URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Submission: On June 21 via api from US

Summary

This website contacted 13 IPs in 4 countries across 11 domains to perform 50 HTTP transactions. The main IP is 192.124.249.18, located in United States and belongs to SUCURI-SEC, US. The main domain is www.blackhillsinfosec.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 15th 2020. Valid for: a year.
This is the only time www.blackhillsinfosec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
32 www.blackhillsinfosec.com www.blackhillsinfosec.com
4 fonts.gstatic.com www.blackhillsinfosec.com
2 i1.wp.com www.blackhillsinfosec.com
2 pixel.wp.com www.blackhillsinfosec.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 cdnjs.cloudflare.com www.blackhillsinfosec.com
1 i0.wp.com www.blackhillsinfosec.com
1 lh6.googleusercontent.com www.blackhillsinfosec.com
1 graph.facebook.com www.blackhillsinfosec.com
1 stats.g.doubleclick.net www.blackhillsinfosec.com
1 www.youtube.com www.blackhillsinfosec.com
1 stats.wp.com www.blackhillsinfosec.com
1 www.googletagmanager.com www.blackhillsinfosec.com
1 fonts.googleapis.com www.blackhillsinfosec.com
50 14
Subject Issuer Validity Valid
blackhillsinfosec.com
Go Daddy Secure Certificate Authority - G2
2020-06-15 -
2021-06-02
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA
2020-04-02 -
2022-07-05
2 years crt.sh
*.google.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-05-14 -
2020-08-05
3 months crt.sh
*.googleusercontent.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months crt.sh

This page contains 2 frames:

Primary Page: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Frame ID: 8F45EA66AB37A42FC33B68D82080A1AF
Requests: 52 HTTP requests in this frame

Frame: https://www.youtube.com/embed/FeCSJBKYFBQ?version=3&rel=1&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&start=6&wmode=transparent
Frame ID: 008C14E4E21E2B1CC2C445F878AE7919
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

50
Requests

100 %
HTTPS

75 %
IPv6

11
Domains

14
Subdomains

13
IPs

4
Countries

1448 kB
Transfer

1983 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=354086525&t=pageview&_s=1&dl=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fgetting-started-with-sysmon%2F&ul=en-us&de=UTF-8&dt=Getting%20Started%20With%20Sysmon%20-%20Black%20Hills%20Information%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1510825130&gjid=289367228&cid=1066565549.1592714064&tid=UA-71314509-1&_gid=349516084.1592714064&_r=1&gtm=2ou6a0&z=1972411722 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71314509-1&cid=1066565549.1592714064&jid=1510825130&_gid=349516084.1592714064&gjid=289367228&_v=j83&z=1972411722

50 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.blackhillsinfosec.com/getting-started-with-sysmon/
87 KB
88 KB
Document
General
Full URL
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
dceea99876e01ba17649ea0ec5ce0e215987d329bf64d148268aefd295d648b3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.blackhillsinfosec.com
:scheme
https
:path
/getting-started-with-sysmon/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx
date
Sun, 21 Jun 2020 04:34:21 GMT
content-type
text/html; charset=UTF-8
x-sucuri-id
19018
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
upgrade-insecure-requests;
link
<https://www.blackhillsinfosec.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/p7lxjP-3vM>; rel=shortlink
x-sucuri-cache
EXPIRED
wp-emoji-release.min.js
www.blackhillsinfosec.com/wp-includes/js/
14 KB
5 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
4653
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:27:23 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
themify.common.min.css
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/css/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/css/themify.common.min.css?ver=4.8.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
663e0af0c5b75b44ddb5cb13e8d52ef5bb56803925c3c8ff182a9ea4960c4976
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
1284
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.blackhillsinfosec.com/wp-includes/css/dist/block-library/
52 KB
8 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
7642
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:27:23 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
simple-banner.css
www.blackhillsinfosec.com/wp-content/plugins/simple-banner/
211 B
604 B
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/simple-banner/simple-banner.css?ver=2.4.6
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
2c76c66a6aec6bace62fda987aa9e67525d44a5ca5ac4384d202bd11d74eadd0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
160
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:14 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/
75 KB
18 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/style.min.css?ver=2.1.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
f4a7f3e57d50f433a26893892d65d1aac8d8260a537e0d6d670a692876e6442b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
17598
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
media-queries.min.css
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/
17 KB
3 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/media-queries.min.css?ver=2.1.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
9e34cadd3dab0d73fa49badfb8ee661ab4a4fd58f0485fd45032edf397a8ef86
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
3086
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
themify-customizer.css
www.blackhillsinfosec.com/wp-content/uploads/
1 KB
889 B
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/themify-customizer.css?ver=19.04.09.07.22.38
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
cd8e94db1d07a6809a04036098da4b570fd9b4c3f141695fdf5cd2c21f0ab870
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
445
x-xss-protection
1; mode=block
last-modified
Tue, 09 Apr 2019 13:22:38 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/
14 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,600,700|Copse&subset=latin
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
be17e37a6cff87fe5d40bd78a4b056cdab6585d72d1e70b5c3697d2451b8c281
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 21 Jun 2020 04:34:21 GMT
server
ESF
date
Sun, 21 Jun 2020 04:34:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 21 Jun 2020 04:34:21 GMT
social-logos.min.css
www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/social-logos/
26 KB
19 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css?ver=1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
2e1ced1bd0736a56a0c44fd7b3bf8134850398ecddd52a0f5e6e437c5d527999
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
19001
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:12 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
jetpack.css
www.blackhillsinfosec.com/wp-content/plugins/jetpack/css/
72 KB
13 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/jetpack/css/jetpack.css?ver=8.5
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
846b7b0b890e1e98f993628e5a93e00f3f6aaec9723ca96e299b30d2429f4fad
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
13130
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:11 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.js
www.blackhillsinfosec.com/wp-includes/js/jquery/
95 KB
33 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
33776
x-xss-protection
1; mode=block
last-modified
Tue, 21 May 2019 21:11:52 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-migrate.min.js
www.blackhillsinfosec.com/wp-includes/js/jquery/
10 KB
4 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
4014
x-xss-protection
1; mode=block
last-modified
Tue, 21 Jun 2016 18:44:56 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
related-posts.min.js
www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/build/related-posts/
5 KB
2 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20191011
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
71275c06e498f0aa672ac51e995d317cf07f26295d9ec48adebb000df8b3e7f8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
1659
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:12 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
simple-banner.js
www.blackhillsinfosec.com/wp-content/plugins/simple-banner/
1 KB
890 B
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/simple-banner/simple-banner.js?ver=2.4.6
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
338500ec4cad6a2d1e98359f53c24b7539d4d752679099925ce3cb4feca827c4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
436
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:14 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
js
www.googletagmanager.com/gtag/
83 KB
33 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-71314509-1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f8e529f5241c25427527fa29753185b206a1010804999cddc5e3b409e572a504
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33259
x-xss-protection
0
last-modified
Sun, 21 Jun 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 21 Jun 2020 04:34:23 GMT
BHIS-logo-web.png
www.blackhillsinfosec.com/wp-content/uploads/2016/03/
23 KB
24 KB
Image
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/2016/03/BHIS-logo-web.png
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
45af9aa80d3e3ba22547e80da8d35cc85203c1ceb0b8a226c2862069e150fcc9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
23931
x-xss-protection
1; mode=block
last-modified
Wed, 16 Mar 2016 21:35:57 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
00468_06172020_HowToDeployWindowsOptics-1024x576-50x50.jpg
www.blackhillsinfosec.com/wp-content/uploads/2020/06/
2 KB
2 KB
Image
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/2020/06/00468_06172020_HowToDeployWindowsOptics-1024x576-50x50.jpg
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
575c976b6ab2d0ba9783b2016c084b438df99f09289239ecb4ffe86d8d70e94c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
1875
x-xss-protection
1; mode=block
last-modified
Wed, 17 Jun 2020 18:16:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
00467_06162020_WebcastLinuxForensicsMagicalMysteryTour-1024x576-50x50.jpg
www.blackhillsinfosec.com/wp-content/uploads/2020/06/
2 KB
2 KB
Image
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/2020/06/00467_06162020_WebcastLinuxForensicsMagicalMysteryTour-1024x576-50x50.jpg
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
b5f5e1c3e57f4458145a6c7917a0f2938a57cdad412988810143cbb026069744
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
1904
x-xss-protection
1; mode=block
last-modified
Wed, 17 Jun 2020 12:16:06 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
00466_06052020_WebcastBlueTeamPerspective-1024x576-50x50.jpg
www.blackhillsinfosec.com/wp-content/uploads/2020/06/
2 KB
2 KB
Image
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/2020/06/00466_06052020_WebcastBlueTeamPerspective-1024x576-50x50.jpg
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
c4631a04feb9cb1ff1ffc9969c67688cab8149380c63bd94685d4291247cd1ed
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
1986
x-xss-protection
1; mode=block
last-modified
Mon, 08 Jun 2020 12:28:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.min.js
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/
36 KB
12 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=4.8.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
8eb1dfc08d7008b157b1ff38296087ae86f87d125dcc2a765321d57998ff1c1f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
11793
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
lazy-images.min.js
www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/build/lazy-images/js/
9 KB
4 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/build/lazy-images/js/lazy-images.min.js?ver=8.5
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
a23dec87ea93f923ebe233e63f7c43d1a130ccf1578d97ea758157aae6d108e3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
3173
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:12 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
excanvas.min.js
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/
11 KB
5 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/excanvas.min.js?ver=5.4.2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
9688198cdb9af30efbeb7e32b589556986d50d4d88ee8698be7f476a83da5867
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
4205
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
themify.sidemenu.min.js
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/
2 KB
1 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/themify.sidemenu.min.js?ver=4.8.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
1742e55b222dfecf25f2861f95a38abc569bd329046f9d44835fe3a36a30a087
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
675
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
imagesloaded.min.js
www.blackhillsinfosec.com/wp-includes/js/
8 KB
3 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-includes/js/imagesloaded.min.js?ver=3.2.0
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
afbd6d3dbf677900ec3d80e8057a7b9f93f72e5971494ed7ce7a4be1cb7c9ae8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
2575
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:27:23 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
themify.script.min.js
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/
4 KB
2 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/js/themify.script.min.js?ver=2.1.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
d66fe923f91fcfa54c03fbfd2762e5949ab602022a4b2ffa77daab1f708c9ff3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
1840
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-embed.min.js
www.blackhillsinfosec.com/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-includes/js/wp-embed.min.js?ver=5.4.2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
769
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:27:23 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
sharing.min.js
www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/
8 KB
3 KB
Script
General
Full URL
https://www.blackhillsinfosec.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=8.5
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
2612
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:18:12 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
e-202025.js
stats.wp.com/
9 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202025.js
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
gzip
server
nginx
etag
W/"5c6340e3-350a"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
expires
Sun, 13 Jun 2021 23:49:43 GMT
FeCSJBKYFBQ
www.youtube.com/embed/ Frame 008C
0
0
Document
General
Full URL
https://www.youtube.com/embed/FeCSJBKYFBQ?version=3&rel=1&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&start=6&wmode=transparent
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/FeCSJBKYFBQ?version=3&rel=1&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&start=6&wmode=transparent
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/

Response headers

status
200
strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
cache-control
no-cache
content-type
text/html; charset=utf-8
expires
Tue, 27 Apr 1971 19:44:06 GMT
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date
Sun, 21 Jun 2020 04:34:23 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=tXsMCM9YE58; path=/; domain=.youtube.com; secure; expires=Fri, 18-Dec-2020 04:34:23 GMT; httponly; samesite=None VISITOR_INFO1_LIVE=tXsMCM9YE58; path=/; domain=.youtube.com; secure; expires=Fri, 18-Dec-2020 04:34:23 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Sun, 21-Jun-2020 05:04:23 GMT YSC=cn7plioWX1w; path=/; domain=.youtube.com; secure; httponly; samesite=None
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,600,700|Copse&subset=latin
Origin
https://www.blackhillsinfosec.com

Response headers

date
Thu, 11 Jun 2020 13:03:24 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
833459
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Fri, 11 Jun 2021 13:03:24 GMT
truncated
/
4 KB
4 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
993b84dbbad31515bd15165a2472a7d04cd60a1d8af524b89a42abacbbe5a9ea

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.blackhillsinfosec.com

Response headers

Content-Type
application/octet-stream
mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,600,700|Copse&subset=latin
Origin
https://www.blackhillsinfosec.com

Response headers

date
Thu, 11 Jun 2020 20:40:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:37 GMT
server
sffe
age
806037
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9016
x-xss-protection
0
expires
Fri, 11 Jun 2021 20:40:26 GMT
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v14/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,600,700|Copse&subset=latin
Origin
https://www.blackhillsinfosec.com

Response headers

date
Fri, 12 Jun 2020 00:14:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:48 GMT
server
sffe
age
793180
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13708
x-xss-protection
0
expires
Sat, 12 Jun 2021 00:14:43 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,600,700|Copse&subset=latin
Origin
https://www.blackhillsinfosec.com

Response headers

date
Fri, 12 Jun 2020 16:53:03 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:31:11 GMT
server
sffe
age
733280
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9080
x-xss-protection
0
expires
Sat, 12 Jun 2021 16:53:03 GMT
truncated
/
18 KB
18 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
895964971ebdb56ee76d08850bcb4c5a88ec4c65e6a235882304e8ff6767cd7c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.blackhillsinfosec.com

Response headers

Content-Type
application/font-woff;charset=utf-8
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71314509-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
5884
date
Sun, 21 Jun 2020 02:56:19 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Sun, 21 Jun 2020 04:56:19 GMT
g.gif
pixel.wp.com/
50 B
92 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A8.5&blog=108567321&post=13502&tz=-6&srv=www.blackhillsinfosec.com&host=www.blackhillsinfosec.com&ref=&fcp=3144&rand=0.6741566869337552
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 21 Jun 2020 04:34:23 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=354086525&t=pageview&_s=1&dl=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fgetting-started-with-sysmon%2F&ul=en-us&de=UTF-8&dt=Getting%20Started%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71314509-1&cid=1066565549.1592714064&jid=1510825130&_gid=349516084.1592714064&gjid=289367228&_v=j83&z=1972411722
35 B
483 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71314509-1&cid=1066565549.1592714064&jid=1510825130&_gid=349516084.1592714064&gjid=289367228&_v=j83&z=1972411722
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sun, 21 Jun 2020 04:34:23 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 21 Jun 2020 04:34:23 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71314509-1&cid=1066565549.1592714064&jid=1510825130&_gid=349516084.1592714064&gjid=289367228&_v=j83&z=1972411722
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
418
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.blackhillsinfosec.com/getting-started-with-sysmon/
3 KB
3 KB
XHR
General
Full URL
https://www.blackhillsinfosec.com/getting-started-with-sysmon/?relatedposts=1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
13ee40cae35f3bdef5152ad4ef100a47e01666e90d1e4a03167c451814d7ff6d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:24 GMT
x-content-type-options
nosniff, nosniff
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
status
200
x-sucuri-cache
EXPIRED
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
strict-transport-security
max-age=31536000; includeSubdomains; preload
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
/
graph.facebook.com/
246 B
637 B
Script
General
Full URL
https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.blackhillsinfosec.com%2Fgetting-started-with-sysmon%2F&_=1592714063179
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5f99056220d1f3e954e9bddec057e5c7474727ae96f8eeff3b501a9d8ec177d8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#4) Application request limit reached"
status
200
x-fb-rev
1002274939
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
189
pragma
no-cache
x-fb-debug
B41Ky+57sw2rw4PQ7pZQVZBzK3fueWG3JxUKjP4ILwp5orz7ER8XC7vyG3+yMvaY7irHJeeD8T1DzKPDJrURbg==
x-fb-trace-id
CE8ZfpF5wcJ
date
Sun, 21 Jun 2020 04:34:23 GMT, Sun, 21 Jun 2020 04:34:23 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AIzthIEzF652Onsp6agaZh6
cache-control
no-store
facebook-api-version
v3.0
expires
Sat, 01 Jan 2000 00:00:00 GMT
g.gif
pixel.wp.com/
50 B
74 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.39866255988184873
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 21 Jun 2020 04:34:23 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
00406_09232019_GettingStartedWithSysmon-1024x576.png
www.blackhillsinfosec.com/wp-content/uploads/2019/09/
537 KB
538 KB
Image
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/2019/09/00406_09232019_GettingStartedWithSysmon-1024x576.png
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
e12ec25c19b37c4b16c277ac419c80bdd513824649a59a8ca2609dd749522b08
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
549891
x-xss-protection
1; mode=block
last-modified
Fri, 20 Sep 2019 20:19:58 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
WA__2_a6SArvykRjArJVDSQTFYNV5P8_xTgIMZl1jNRfy9wLj6pHrdm4G-NYHAORUcpkNNQKtGI_HrDunDhb6VqLHpgwcHIgIv4tlIiAAvaUDknlrtobOqNkTqCwIYqb4M6Qhelh
lh6.googleusercontent.com/
238 KB
238 KB
Image
General
Full URL
https://lh6.googleusercontent.com/WA__2_a6SArvykRjArJVDSQTFYNV5P8_xTgIMZl1jNRfy9wLj6pHrdm4G-NYHAORUcpkNNQKtGI_HrDunDhb6VqLHpgwcHIgIv4tlIiAAvaUDknlrtobOqNkTqCwIYqb4M6Qhelh
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c26cbbd17fa5089aa5a8f52c684f8c0800c0c1e801cf6ebfe6403b1e931e9cda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:31:54 GMT
x-content-type-options
nosniff
age
149
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
243341
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 22 Jun 2020 04:31:54 GMT
start-here-widget-300x300.png
www.blackhillsinfosec.com/wp-content/uploads/2018/05/
61 KB
61 KB
Image
General
Full URL
https://www.blackhillsinfosec.com/wp-content/uploads/2018/05/start-here-widget-300x300.png
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
42fc90faf8ebde89291f9482f8f8f07526395d7d6692e692af957d4acd63f912
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
61975
x-xss-protection
1; mode=block
last-modified
Thu, 17 May 2018 14:33:01 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
font-awesome.min.css
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/css/
79 KB
16 KB
Stylesheet
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/css/font-awesome.min.css?ver=4.8.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=4.8.8
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
02106785b18705c0dcdcfceef3be7804fcf2e7482a34a3a8ab4e97912bada00c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
Accept-Encoding,User-Agent
content-length
15788
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-solid-900.woff2
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/webfonts/
73 KB
73 KB
Font
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/webfonts/fa-solid-900.woff2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/css/font-awesome.min.css?ver=4.8.8
Origin
https://www.blackhillsinfosec.com

Response headers

date
Sun, 21 Jun 2020 04:34:23 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
74348
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
font/woff2
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-brands-400.woff2
www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/webfonts/
70 KB
71 KB
Font
General
Full URL
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/webfonts/fa-brands-400.woff2
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.18 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10018.sucuri.net
Software
nginx /
Resource Hash
d5f471476e1636e23b00991ae8a85d3703ada55bc6d6162472a28aa94fa64d4e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/fontawesome/css/font-awesome.min.css?ver=4.8.8
Origin
https://www.blackhillsinfosec.com

Response headers

date
Sun, 21 Jun 2020 04:34:24 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
vary
User-Agent
content-length
72112
x-xss-protection
1; mode=block
last-modified
Wed, 27 May 2020 15:26:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
font/woff2
cache-control
max-age=315360000
x-sucuri-id
19018
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
00407_09252019_GettingStartedWithAppLocker-2-1.png
i0.wp.com/www.blackhillsinfosec.com/wp-content/uploads/2019/09/
9 KB
10 KB
Image
General
Full URL
https://i0.wp.com/www.blackhillsinfosec.com/wp-content/uploads/2019/09/00407_09252019_GettingStartedWithAppLocker-2-1.png?resize=350%2C200&ssl=1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
57a2ac25aa15f3aff298bc000b74348e3376909d485370cdbdffc28d11ea2b98
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT arn 2
date
Sun, 21 Jun 2020 04:34:24 GMT
x-content-type-options
nosniff
x-bytes-saved
60284
last-modified
Tue, 26 May 2020 20:12:43 GMT
server
nginx
etag
"dcc65b31ed7978c8"
vary
Accept
content-type
image/webp
status
200
cache-control
public, max-age=63115200
link
<https://www.blackhillsinfosec.com/wp-content/uploads/2019/09/00407_09252019_GettingStartedWithAppLocker-2-1.png>; rel="canonical"
content-length
9700
expires
Fri, 27 May 2022 08:12:43 GMT
00213_07102017_EndpointMonitoringShoestringBudget.png
i1.wp.com/www.blackhillsinfosec.com/wp-content/uploads/2017/07/
11 KB
11 KB
Image
General
Full URL
https://i1.wp.com/www.blackhillsinfosec.com/wp-content/uploads/2017/07/00213_07102017_EndpointMonitoringShoestringBudget.png?resize=350%2C200&ssl=1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
44e7e8fcaf46b67debf97b41011d912416bf9975a841b31e499e73b07764f31c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT arn 6
date
Sun, 21 Jun 2020 04:34:24 GMT
x-content-type-options
nosniff
x-bytes-saved
60361
last-modified
Sun, 17 May 2020 08:54:57 GMT
server
nginx
etag
"ef5caa137029e879"
vary
Accept
content-type
image/webp
status
200
cache-control
public, max-age=63115200
link
<https://www.blackhillsinfosec.com/wp-content/uploads/2017/07/00213_07102017_EndpointMonitoringShoestringBudget.png>; rel="canonical"
content-length
10940
expires
Tue, 17 May 2022 20:54:57 GMT
00404_09042019_WEBCAST_WindowsloggingsysmonELK-1.png
i1.wp.com/www.blackhillsinfosec.com/wp-content/uploads/2019/09/
11 KB
11 KB
Image
General
Full URL
https://i1.wp.com/www.blackhillsinfosec.com/wp-content/uploads/2019/09/00404_09042019_WEBCAST_WindowsloggingsysmonELK-1.png?resize=350%2C200&ssl=1
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/getting-started-with-sysmon/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
2cc2b6e395476fd88d637e44779ddcbf33658ea7ca73b84de976e606ed83d9ba
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc
HIT arn 8
date
Sun, 21 Jun 2020 04:34:24 GMT
x-content-type-options
nosniff
x-bytes-saved
21724
last-modified
Thu, 11 Jun 2020 15:10:24 GMT
server
nginx
etag
"515117113cb5cb07"
vary
Accept
content-type
image/webp
status
200
cache-control
public, max-age=63115200
link
<https://www.blackhillsinfosec.com/wp-content/uploads/2019/09/00404_09042019_WEBCAST_WindowsloggingsysmonELK-1.png>; rel="canonical"
content-length
11474
expires
Sun, 12 Jun 2022 03:10:24 GMT
TweenMax.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/
112 KB
36 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js?ver=4.8.8
Requested by
Host: www.blackhillsinfosec.com
URL: https://www.blackhillsinfosec.com/wp-content/themes/themify-corporate/themify/js/main.min.js?ver=4.8.8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5a1af3f56b4294252d7c75144ae9d0ac198e9229952b7e11cbb31f17f138123
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.blackhillsinfosec.com/getting-started-with-sysmon/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 21 Jun 2020 04:34:25 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
5012727
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0376c10f2b0000dfbbec9be200000001
served-in-seconds
0.008
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:23 GMT
server
cloudflare
etag
W/"5afd491b-1be2c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5a6b045eaff2dfbb-FRA
expires
Fri, 11 Jun 2021 04:34:25 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _wpemojiSettings object| twemoji object| wp undefined| $ function| jQuery object| related_posts_js_options object| scriptParams function| powerpress_pinw number| tf_mobile_menu_trigger_point function| gtag object| dataLayer object| jQuery1124027868752542365316 function| themifyMobileMenuTrigger object| _init function| onCatChange object| WPCOM_sharing_counts object| themify_vars object| tbLocalScript object| themifyScript object| tbScrollHighlight function| jetpackLazyImagesModule function| EventEmitter object| eventie function| imagesLoaded object| google_tag_manager object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| google_tag_data string| GoogleAnalyticsObject function| ga function| st_go function| linktracker_init object| wpcom object| gaplugins object| gaGlobal object| gaData object| $jscomp object| Themify boolean| loaded object| _gsScope object| _gsQueue object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| TweenMax function| TimelineLite function| TimelineMax function| BezierPlugin function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.blackhillsinfosec.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
i0.wp.com
i1.wp.com
lh6.googleusercontent.com
pixel.wp.com
stats.g.doubleclick.net
stats.wp.com
www.blackhillsinfosec.com
www.google-analytics.com
www.googletagmanager.com
www.youtube.com
192.0.76.3
192.0.77.2
192.124.249.18
2606:4700::6810:85e5
2a00:1450:4001:800::2001
2a00:1450:4001:802::2008
2a00:1450:4001:808::200a
2a00:1450:4001:814::200e
2a00:1450:4001:81a::2003
2a00:1450:4001:81b::200e
2a00:1450:400c:c00::9b
2a03:2880:f01c:800e:face:b00c:0:2
02106785b18705c0dcdcfceef3be7804fcf2e7482a34a3a8ab4e97912bada00c
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
13ee40cae35f3bdef5152ad4ef100a47e01666e90d1e4a03167c451814d7ff6d
1742e55b222dfecf25f2861f95a38abc569bd329046f9d44835fe3a36a30a087
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8
2c76c66a6aec6bace62fda987aa9e67525d44a5ca5ac4384d202bd11d74eadd0
2cc2b6e395476fd88d637e44779ddcbf33658ea7ca73b84de976e606ed83d9ba
2e1ced1bd0736a56a0c44fd7b3bf8134850398ecddd52a0f5e6e437c5d527999
338500ec4cad6a2d1e98359f53c24b7539d4d752679099925ce3cb4feca827c4
42fc90faf8ebde89291f9482f8f8f07526395d7d6692e692af957d4acd63f912
44e7e8fcaf46b67debf97b41011d912416bf9975a841b31e499e73b07764f31c
45af9aa80d3e3ba22547e80da8d35cc85203c1ceb0b8a226c2862069e150fcc9
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
575c976b6ab2d0ba9783b2016c084b438df99f09289239ecb4ffe86d8d70e94c
57a2ac25aa15f3aff298bc000b74348e3376909d485370cdbdffc28d11ea2b98
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
5f99056220d1f3e954e9bddec057e5c7474727ae96f8eeff3b501a9d8ec177d8
663e0af0c5b75b44ddb5cb13e8d52ef5bb56803925c3c8ff182a9ea4960c4976
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
71275c06e498f0aa672ac51e995d317cf07f26295d9ec48adebb000df8b3e7f8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
846b7b0b890e1e98f993628e5a93e00f3f6aaec9723ca96e299b30d2429f4fad
895964971ebdb56ee76d08850bcb4c5a88ec4c65e6a235882304e8ff6767cd7c
8eb1dfc08d7008b157b1ff38296087ae86f87d125dcc2a765321d57998ff1c1f
9688198cdb9af30efbeb7e32b589556986d50d4d88ee8698be7f476a83da5867
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
993b84dbbad31515bd15165a2472a7d04cd60a1d8af524b89a42abacbbe5a9ea
9e34cadd3dab0d73fa49badfb8ee661ab4a4fd58f0485fd45032edf397a8ef86
a23dec87ea93f923ebe233e63f7c43d1a130ccf1578d97ea758157aae6d108e3
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
afbd6d3dbf677900ec3d80e8057a7b9f93f72e5971494ed7ce7a4be1cb7c9ae8
b5f5e1c3e57f4458145a6c7917a0f2938a57cdad412988810143cbb026069744
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
be17e37a6cff87fe5d40bd78a4b056cdab6585d72d1e70b5c3697d2451b8c281
c26cbbd17fa5089aa5a8f52c684f8c0800c0c1e801cf6ebfe6403b1e931e9cda
c4631a04feb9cb1ff1ffc9969c67688cab8149380c63bd94685d4291247cd1ed
c5a1af3f56b4294252d7c75144ae9d0ac198e9229952b7e11cbb31f17f138123
cd8e94db1d07a6809a04036098da4b570fd9b4c3f141695fdf5cd2c21f0ab870
d5f471476e1636e23b00991ae8a85d3703ada55bc6d6162472a28aa94fa64d4e
d66fe923f91fcfa54c03fbfd2762e5949ab602022a4b2ffa77daab1f708c9ff3
dceea99876e01ba17649ea0ec5ce0e215987d329bf64d148268aefd295d648b3
e12ec25c19b37c4b16c277ac419c80bdd513824649a59a8ca2609dd749522b08
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4a7f3e57d50f433a26893892d65d1aac8d8260a537e0d6d670a692876e6442b
f8e529f5241c25427527fa29753185b206a1010804999cddc5e3b409e572a504
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955