 KB 30ms
28ms Image
image/webp 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/2016/03/BHIS-logo-web.png

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edf63dde17660036cc14e0c6457bad82a9faab6dd361d24fb345626a8b3dfd65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 1419077
cf-polished: origFmt=png, origSize=23931
content-disposition: inline; filename="BHIS-logo-web.webp"
alt-svc: h3=":443"; ma=86400
content-length: 10300
cf-bgj: imgq:85,h2pri
last-modified: Wed, 16 Mar 2016 21:35:57 GMT
server: cloudflare
etag: "5d7b-52e314c9a2940"
vary: Accept
content-type: image/webp
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d639b63a70-FRA

GET
H2 200 themify-2912279335.min.css
www.blackhillsinfosec.com/wp-content/uploads/themify-concate/923946930/ 193 KB
34 KB 31ms
30ms Stylesheet
text/css 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/themify-concate/923946930/themify-2912279335.min.css

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2a7588cd01babbee3fb91ef0b95637e51528207f8fa4da0534084608f68057f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 31 Jan 2024 13:40:15 GMT
server: cloudflare
age: 203710
etag: W/"30268-6103e04d32cd4"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2678400
cf-ray: 857d66d5e83503f8-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 00107_08312016_PowershellWithoutPowershell-1024x576.png
www.blackhillsinfosec.com/wp-content/uploads/2019/10/ 298 KB
299 KB 190ms
190ms Image
image/webp 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/2019/10/00107_08312016_PowershellWithoutPowershell-1024x576.png

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4ad2846179e7749900f37d1185c9a2832fb6169b4cfe605b66792bfabcc83a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=616256
content-disposition: inline; filename="00107_08312016_PowershellWithoutPowershell-1024x576.webp"
alt-svc: h3=":443"; ma=86400
content-length: 305504
cf-bgj: imgq:85,h2pri
last-modified: Mon, 07 Oct 2019 14:23:45 GMT
server: cloudflare
etag: "96740-59452cca2be40"
vary: Accept
content-type: image/webp
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d5e83603f8-FRA

GET
H3

200

1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz

175 KB
175 KB

352ms
352ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f059085638ebbf16849788555edad1cb08813d168d9101e2a54053c0f135f832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:43 GMT
server: cloudflare
etag: "2bcdc-579665c235dc0"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d67a1d3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 179420

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/1JxPvUYMyVt9A1d0xDqE_-xEByqkHONJr7lWIxLG-EP05ke1qB8-Ko1uwWhQTHfzgBZM-LTcQ32DJ3_0qhwtDJii-V-xsy93Ou8gSI_9wAlQSAFWjHcByQcCtjacCiK9RHjYrDFz
cache-control: max-age=3600
cf-ray: 857d66d6487e03f8-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2

147 KB
147 KB

222ms
222ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1c844653806486dbdbae7e01698b4a5a0865d39d0a88244fcb0b14a0ee7d68f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:43 GMT
server: cloudflare
etag: "24a46-579665c235dc0"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d67a133a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 150086

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/0Q2a53_4lpFqrhknI7Pr3yCq2LHdWyy_UaS4z4uOYWSosEMHCLkAAqr1drm9JBSdBZV76tZLkfYHX-C-93ta-ZlGY-E3zKRIYst_EzJAGrl6pn83Xy9IA41aR4hM5aPDhc5cJbx2
cache-control: max-age=3600
cf-ray: 857d66d6487c03f8-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s

33 KB
33 KB

216ms
216ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d5b782a7d0d4a86a3e4bdae3aec93849e3221645165f01c416216762b380a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:44 GMT
server: cloudflare
etag: "82a1-579665c32a000"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d67a1a3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 33441

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9htDgduwnpIopx6tEPoN3-M92xigsoxIuUkiQGr1vgLq528Z5YmfGyBYPJ86yEs9v08KnwmNo8-PhglJ7Nf6JRle8ASldnUYDhKgVd1tHDV50KSB2TADP05DjAmzAReMM-greo3s
cache-control: max-age=3600
cf-ray: 857d66d6488303f8-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8

129 KB
129 KB

216ms
216ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

606083c7e96a8f2473c9186b93c3c6c3a99c925e5599f57953202cf5c63bba97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:44 GMT
server: cloudflare
etag: "2028a-579665c32a000"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d67a1e3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 131722

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/9QX223XN3gsIrciAj_mmg3grNVXCLF-9S7xulMj32xk3L8FYWm00HJyAKMQWq3xsLmc1FXHZvplgGdvtOcf9CTkLTjPN16En7P4qILwDBflGQjHkRCynHswO3PfDBZBYZyPjfJM8
cache-control: max-age=3600
cf-ray: 857d66d6488103f8-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i

99 KB
99 KB

201ms
201ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecc79e0f4281cf9bbae1b44b2e06d319c399c0b45f18365a9a35c447eb5c9965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:44 GMT
server: cloudflare
etag: "18c5a-579665c32a000"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d67a163a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 101466

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/u-bPn52XHNwBw1nGl9o3n2DWRAu2xJKeCnHFvBJL4JeQf92rbzMssXJ5xp5Tl20yVM0X5atPXjVYlpe_CbnwBmEB_UNNB6PGVH4ay0GFwWs9yz_MABk-fysBFJbLXveQ6T0u6J2i
cache-control: max-age=3600
cf-ray: 857d66d6488603f8-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy

101 KB
101 KB

195ms
195ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad586ddb2e7d1af518297a72d0399ca80cdca776acf5874d7118555bf0c2d211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:44 GMT
server: cloudflare
etag: "194c4-579665c32a000"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d67a193a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 103620

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/tHNJiVLlx09Of8_Ulr1U781EztkLAWSfR3XMR_gqrVVulgmOVPtr5AHr5gWDgMzmqlOWNexTgZH-oODrWkqvm9fTA5HGUhbMlbBIisRhafpKITkJUb8Cxf-ajVQOz4qPjm5S_Pxy
cache-control: max-age=3600
cf-ray: 857d66d6488403f8-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo

224 KB
224 KB

214ms
213ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d791c291c3d11070769a8b7a5f33fe18a6e5e777c2767dfb44740f4f88dc6500

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:45 GMT
server: cloudflare
etag: "37e16-579665c41e240"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d69a373a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 228886

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/ubpnjcvdpXL232wKyXmOLREvjMY3lrfi34EN6SdDfgnMRIfF1LpTVlYsbZ_zpkJNb8H5965w1lTEdf2q2-cI-j3oo4RVFgpjwKiWlIhZF3Qkk_tdgE2rwEyAAx5A4ipsFVKwEboo
cache-control: max-age=3600
cf-ray: 857d66d66a033a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94

142 KB
142 KB

200ms
198ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3594a335ac0ef330ddaf5884a17477ce4dc10ae14480134107c2c0c4e39e7685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:45 GMT
server: cloudflare
etag: "238b5-579665c41e240"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa3f3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 145589

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/4k5cqBaqTX0uAF8kN9YrTsyRlxE4iF0NcGF8x8vDT9G-3E0OrbnmbKsD1QAusLFKewbu_mAmJaKrB7hnLsgKDfM4A6mWJvEaXMTOI-YDfPQsbKPHyYptlomxNlrbGUMyk8kxPF94
cache-control: max-age=3600
cf-ray: 857d66d66a053a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh

98 KB
98 KB

206ms
204ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bc029f4b2dc54fd7914784230e2827e77bdd32f269f43bc154b29c56f72e8bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:45 GMT
server: cloudflare
etag: "188d4-579665c41e240"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa413a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 100564

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/eJbjYOjwCitvmafnaTiMe3jm6m_hBzf7Z7J-cUxHVC-CpHLTolAsxLlJV5hXCZFcXGsLImBC2lhPx1wLpK1fKS49Dt3CbJFgCuI1T1IMJwgVsuPQJIrQi-OFdxIiHv_c-KBxfxDh
cache-control: max-age=3600
cf-ray: 857d66d66a063a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK

57 KB
58 KB

224ms
221ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd014c8e0f6e17e5e944d1b5816c57f1a1e6321f05969f81df7f9a9f352e719c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:46 GMT
server: cloudflare
etag: "e551-579665c512480"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa433a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 58705

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/pKowQh3qwv-RewDaGTxTSgXuDtpy8v9l8m6M88XTyXW1jPYF2vKD-8yn84BqPAXgNtTBhpx3gQm0wUdt1eluoniyoxrGTxXWNLHnrPyTcbWxYutJAizR-pl9t0ZJsnQBMHjw4KaK
cache-control: max-age=3600
cf-ray: 857d66d66a073a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm

48 KB
48 KB

208ms
205ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63c1ee2d3e77d647d2ab04b5b81aa338da2a44eea2baf1fd85f49077efcf6a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:46 GMT
server: cloudflare
etag: "bef5-579665c512480"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa453a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 48885

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/42_4PMxqV4En7H-oZbz4c7RWirBVHi61AFUG_C-T9LEo9WmBkkftSYFquxRot5b07eT6f5O_foabMiwo9xY3LXNrq0fRzNdjr1YiDlHouHazi2Rz8R3wQ28L2UDIOuGZOEWENjqm
cache-control: max-age=3600
cf-ray: 857d66d66a083a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_

125 KB
125 KB

220ms
220ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2772934e298fb8c592d2790936a51ed33fb40e1a1ea034b50d59c797d18cc4d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:46 GMT
server: cloudflare
etag: "1f2a4-579665c512480"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa4d3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 127652

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/-pPXH43U6mynT2Lr3RaSqVOixpJfuthwlMfTscAc42fBGD-sXDC47nl8LZNLg-UB88Rn1GbyO9JBnylSes8hVN0nCi0aNboZxAj7uV1CJvKrkoESAuka7m_wZe5TKCoaFeZ27L4_
cache-control: max-age=3600
cf-ray: 857d66d66a093a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk

15 KB
16 KB

209ms
206ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

717a4346a79ed1f2212fe007226abccbeda7d486dc74f35233a4e639b1aed3b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:46 GMT
server: cloudflare
etag: "3d40-579665c512480"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa463a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 15680

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/h3OP298i1uMKrQ8I--p_zUJ8xVqCUg3SFYI15budYwiXJrBXalBSs8tpwJqTW8D_i3PGEqtkWxL62C8CJwQWJzpoaHcY-o9veWwRGKpAAAkQuvWC_OwviRysr65hzhmYhWyz8AMk
cache-control: max-age=3600
cf-ray: 857d66d66a0a3a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95

174 KB
174 KB

209ms
207ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c510fb850749f173d7f01526b9426edc04d0593b9844a5f7adb988402dd152f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:47 GMT
server: cloudflare
etag: "2b734-579665c6066c0"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa473a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 177972

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/vhE9DdjMlIRXioSIIKEKghqUEvWUgd7MDxqMvF0AQi1QzhhtDyvUou6stvK4C-fdTaaPXnlKl8KTlspzsg68TyNWZg6nCZBP9XqHpUT_epWedcYuN2xg84rM9t-O1hGV4wlKQR95
cache-control: max-age=3600
cf-ray: 857d66d66a0b3a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe

182 KB
182 KB

216ms
215ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd9aa90f73f538ab763ff511f04701d2600d977d1b9dd1d2ad38f7a33972c350

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:47 GMT
server: cloudflare
etag: "2d8fd-579665c6066c0"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa4a3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 186621

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/YExsNbQ6RaGu4dL9dF1eqvr11srCMc1M2cSqFL7cDb83CGYQ-HIb20YPK-A8qICj40piBFQVp6AW2B0IdTbWHIdb07KJ_QZCE5N2QhWzxYgDP1AoNQf3uhCv5XwMRz2iOT8lKjPe
cache-control: max-age=3600
cf-ray: 857d66d66a0d3a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS

136 KB
136 KB

209ms
208ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11243fecafe703bd79b43b8fc17a20c2115c89e270ddf79860394c2abc3363c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:47 GMT
server: cloudflare
etag: "22059-579665c6066c0"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa4b3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 139353

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/PLA2xuTSgQg6aFz6IuQiH2lrLfis9fpzsV9hhUZAKadxro7nI0OpG4sQHC6L_DYeHfqikfSzpdHh9yG1ZHxJlqmbLMh3wcFUxE0LEP5LcrWXyv5zBIbOtuNAGlzCsaNePeUnq9iS
cache-control: max-age=3600
cf-ray: 857d66d66a0e3a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3

200

K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8
www.blackhillsinfosec.com/wp-content/uploads/legacy/
Redirect Chain

https://blackhillsinfosec.com/wp-content/uploads/legacy/K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8
https://www.blackhillsinfosec.com/wp-content/uploads/legacy/K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8

208 KB
209 KB

210ms
210ms

Image
image/png

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/legacy/K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a4dcaa6e3f11c9e9ed2912637c553926aae013768ac89ea6d9fbbfae19e7d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Mon, 29 Oct 2018 23:23:47 GMT
server: cloudflare
etag: "341d0-579665c6066c0"
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d6aa4f3a70-FRA
alt-svc: h3=":443"; ma=86400
content-length: 213456

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
location: https://www.blackhillsinfosec.com/wp-content/uploads/legacy/K-BFS6kj8W8Dgk0-8Zk_H0r4sjjjR4_GIeS8c7beB88_NLC4gs7izrwoet3vWcrrD3hyxnIzlfwtYE4_JE2y0Sn4tsQaGjDV8LTSPnouKLd0Y44xfCXHLCnH2pBFZL4A3v14gh_8
cache-control: max-age=3600
cf-ray: 857d66d66a0f3a70-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 19 Feb 2024 10:14:48 GMT

GET
H3 200 AntiSyphon_3-1-150x150.png
www.blackhillsinfosec.com/wp-content/uploads/2022/11/ 5 KB
5 KB 33ms
32ms Image
image/webp 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/uploads/2022/11/AntiSyphon_3-1-150x150.png

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7fbe15811f66f1d93dc667757e908899c8cd44eb56498429bd7fb385b1bc4ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 665925
cf-polished: origFmt=png, origSize=9133
content-disposition: inline; filename="AntiSyphon_3-1-150x150.webp"
alt-svc: h3=":443"; ma=86400
content-length: 4996
cf-bgj: imgq:85,h2pri
last-modified: Tue, 08 Nov 2022 18:40:54 GMT
server: cloudflare
etag: "23ad-5ecf9e1481978"
vary: Accept
content-type: image/webp
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 857d66d639bd3a70-FRA

GET
H3 200 light.png
www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/images/btn-1/ 518 B
3 KB 61ms
60ms Image
image/webp 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/images/btn-1/light.png

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ac2c88c79d396a0a22b5d62358a4911d8f0e0f601b331cc84b7f9f100f95c69

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 1397175
cf-polished: origFmt=png, origSize=736
content-disposition: inline; filename="light.webp"
alt-svc: h3=":443"; ma=86400
content-length: 518
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Thu, 28 Sep 2023 15:42:02 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "2e0-6066d26304fe2"
vary: Accept, Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: image/webp
x-frame-options: SAMEORIGIN
cache-control: max-age=2678400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
accept-ranges: bytes
cf-ray: 857d66d639c13a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H3 200 dark.png
www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/images/btn-1/ 478 B
3 KB 62ms
61ms Image
image/webp 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blackhillsinfosec.com/wp-content/plugins/wp-dark-mode/assets/images/btn-1/dark.png

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8908f922e0aca4a1862ea6e4b4f4add60eb6939127773203103944e8c18fa31

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 1397164
cf-polished: origFmt=png, origSize=675
content-disposition: inline; filename="dark.webp"
alt-svc: h3=":443"; ma=86400
content-length: 478
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Thu, 28 Sep 2023 15:42:02 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "2a3-6066d26304fe2"
vary: Accept, Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: image/webp
x-frame-options: SAMEORIGIN
cache-control: max-age=2678400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
accept-ranges: bytes
cf-ray: 857d66d639c43a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H3 200 main.min.js Show response
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/ 24 KB
11 KB 64ms
63ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=7.3.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c433a72b4b1a724ff8c4af4ed64588eec59935fb4c0fc8ce06a592f4ca5f78b5

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 187401
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"611a-6086471cc6292"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d639c63a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 68ms
45ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
Origin: https://www.blackhillsinfosec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 857d66d65d3b3816-FRA

GET
H3 200 themify.script.min.js
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/ 0
3 KB 44ms
42ms Other
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/themify.script.min.js?ver=7.1.8

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 209131
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"41a-6086471cea4b2"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d639b73a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H3 200 themify.sidemenu.min.js
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/ 0
3 KB 58ms
56ms Other
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/themify.sidemenu.min.js?ver=7.3.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 187400
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"9e6-6086471cc33b2"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66d639ba3a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
DATA 200
OK truncated Show response
/ 662 B
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 722f99d3a79f866d0e03b4982ef014a76ac93bc175d25ab9c4aa8aeee3744370

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 28ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.blackhillsinfosec.com/
Origin: https://www.blackhillsinfosec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 03:51:57 GMT
x-content-type-options: nosniff
age: 451371
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 03:51:57 GMT

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993b84dbbad31515bd15165a2472a7d04cd60a1d8af524b89a42abacbbe5a9ea

Request headers

Referer
Origin: https://www.blackhillsinfosec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
32 KB 36ms
15ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.blackhillsinfosec.com/
Origin: https://www.blackhillsinfosec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 06:41:12 GMT
x-content-type-options: nosniff
age: 527616
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 06:41:12 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v40/ 49 KB
49 KB 24ms
20ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.blackhillsinfosec.com/
Origin: https://www.blackhillsinfosec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:06:26 GMT
x-content-type-options: nosniff
age: 518902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50296
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:10:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:06:26 GMT

GET
H3

200

main.js Show response
www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/ Frame 8FBC
Redirect Chain

https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js

8 KB
4 KB

20ms
20ms

Script
application/javascript

2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

Protocol

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81c415586b47aef4bb5ee5fee23ccc1025878dba18bfb49685fed1a774e6103d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 857d66d6faa83a70-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
cache-control: max-age=300, public
cf-ray: 857d66d6ca693a70-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
82 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DBYB8LGHT7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71314509-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

198bced3d920579373570c151dee9c8cf79e79426ef295c5c23bbe840d186367

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83481
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 19 Feb 2024 09:14:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 279 KB
93 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-K525RNT&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71314509-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

835099e34fad456c44b02948faf99db53875b3825e7055c2e57ce0ea7e0bea9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94906
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 19 Feb 2024 09:14:48 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71314509-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 19 Feb 2024 07:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5199
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 19 Feb 2024 09:48:09 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
214 B 15ms
14ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2018508135&t=pageview&_s=1&dl=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fpowershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av%2F&ul=en-us&de=UTF-8&dt=Powershell%20Without%20Powershell%20-%20How%20To%20Bypass%20Application%20Whitelisting%2C%20Environment%20Restrictions%20%26%20AV%20-%20Black%20Hills%20Information%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAACAAI~&jid=732088824&gjid=1494050837&cid=1682338635.1708334089&tid=UA-71314509-1&_gid=803789808.1708334089&_r=1&gtm=457e42e0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=205633076

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 19 Feb 2024 09:14:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.blackhillsinfosec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 857d66d57fe503f8 Show response
www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 8FBC 0
355 B 66ms
66ms XHR
text/plain 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/h/g/jsd/r/857d66d57fe503f8

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 19 Feb 2024 09:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
server: cloudflare
cf-ray: 857d66d79b623a70-FRA
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
353 B 61ms
20ms XHR
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-71314509-1&cid=1682338635.1708334089&jid=732088824&gjid=1494050837&_gid=803789808.1708334089&_u=YCDACUAABAAAACAAI~&z=32471782

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 19 Feb 2024 09:14:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.blackhillsinfosec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 rum Show response
www.blackhillsinfosec.com/cdn-cgi/ 0
148 B 12ms
12ms XHR
text/plain 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: application/json

Response headers

date: Mon, 19 Feb 2024 09:14:49 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.blackhillsinfosec.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 857d66d9fd883a70-FRA

GET
H3 200 themify.script.min.js Show response
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/ 1 KB
3 KB 32ms
32ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/themify.script.min.js?ver=7.1.8

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=7.3.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14be900ab63a438716c5d23b005c841896354f280acc194368fbc7594f61da18

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 209132
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"41a-6086471cea4b2"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66da2d9c3a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H3 200 edge.Menu.min.js Show response
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/ 545 B
2 KB 28ms
28ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/edge.Menu.min.js?ver=7.3.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=7.3.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a56be41fb57c57b48a6641b1d0a70f21321a6d1d848e929762badc83069177f1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 209131
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"221-6086471cc4352"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66da3dad3a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H3 200 fixedheader.min.js Show response
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/ 6 KB
4 KB 28ms
28ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/fixedheader.min.js?ver=7.3.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=7.3.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15a95fd2c45b7cd49ac38c5cdedf32a5c59cdb9166426eee28b7c47dd2aa701f

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 209131
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"17bc-6086471cc4352"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66da7dd83a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

GET
H3 200 themify.sidemenu.min.js Show response
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/ 2 KB
3 KB 99ms
99ms Script
application/javascript 2606:4700:3108::ac42:2ae0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/modules/themify.sidemenu.min.js?ver=7.3.3

Requested by

Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=7.3.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2ae0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1c5df53492f57dc7b306c513c9dc690e2ae7142616f6fe00a6bb29a07d9381f

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 09:14:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
content-security-policy: base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
age: 187401
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
cross-origin-embedder-policy-report-only: (require-corp); report-to="default"
referrer-policy: same-origin
last-modified: Mon, 23 Oct 2023 16:09:19 GMT
server: cloudflare
etag: W/"9e6-6086471cc33b2"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://bhiscsp1.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: application/javascript
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
feature-policy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), geolocation=(), microphone=(), usb=(), clipboard-read=()
cf-ray: 857d66da7dda3a70-FRA
cross-origin-opener-policy-report-only: (same-origin|same-origin-allow-popups); report-to="default"

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blackhillsinfosec.com/	1970-01-21 04:08:14	Name: _ga_LGND68GY07 Value: GS1.1.1708334088.1.0.1708334088.0.0.0
.blackhillsinfosec.com/	1970-01-20 18:33:40	Name: _gid Value: GA1.2.803789808.1708334089
.blackhillsinfosec.com/	1970-01-20 18:32:14	Name: _gat_gtag_UA_71314509_1 Value: 1
.blackhillsinfosec.com/	1970-01-21 04:08:14	Name: _ga_DBYB8LGHT7 Value: GS1.1.1708334088.1.0.1708334088.0.0.0
.blackhillsinfosec.com/	1970-01-21 04:08:14	Name: _ga Value: GA1.1.1682338635.1708334089
.blackhillsinfosec.com/	1970-01-21 03:17:50	Name: cf_clearance Value: cJSnFZETSO1rIp99SwJ5U_.kKONLnfduXEdrGqJA9V0-1708334088-1.0-AQmfSQ3EFjMY9pIvgqa8EBpj4ELKdjxpLs9JD6aUnye6bOC2dXHLw0Go5ijof+Nqbn+QH/f3BUYddeLk38EUUuw=

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: camera, geolocation, microphone, usb. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=GT-K525RNT(Line 179) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-LGND68GY07&gtm=45Pe42e0v9122773400za200&_p=1708334088661&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1682338635.1708334089&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708334088&sct=1&seg=0&dl=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fpowershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av%2F&dt=Powershell%20Without%20Powershell%20-%20How%20To%20Bypass%20Application%20Whitelisting%2C%20Environment%20Restrictions%20%26%20AV%20-%20Black%20Hills%20Information%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=431' because it violates the following Content Security Policy directive: "connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-DBYB8LGHT7&l=dataLayer&cx=c(Line 152) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-DBYB8LGHT7&gtm=45je42e0v9122772860za200&_p=1708334088661&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1682338635.1708334089&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1708334088&sct=1&seg=0&dl=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fpowershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av%2F&dt=Powershell%20Without%20Powershell%20-%20How%20To%20Bypass%20Application%20Whitelisting%2C%20Environment%20Restrictions%20%26%20AV%20-%20Black%20Hills%20Information%20Security&en=page_view&_fv=1&_ss=1&tfd=467' because it violates the following Content Security Policy directive: "connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src 'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be .ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: .googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blackhillsinfosec.com
fonts.gstatic.com
static.cloudflareinsights.com
stats.g.doubleclick.net
www.blackhillsinfosec.com
www.google-analytics.com
www.googletagmanager.com
2606:4700:3108::ac42:2ae0
2606:4700::6810:3965
2a00:1450:4001:808::2008
2a00:1450:4001:828::200e
2a00:1450:4001:830::2003
2a00:1450:400c:c06::9c
0a4dcaa6e3f11c9e9ed2912637c553926aae013768ac89ea6d9fbbfae19e7d02
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
11243fecafe703bd79b43b8fc17a20c2115c89e270ddf79860394c2abc3363c9
14be900ab63a438716c5d23b005c841896354f280acc194368fbc7594f61da18
15a95fd2c45b7cd49ac38c5cdedf32a5c59cdb9166426eee28b7c47dd2aa701f
198bced3d920579373570c151dee9c8cf79e79426ef295c5c23bbe840d186367
2772934e298fb8c592d2790936a51ed33fb40e1a1ea034b50d59c797d18cc4d5
316a308f7f072efd9044e2bad379035a4e5f1d27ff9fece18bf829162aea0e50
3594a335ac0ef330ddaf5884a17477ce4dc10ae14480134107c2c0c4e39e7685
3bc029f4b2dc54fd7914784230e2827e77bdd32f269f43bc154b29c56f72e8bc
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4ac2c88c79d396a0a22b5d62358a4911d8f0e0f601b331cc84b7f9f100f95c69
5d5b782a7d0d4a86a3e4bdae3aec93849e3221645165f01c416216762b380a7e
606083c7e96a8f2473c9186b93c3c6c3a99c925e5599f57953202cf5c63bba97
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
63c1ee2d3e77d647d2ab04b5b81aa338da2a44eea2baf1fd85f49077efcf6a00
6548eebed7e17fdcf480962fc28d83ca014a0f349a3b20dcf4141ba71aa9c3d0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
717a4346a79ed1f2212fe007226abccbeda7d486dc74f35233a4e639b1aed3b3
722f99d3a79f866d0e03b4982ef014a76ac93bc175d25ab9c4aa8aeee3744370
81c415586b47aef4bb5ee5fee23ccc1025878dba18bfb49685fed1a774e6103d
835099e34fad456c44b02948faf99db53875b3825e7055c2e57ce0ea7e0bea9b
87820fa502a1bc3d21f3f4dc6f544423c449578302e2d1a2dd1cf097690fd7b6
95c212910ebf54b89de652fda2a870facc0e7c9b0b9bc0975fe399df1d1087de
98bfb841b45a93e4cab3ce8d0c070a55d456523ff17199bc2ccce879c8f04a50
993b84dbbad31515bd15165a2472a7d04cd60a1d8af524b89a42abacbbe5a9ea
a0b785fabfc0d6ccb3e952c93eb5e67c3904a047168f60a0ce280a65df5c56ab
a1c844653806486dbdbae7e01698b4a5a0865d39d0a88244fcb0b14a0ee7d68f
a56be41fb57c57b48a6641b1d0a70f21321a6d1d848e929762badc83069177f1
ad586ddb2e7d1af518297a72d0399ca80cdca776acf5874d7118555bf0c2d211
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
bd014c8e0f6e17e5e944d1b5816c57f1a1e6321f05969f81df7f9a9f352e719c
c433a72b4b1a724ff8c4af4ed64588eec59935fb4c0fc8ce06a592f4ca5f78b5
c510fb850749f173d7f01526b9426edc04d0593b9844a5f7adb988402dd152f3
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd9aa90f73f538ab763ff511f04701d2600d977d1b9dd1d2ad38f7a33972c350
cdc579f122b1ddc7db5d42ac62b99c8547d36d3d27d3b57498d0e4561def37d5
d1c5df53492f57dc7b306c513c9dc690e2ae7142616f6fe00a6bb29a07d9381f
d230fa6c14bf1f2df177f38c46f0d091f90ea57753e36e035616a381bd43a2db
d2a7588cd01babbee3fb91ef0b95637e51528207f8fa4da0534084608f68057f
d2d330f53cdfd25a188faebfc07535a76190bcc529946b09c74d0971e84b53cd
d791c291c3d11070769a8b7a5f33fe18a6e5e777c2767dfb44740f4f88dc6500
d8908f922e0aca4a1862ea6e4b4f4add60eb6939127773203103944e8c18fa31
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7fbe15811f66f1d93dc667757e908899c8cd44eb56498429bd7fb385b1bc4ac
ecc79e0f4281cf9bbae1b44b2e06d319c399c0b45f18365a9a35c447eb5c9965
edf63dde17660036cc14e0c6457bad82a9faab6dd361d24fb345626a8b3dfd65
f059085638ebbf16849788555edad1cb08813d168d9101e2a54053c0f135f832
f4ad2846179e7749900f37d1185c9a2832fb6169b4cfe605b66792bfabcc83a0

www.blackhillsinfosec.com Open in urlscan Pro 2606:4700:3108::ac42:2ae0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

52 Requests

65 %HTTPS

100 %IPv6

6 Domains

7 Subdomains

7 IPs

3 Countries

3078 kBTransfer

4211 kBSize

6 Cookies

21 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

www.blackhillsinfosec.com Open in urlscan Pro
2606:4700:3108::ac42:2ae0 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

65 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

3078 kB
Transfer

4211 kB
Size

6
Cookies

52 HTTP transactions
2 data transactions