pentestlab.blog Open in urlscan Pro
192.0.78.24  Public Scan

22 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

• https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6ec74b3d0ed4d3f5%26domain%3Dpentestlab.blog%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fpentestlab.blog%252Ffd0b47c483c97f22b%26relation%3Dparent.parent&container_width=342&height=432&hide_cover=false&hide_cta=false&href=https%3A%2F%2Fwww.facebook.com%2Fpentestlaboratory%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=false&width=200 HTTP 302
• https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df6ec74b3d0ed4d3f5%2526domain%253Dpentestlab.blog%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fpentestlab.blog%25252Ffd0b47c483c97f22b%2526relation%253Dparent.parent%26container_width%3D342%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpentestlaboratory%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D200

Request Chain 95

• https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1de2ae1fa4f29719%26domain%3Dpentestlab.blog%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fpentestlab.blog%252Ffd0b47c483c97f22b%26relation%3Dparent.parent&container_width=0&height=432&hide_cover=false&hide_cta=false&href=https%3A%2F%2Fwww.facebook.com%2Fpentestlaboratory%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=false&width=200 HTTP 302
• https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1de2ae1fa4f29719%2526domain%253Dpentestlab.blog%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fpentestlab.blog%25252Ffd0b47c483c97f22b%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpentestlaboratory%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D200

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
-1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response pentestlab.blog/2017/05/29/applocker-bypass-msbuild/	154 KB 33 KB	561ms 503ms	Document text/html	192.0.78.24 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 2124a9dcb0c8518cfbdb7125132e4bb606c63e3bebfa29c78655f63db53ed9cf Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 content-encoding br content-type text/html; charset=UTF-8 date Thu, 08 Feb 2024 15:02:38 GMT host-header WordPress.com link <https://wp.me/p2cWvm-1Mf>; rel=shortlink server nginx strict-transport-security max-age=31536000 vary Accept-Encoding accept, content-type, cookie x-ac 2.hhn _dfw EXPIRED x-hacker Want root? Visit join.a8c.com/hacker and mention this header. x-pingback https://pentestlab.blog/xmlrpc.php
GET H2	200	/ s0.wp.com/_static/	10 KB 3 KB	31ms 6ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJxtzEkKgDAMQNELWeOAWBfiWaQNUu0QTIrXF0UQxOWDz4eDlElRMAqErMjnxUWGFYVmsz0GzhFCstkjw45+FrSKEstHpWEu4P/o3Ybv99aVT2Gs+6rrmnbQej0BKWI0fQ==&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 376eacb307ddbfb56e702fe1c39363c70218d2e4ac32d7ba96f0403da942a093 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 17 Jan 2024 20:39:57 GMT server nginx etag W/"65a83b1d-27f9" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 16 Jan 2025 20:54:29 GMT
GET H2	200	/ s0.wp.com/_static/	113 KB 16 KB	31ms 6ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJylzFsKgCAQQNENlZMkWh/RWtIGsyYLH0W7T9pCn5cLB+6zNodP6BOclK3zEWwuqTHYcgLCxRWTTIDOjmbQdJitJqfDFB6I6SFkJsYK/kFpwf2Dxn3gqlGt6GTfrC8pRjhn&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 69f13d95be58a28c857b87ec398f709e23d1c99a21f1ad935a159587460586ad Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-1c292" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:35:32 GMT
GET H2	200	/ s0.wp.com/_static/	15 KB 4 KB	31ms 6ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpoZmFkYGRuZGmQBAHPvL0Y=&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Tue, 01 Dec 2020 11:47:39 GMT server nginx etag W/"5fc62d5b-3ca1" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 14 Mar 2024 19:36:36 GMT
GET H2	200	webfont.js Show response s0.wp.com/wp-content/plugins/custom-fonts/js/	12 KB 5 KB	11ms 6ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/12493-1684465162909.724 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Wed, 29 May 2024 20:23:52 GMT
GET BLOB	200 OK	fc50dc02-79a4-4e1b-a2a2-7e334ac9502c https://pentestlab.blog/	1 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://pentestlab.blog/fc50dc02-79a4-4e1b-a2a2-7e334ac9502c Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers Content-Length 1245 Content-Type text/javascript
GET H2	200	/ s0.wp.com/_static/	52 KB 3 KB	20ms 13ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJyVzDEOgCAMQNELiQU1Jg7Gs2AlDYpAaInx9ro5O/7hfbiywhTFRYEcKvnIQPXN1RVSa0h4MOxOssVDBXunKoqK34DlDq5F5gb+LIoVH4k/vpyzGYe+03oyw/4AcmU1KQ==&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 66f69ace341969d16b2b3709a823e62788c738e6170a9689dbe75b18e48d5453 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Fri, 12 Aug 2022 20:22:56 GMT server nginx etag W/"62f6b6a0-d0bc" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Fri, 15 Mar 2024 07:20:23 GMT
GET H2	200	/ s0.wp.com/_static/	369 B 675 B	19ms 12ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT x-ac 2.hhn _dca BYPASS last-modified Fri, 19 May 2023 02:57:01 GMT server nginx etag "6466e57d-171" access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 369 expires Sat, 09 Nov 2024 15:12:34 GMT
GET H2	200	verbum-comments.css s0.wp.com/wp-content/mu-plugins/jetpack-mu-wpcom-plugin/sun/vendor/automattic/jetpack-mu-wpcom/src/build/verbum-comments/	26 KB 4 KB	20ms 13ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/jetpack-mu-wpcom-plugin/sun/vendor/automattic/jetpack-mu-wpcom/src/build/verbum-comments/verbum-comments.css?m=1706127135i&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 3a6eca802634248cd9896666cb3a031eabf070b1d11a7ce6bb361b1811cd67a2 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 1 server nginx etag W/26497-1706127144367.0544 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 23 Jan 2025 21:34:35 GMT
GET H2	200	css fonts-api.wp.com/	2 KB 1 KB	61ms 26ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Open%2BSans%3A400%2C400italic%2C700%2C700italic%7CMontserrat%3A500&subset=latin%2Clatin-ext&ver=6.5-alpha-57492 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash ce9e6ace282c0a37d97f7d539a45062a713f4b39582873061c0377552bc1f6c4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 x-nc BYPASS hhn 2 last-modified Thu, 08 Feb 2024 15:02:38 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	/ s0.wp.com/_static/	60 KB 14 KB	19ms 12ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyUjNTS3WLyhKzc0szQVx0/JLi/STi4v104BKdBPLU4vzc1P1gAI6+oT1FZdU5oAV2+faGpoZG5gamBsammYBAMXNKeE=&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 017bccf545b2ffdfa4d25b1b7a47d847a1c03c00d9a60426cdaed49cf7bbe2da Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Fri, 12 Aug 2022 20:23:59 GMT server nginx etag W/"62f6b6df-f188" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 14 Mar 2024 19:38:51 GMT
GET H2	200	/ s0.wp.com/_static/	3 KB 1 KB	21ms 15ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJx9zMEKwjAMxvEXsmY9bHgRn6V2MWSmTVla9vpW8LDB8JYf5P/BVlzUXDFXSM0VacTZYMFaQnz/DNYyJJ2boMHGM2E1MI0cxHGvj7hGswuc7xKqE42hsuYD3EsCr//SFZ+i1E+C/rXjN3qku59uo/fjMA3LB+kmT0M=&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 70746c461d32b81951f85b1da353e29d43410ae13916ae31b845a0bcbf4e197f Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Fri, 26 May 2023 15:31:17 GMT server nginx etag W/"6470d0c5-d2a" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Sat, 25 May 2024 16:37:52 GMT
GET H2	200	/ s0.wp.com/_static/	30 KB 11 KB	19ms 13ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJyNjcsKAjEMRX/IGsdR1IX4KRLT0nZMkzJpEf/eB27Ejbt74HIO3KojlRakQemuco9ZDKbQKtL1w2BdoKjvHAws4Rw8en9/zyxxSWYL+Ft0zkJgShnZsUa1L/iRtRTKM5s2EFkvyK/DqRyH3WrcDodxv54euNBIXw==&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 861af5dd96b652ea4e711b9377e771b5200b235ad71b216dd0ba669e640f0822 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Mon, 25 Dec 2023 15:49:52 GMT server nginx etag W/"6589a4a0-769e" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Tue, 24 Dec 2024 16:05:12 GMT
GET H2	200	/ Show response s0.wp.com/_static/	133 KB 44 KB	21ms 15ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJx9j01OxDAMhS9ExsCiogvEUUZpYypnEjvYzsDcniAVNCBgZb0fvU+G1xZWYUd2yAZVFioYuqHGbXiB+FkO2W7gqld7aKVvxAYZvcX1tGuwznAkXmHpVBIoluiYQhNz+64Olfjn7uBr8dBU3i6f2RgrPaF9hPmlo172cz3wZylU2nRAf6P9/8VuHc/ISRRid6nRndav8pkSSlM0278ttIDLCTksSmnDAXyqj3fTPM8P0/10m98BNEWIiQ== Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash cf75f45164a049900471e9bc171c299121e16f3675651b92ee8ca43dc974d64a Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Tue, 14 Nov 2023 18:24:42 GMT server nginx etag W/"6553bb6a-2146a" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Wed, 13 Nov 2024 18:35:57 GMT
GET H2	200	generation-of-c-shellcode.png pentestlab.files.wordpress.com/2017/05/	269 KB 270 KB	68ms 7ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/generation-of-c-shellcode.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash fa05d541ee61f9bb7ef491217c0832f45a6be57be62c00cbc3b7c63a7ef86603 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 18:24:06 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 275896 expires Tue, 27 Feb 2024 06:34:00 GMT
GET H2	200	executing-shellcode-via-msbuild.png pentestlab.files.wordpress.com/2017/05/	2 KB 3 KB	67ms 6ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/executing-shellcode-via-msbuild.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash b2f4ce6ff2c8847c7e0c92f35ef61a5b36e5048733080b7cc1a81b8399014aff Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 21:21:06 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 2528 expires Tue, 05 Mar 2024 06:15:48 GMT
GET H2	200	meterpreter-via-msbuild.png pentestlab.files.wordpress.com/2017/05/	67 KB 68 KB	22ms 10ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/meterpreter-via-msbuild.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 4a405940a0d64eba67299cc8d915f3afbf8db9c3683d90cbfe12484dfbc26b40 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 21:20:03 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 69062 expires Sat, 16 Mar 2024 12:51:16 GMT
GET H2	200	hovercards.min.js Show response 0.gravatar.com/js/hovercards/	13 KB 5 KB	182ms 6ms	Script application/javascript	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202406131f6b765e798866d728f95661b78bbf269c86482ffff0fa8c08e18a1a65cc89 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 131f6b765e798866d728f95661b78bbf269c86482ffff0fa8c08e18a1a65cc89 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT strict-transport-security max-age=31536000; includeSubdomains; preload content-encoding br last-modified Tue, 28 Nov 2023 13:47:28 GMT server nginx etag W/"6565ef70-329d" content-type application/javascript cache-control max-age=604800 alt-svc h3=":443"; ma=86400 expires Thu, 15 Feb 2024 15:02:38 GMT
GET H2	200	wpgroho.js Show response s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/	655 B 702 B	19ms 8ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 1 server nginx etag W/1125-1684465005221.1526 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 20:22:44 GMT
GET H2	200	wpcom-gray-white.png s0.wp.com/i/logo/	8 KB 8 KB	10ms 5ms	Image image/png	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://s0.wp.com/i/logo/wpcom-gray-white.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-ac 2.hhn _dfw MISS last-modified Fri, 19 May 2023 01:47:42 GMT server nginx etag "6466d53e-200b" access-control-allow-methods GET, HEAD content-type image/png access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 8203 expires Sat, 09 Nov 2024 15:12:15 GMT
GET H2	200	/ Show response s0.wp.com/_static/	32 KB 13 KB	19ms 8ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyClNz8wr1i+uzCtJrMjITM/IAeKS1CJMEWP94uSizIISoOIM5/yiVL2sYh19yo1yKioFmldcDDTOPtfW0MzQ1MTczNLYKAsAj5w/sg== Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash de82ba6d47c0b4495e7dc26891a7ef82f1f07730df39a5375343b341c4eec13d Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Fri, 19 May 2023 01:52:55 GMT server nginx etag W/"6466d677-8144" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Sat, 09 Nov 2024 15:32:00 GMT
GET H2	200	/ s0.wp.com/_static/	180 KB 55 KB	19ms 8ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJydjsEOwiAQRH9Ium1sWj0Yv4UCIhUWwrI2/r00ab2YePA4uzNvBpYkVMRisEBgkTxbhwSzKUmqx6aBGCFEzd4QKJkjk/FAi0smi4lRe9MoogP8D9s9++HDc6g869VKBFrS3dUGaoLDr8q9z3KVk8m2frKBZzc2Q9PDxM5rUDGkiNVOQOX1e7jKcdHkLEovbjEH2hgyJS/ryjV7DZdubMdjfxrO7fwGx1t9bg==&cssminify=yes Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 9875cce492eeff24686e3a4064adcc13819f77124f97b11b87ce6a574fcaf3be Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-2d046" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css;charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Fri, 07 Feb 2025 01:08:38 GMT
GET H2	200	/ Show response s0.wp.com/_static/	60 KB 19 KB	19ms 9ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJydkNFqwzAMRX9ojjLyUPow9ilDsZVWiWV7lt3Sv6+7NmOQwsaejK6Ory4XzsnYGAqFAlJN8vXAQcHzQgqflSodMThPuZv1BZ7DM5WEdjFNOicb5bEArQFOFFzMgLVEwVLYbmjQbGGs7F2D81ilnRBpJxRQldrjLgGFrfER3TZIOZK0rCmTcJXbOMWaYVYIeOIDFo7h73/UZk5l5TlYX10j2+aRymRK/tIJb0yfNPKjiI/mBRNaGmNcDMlI7h8G954s5liV/De2Cr/EwoVVqJih6+92qzDlL/iW6F3eXnf9btj3/X6Yr/u4y/0= Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 4dd338d49738b699a41993a965b1e6a8755ef8d0d5252ee3341a2707227580e4 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Thu, 08 Feb 2024 11:01:43 GMT server nginx etag W/"65c4b497-f03c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Fri, 07 Feb 2025 11:39:47 GMT
GET H2	200	lodash.min.js Show response s0.wp.com/wp-includes/js/dist/vendor/	69 KB 25 KB	24ms 14ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-includes/js/dist/vendor/lodash.min.js?m=1690990124i&ver=4.17.21 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 211fdb26a74dac46f2bd297c0f02953de9e69355035cad239d87acf21c5a6a0e Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 02 Aug 2023 15:29:05 GMT server nginx etag W/"64ca7641-115ad" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Wed, 18 Dec 2024 12:28:45 GMT
GET H2	200	/ Show response s0.wp.com/_static/	127 KB 40 KB	24ms 14ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWT8ksLtEvS81LyS/SB0oV5OdUpmXm5ADVpBaV6OVm5ullFevo49FUlJqeClSbWJJfpFtUmleSmZtKjDYku6DK7XNtDc0sLY0sTYwtLbMA5bE9uw== Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 50b14ff286671974963967fd56c5d06430fea5b81ab695665752ae76236828fe Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Mon, 06 Nov 2023 18:13:40 GMT server nginx etag W/"65492cd4-1fb8a" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Tue, 05 Nov 2024 18:13:58 GMT
GET H2	200	react.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/vendors/	10 KB 4 KB	24ms 15ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/vendors/react.min.js?m=1707348690i&ver=18 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a851ac2edc584a3b08c0a057bb2d0c08ac95c4de2cc453e22a2c83305cce3694 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-2884" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	react-dom.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/vendors/	126 KB 42 KB	24ms 15ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/vendors/react-dom.min.js?m=1707348690i&ver=18 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash dbba6c1c59954873629e196b8009f0a8256e66d755f889cf6c8ac4f1164d10c2 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-1f878" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/hooks/	4 KB 2 KB	24ms 15ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/hooks/index.min.js?m=1707348690i&ver=3aee234ea7807d8d70bc Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-10a6" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:36:16 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/i18n/	9 KB 4 KB	24ms 15ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/i18n/index.min.js?m=1707348690i&ver=5baa98e4345eccc97e24 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-227d" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:36:16 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/url/	8 KB 4 KB	24ms 15ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/url/index.min.js?m=1707348690i&ver=0e4121b969d6c7f2b6e9 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 4184b0f4356e4605d8c0484f48c3e69f4840c601a4b1268f0499534e0e162802 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-2017" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/api-fetch/	5 KB 3 KB	25ms 16ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/api-fetch/index.min.js?m=1707348690i&ver=1d1bb669e2c3067cc691 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash d6aa645764dc59ae4f0585681381d901f186cae336e44e1fbc8de1c0a529e7ff Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca MISS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-155b" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:18 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/autop/	5 KB 2 KB	25ms 16ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/autop/index.min.js?m=1707348690i&ver=dd02809e92d21384c288 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 499b2afc2ca8c8cd894668ae9c64b89438c8170ecd5251af73215052f5125d1a Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-15ee" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:22 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/blob/	1 KB 879 B	25ms 16ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/blob/index.min.js?m=1707348690i&ver=94959d5178d135a3f178 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 81d80f7617f35c300905e4d00edab280731bc69dc5a1bb457a3171a296f0c579 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-457" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:21 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/block-serialization-default-parser/	2 KB 1 KB	25ms 16ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/block-serialization-default-parser/index.min.js?m=1707348690i&ver=ccafd59466e043b1e67a Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash d6480caf5f26b15563f969737af7f284bf796de4dd63c8caaa3481fe75d05b80 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-94e" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:22 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/deprecated/	687 B 775 B	25ms 16ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/deprecated/index.min.js?m=1707348690i&ver=5f56b9106e825b0b4ab3 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash fe788e0f7ae46a370ab3eb4f2a404269b1072e56135216713e39502c7dacde59 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-2af" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/dom/	12 KB 5 KB	25ms 17ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/dom/index.min.js?m=1707348690i&ver=44e4bca27663d6dfa4f6 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash bbc51c7d3315175c9f89d86add8afd37a09671935e0306a1fea6e0189f37901c Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-3036" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/escape-html/	1003 B 850 B	25ms 17ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/escape-html/index.min.js?m=1707348690i&ver=fbad781820bda8333f76 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash d413a32d4aad316a296461ff801272dc11512f252e5eba70da8e0673c204b235 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-3eb" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/element/	11 KB 5 KB	25ms 17ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/element/index.min.js?m=1707348690i&ver=30b6834ec0d0e2c24761 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 6dc63fe3f880324c960483652ea9f872199ad3887e2e072e1925cb167bafa576 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-2dfa" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/is-shallow-equal/	1021 B 845 B	25ms 17ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/is-shallow-equal/index.min.js?m=1707348690i&ver=5299ef30233b42ce5199 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash d1250ea07224819d007acda104687b92e3a5174adacf12837fc5e9ff14021286 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-3fd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/keycodes/	3 KB 2 KB	32ms 24ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/keycodes/index.min.js?m=1707348690i&ver=54656f44cb3b10270813 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 45a05663a6bbdacc788b036380a0ee4c7b49b7bc498d8a98d8e5748b91e59030 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-b1b" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/priority-queue/	3 KB 2 KB	32ms 24ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/priority-queue/index.min.js?m=1707348690i&ver=c01f24e11b08ca4aff89 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 96e284f53f584411c21ef89fa08219b4188014333413eef9f7de213669c25fa7 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-d06" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/compose/	36 KB 13 KB	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/compose/index.min.js?m=1707348690i&ver=454f32655f7e573fedaf Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 330552ee73bfedc67b35584fda8afa0faaf4f23ca42db8baefd7a5b25059c969 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-8f0d" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/private-apis/	3 KB 1 KB	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/private-apis/index.min.js?m=1707348690i&ver=52428a68ae244aabb6fb Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 466ce3f481df55d5402c2179fbfff4190e0881d9a94ab5303b4978bb123bd8db Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-ad7" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/redux-routine/	9 KB 3 KB	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/redux-routine/index.min.js?m=1707348690i&ver=786aeb57a8ae5605915c Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 97cc56205ee842e64adc7912cb7e86c6b31a90ba065cf46009c09bca05293059 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-2207" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/data/	26 KB 9 KB	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/data/index.min.js?m=1707348690i&ver=8cafd24092cef7bf9436 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 81c14677193331d086999b1a5ba914e351f3be194e9fe4dbc6fc7af67808d0a5 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-6808" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/html-entities/	791 B 753 B	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/html-entities/index.min.js?m=1707348690i&ver=e9ce7ebd2e4bd93c7be1 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a37ef75bef9c0b9ca67220a826fad8761b880347fbb763c56d38834eb1c5a302 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-317" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/dom-ready/	460 B 781 B	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/dom-ready/index.min.js?m=1707348690i&ver=222ad38e3e5e302c8bbf Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag "65c412e2-1cc" access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 460 expires Thu, 06 Feb 2025 23:43:08 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/a11y/	2 KB 1 KB	32ms 25ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/a11y/index.min.js?m=1707348690i&ver=9061ce25a6ee8a006b52 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 729cb114db2bc898ebd76af066a49a76432f8ad984505e6ecfcfbc37672813cf Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-939" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/rich-text/	30 KB 11 KB	32ms 26ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/rich-text/index.min.js?m=1707348690i&ver=e664ffc13430770f8e20 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 667b4d451abe29c658488b1d4df14793babb73b00a72cca8052447eea242cae7 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-78ae" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:15 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/shortcode/	3 KB 2 KB	32ms 26ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/shortcode/index.min.js?m=1707348690i&ver=76f6ae4ad6804e0c13db Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 91d0022cd0ba8821088854f4e21f21ddf56c1b1017446ca6189ff7bf593e2b72 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 23:31:46 GMT server nginx etag W/"65c412e2-b57" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:26 GMT
GET H2	200	index.min.js Show response s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/blocks/	161 KB 52 KB	32ms 26ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/gutenberg-core/v17.6.4/build/blocks/index.min.js?m=1707348690i&ver=e379b584e44b53e69421 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash e395e619d3151c852bf9c05ecdad5c3099fcffedd19343618468a224a105492b Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca MISS last-modified Wed, 07 Feb 2024 23:31:45 GMT server nginx etag W/"65c412e1-283f5" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 23:43:18 GMT
GET H2	200	/ Show response s0.wp.com/_static/	30 KB 11 KB	32ms 26ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??-eJydjkEKAjEMRS9kjTpIV+JRpM3UITNtE5p2en27cCWC4PLBf48PXQxyriFXSM1IbAtlBSzcZ6Ulu2ieXJKCbxRncCLRNQ3HVQ/wXV1DFYfbm0FbhgdlBB8ZNx3sFQtJJR7jnUL/v1WCBFfNTkqVy68YusLjejRdkNMHDu+ebmd7stN0sdN1fQE/7WnB Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash bb7e1d078ab58cc492068b9ec67be2bf234676e618b211dab57666721476d0c6 Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Wed, 07 Feb 2024 19:05:45 GMT server nginx etag W/"65c3d489-76b1" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 06 Feb 2025 19:47:23 GMT
GET H2	200	rating.js Show response polldaddy.com/js/rating/	16 KB 5 KB	507ms 160ms	Script application/javascript	192.0.123.249 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://polldaddy.com/js/rating/rating.js?ver=13.2-a.0 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.123.249 Los Angeles, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS polldaddy.com Software nginx / Resource Hash bdb75e08b4b1eedee2847c2eafacc3089842b8735f7c6d4e99aedcb6ba828e55 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br last-modified Thu, 14 Dec 2023 16:20:37 GMT server nginx etag W/"657b2b55-3fc5" vary Accept-Encoding content-type application/javascript cache-control max-age=2592000 alt-svc h3=":443"; ma=86400 expires Sat, 09 Mar 2024 15:02:38 GMT
GET H2	200	sharing.min.js Show response s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/build/sharedaddy/	9 KB 3 KB	31ms 26ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/build/sharedaddy/sharing.min.js?m=1685112397i Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dca BYPASS last-modified Fri, 26 May 2023 14:46:54 GMT server nginx etag W/"6470c65e-2259" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Thu, 30 May 2024 20:22:45 GMT
GET H2	200	w.js Show response stats.wp.com/	12 KB 5 KB	176ms 6ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/w.js?67 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 79674b01741c3978417b6b9b4b98d125755e7bb468979d5cd593eac4b94cdb91 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br server nginx x-minify t etag W/12827-1705538370042.3745 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 alt-svc h3=":443"; ma=86400 expires Fri, 17 Jan 2025 00:39:37 GMT
GET H2	200	bilmur.min.js Show response pentestlab.blog/wp-content/js/	6 KB 3 KB	144ms 140ms	Script application/javascript	192.0.78.24 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://pentestlab.blog/wp-content/js/bilmur.min.js?i=11&m=202406 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 15 Nov 2023 17:05:23 GMT server nginx x-ac 2.hhn _dfw MISS etag W/"6554fa53-161b" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 alt-svc h3=":443"; ma=86400 expires Fri, 07 Feb 2025 15:02:38 GMT
GET H2	200	header.jpg s0.wp.com/wp-content/themes/premium/thefour/img/	200 KB 200 KB	10ms 10ms	Image image/jpeg	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://s0.wp.com/wp-content/themes/premium/thefour/img/header.jpg Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 1f16434d944a6e996c5b5bf08d9061ee33eaf68dbd2f4f8f786e159f7dc5cae6 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-ac 2.hhn _dfw MISS last-modified Fri, 19 May 2023 03:03:09 GMT server nginx etag "6466e6ed-31e2d" access-control-allow-methods GET, HEAD content-type image/jpeg access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 204333 expires Sat, 09 Nov 2024 15:25:22 GMT
GET H2	200	JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2 fonts.wp.com/s/montserrat/v26/	15 KB 15 KB	29ms 5ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Open%2BSans%3A400%2C400italic%2C700%2C700italic%7CMontserrat%3A500&subset=latin%2Clatin-ext&ver=6.5-alpha-57492 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash b52de70853ed4bac82f0c4cc5d6c7da8d588de61d97e8c30b99e40eefcde5a44 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff last-modified Wed, 13 Sep 2023 22:45:20 GMT server nginx age 13207 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 15100 x-xss-protection 0
GET DATA	200 OK	truncated /	7 KB 7 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 70c44a9df364a5e5779a64d3b6bace4a0939ad6649859f59e30d4df5bbfbf7d6 Request headers Referer Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers Content-Type application/octet-stream
GET H3	200	fontawesome-webfont.woff2 s0.wp.com/wp-content/themes/premium/thefour/fonts/	70 KB 71 KB	19ms 11ms	Font application/font-woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/themes/premium/thefour/fonts/fontawesome-webfont.woff2?v=4.6.3 Requested by Host: s0.wp.com URL: https://s0.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyUjNTS3WLyhKzc0szQVx0/JLi/STi4v104BKdBPLU4vzc1P1gAI6+oT1FZdU5oAV2+faGpoZG5gamBsammYBAMXNKeE=&cssminify=yes Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73 Request headers Referer https://s0.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyUjNTS3WLyhKzc0szQVx0/JLi/STi4v104BKdBPLU4vzc1P1gAI6+oT1FZdU5oAV2+faGpoZG5gamBsammYBAMXNKeE=&cssminify=yes Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-ac 2.hhn _dfw MISS last-modified Fri, 19 May 2023 03:03:26 GMT server nginx etag "6466e6fe-118d8" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 71896 expires Sat, 09 Nov 2024 15:45:17 GMT
GET H2	200	9161b274d6d350683293f1e03d228985ac0ff6ac6c89353f4b6bd1a7bc69daf4 0.gravatar.com/avatar/	2 KB 3 KB	115ms 6ms	Image image/png	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://0.gravatar.com/avatar/9161b274d6d350683293f1e03d228985ac0ff6ac6c89353f4b6bd1a7bc69daf4?s=32&d=identicon&r=G Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 7d5f6f7d593191e51c8211ccee54ec6b5425e3f5ae5da264eb56f7c1a8cbd630 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT last-modified Sun, 19 Nov 2023 17:53:28 GMT server nginx content-type image/png access-control-allow-origin * cache-control max-age=300 content-disposition inline; filename="9161b274d6d350683293f1e03d228985ac0ff6ac6c89353f4b6bd1a7bc69daf4.png" accept-ranges bytes link <https://gravatar.com/avatar/9161b274d6d350683293f1e03d228985ac0ff6ac6c89353f4b6bd1a7bc69daf4?s=32&d=identicon&r=G>; rel="canonical" content-length 2556 alt-svc h3=":443"; ma=86400 expires Thu, 08 Feb 2024 15:07:38 GMT
GET H3	200	msbuild-powershell.png pentestlab.files.wordpress.com/2017/05/	3 KB 3 KB	11ms 9ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-powershell.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 838709124cee365353054f8fdf0aa50451ae4d8a215b9695e6d5db4298d19053 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 19:25:59 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 2608 expires Wed, 28 Feb 2024 11:54:48 GMT
GET H3	200	msbuild-msbuildshell.png pentestlab.files.wordpress.com/2017/05/	846 B 1 KB	11ms 10ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-msbuildshell.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c04297ce6c1a6841e4cc7884f9987c68a900bb819fd93bfd43a392cde099e234 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 21:06:01 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 846 expires Mon, 04 Mar 2024 08:51:14 GMT
GET H3	200	msbuildshell.png pentestlab.files.wordpress.com/2017/05/	16 KB 16 KB	12ms 10ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuildshell.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 2d83bea79070b8f4ed432fbadad2c1214eb3e5af8a2000c375b44c7625691f5c Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 21:12:35 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 16478 expires Wed, 28 Feb 2024 23:01:19 GMT
GET H3	200	msbuild-executing-psattack.png pentestlab.files.wordpress.com/2017/05/	3 KB 3 KB	11ms 10ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-executing-psattack.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 18374219c1fc61a61818bc567193b1b3c22834bd4cd071f0e681888fb444d47c Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 21:14:06 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 2992 expires Mon, 12 Feb 2024 04:59:00 GMT
GET H3	200	msbuild-psattack.png pentestlab.files.wordpress.com/2017/05/	17 KB 17 KB	12ms 11ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-psattack.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c24a88a723aada71fa0ebef60ff83967a98722c4ba7907dc957deb0677c4cfc2 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 21:14:14 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 17120 expires Wed, 14 Feb 2024 05:03:39 GMT
GET H3	200	msbuild-executing-mimikatz.png pentestlab.files.wordpress.com/2017/05/	5 KB 6 KB	14ms 12ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-executing-mimikatz.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 1234d1e44ba1656e2893e1520f76d89edfdb39be05a489be408a3a29673aad50 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 19:18:58 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 5526 expires Tue, 13 Feb 2024 17:15:07 GMT
GET H3	200	msbuild-mimikatz.png pentestlab.files.wordpress.com/2017/05/	10 KB 11 KB	14ms 13ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-mimikatz.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash a649373e4789ca5cee6ed7b72fea1481882aa0805cf155c84b2f262e6e1771f9 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 19:20:21 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 10456 expires Tue, 12 Mar 2024 16:23:34 GMT
GET H3	200	msbuild-dumping-credentials-via-mimikatz.png pentestlab.files.wordpress.com/2017/05/	6 KB 6 KB	14ms 13ms	Image image/webp	192.0.72.28 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pentestlab.files.wordpress.com/2017/05/msbuild-dumping-credentials-via-mimikatz.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.72.28 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 44fffd760753b25ef9cd03561ee719d51cb9a2e39f3d65c3db37444a60f3e0e3 Security Headers Name Value X-Content-Type-Options nosniff, nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 28 np date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff, nosniff last-modified Mon, 29 May 2017 19:23:00 GMT server nginx x-orig-src 0_imageresize vary Accept, Origin content-type image/webp access-control-allow-origin https://pentestlab.wordpress.com access-control-allow-credentials true accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 6306 expires Fri, 01 Mar 2024 10:21:35 GMT
GET H2	200	502e723a1a1c7a1accaabdd7b64b17b80b98267ca83390632760c2e5a1d77c5d 2.gravatar.com/avatar/	3 KB 4 KB	115ms 7ms	Image image/png	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://2.gravatar.com/avatar/502e723a1a1c7a1accaabdd7b64b17b80b98267ca83390632760c2e5a1d77c5d?s=50&d=identicon&r=G Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 107fe293c6569ee121189cc01c83eb0f1c3057e7b91484d8f23aeee4605a64c1 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 08 Feb 2024 15:02:38 GMT last-modified Wed, 11 Jan 1984 08:00:00 GMT server nginx content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes link <https://www.gravatar.com/avatar/502e723a1a1c7a1accaabdd7b64b17b80b98267ca83390632760c2e5a1d77c5d?s=50&d=identicon&r=G>; rel="canonical" content-length 3344 alt-svc h3=":443"; ma=86400 expires Thu, 08 Feb 2024 15:07:38 GMT
GET H3	200	css fonts-api.wp.com/	7 KB 1 KB	33ms 32ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Ubuntu:r,i,b,bi%7CUbuntu:r&subset=latin,latin-ext,latin,latin-ext Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 6e57606e03b2f8286e7343da02403a66a52cc44d9406dd0387e5bacf4264bf05 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 x-nc BYPASS hhn 2 last-modified Thu, 08 Feb 2024 15:02:38 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary accept-encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H3	200	4iCs6KVjbNBYlgoKfw72.woff2 fonts.wp.com/s/ubuntu/v20/	34 KB 34 KB	12ms 11ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Ubuntu:r,i,b,bi%7CUbuntu:r&subset=latin,latin-ext,latin,latin-ext Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff last-modified Wed, 27 Apr 2022 16:31:23 GMT server nginx age 273448 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 34852 x-xss-protection 0
GET H3	200	4iCu6KVjbNBYlgoKej70l0k.woff2 fonts.wp.com/s/ubuntu/v20/	36 KB 36 KB	13ms 12ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/ubuntu/v20/4iCu6KVjbNBYlgoKej70l0k.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Ubuntu:r,i,b,bi%7CUbuntu:r&subset=latin,latin-ext,latin,latin-ext Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash af186659e415490e7eee1bd3c8d511771dbd3e03ddbebf6b6a5096ac8ba29449 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff last-modified Wed, 27 Apr 2022 16:13:13 GMT server nginx age 378733 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 36564 x-xss-protection 0
GET H3	200	4iCv6KVjbNBYlgoCxCvjsGyN.woff2 fonts.wp.com/s/ubuntu/v20/	29 KB 29 KB	14ms 13ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Ubuntu:r,i,b,bi%7CUbuntu:r&subset=latin,latin-ext,latin,latin-ext Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff last-modified Wed, 27 Apr 2022 17:05:11 GMT server nginx age 360437 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 29752 x-xss-protection 0
GET H3	200	4iCp6KVjbNBYlgoKejZPslyPN4E.woff2 fonts.wp.com/s/ubuntu/v20/	30 KB 30 KB	14ms 14ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/ubuntu/v20/4iCp6KVjbNBYlgoKejZPslyPN4E.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Ubuntu:r,i,b,bi%7CUbuntu:r&subset=latin,latin-ext,latin,latin-ext Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 26918e4295cab1eaecebc5d4719c212691f040bfe31daf0c7caf08f7a0de520a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff last-modified Wed, 27 Apr 2022 16:08:03 GMT server nginx age 569732 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=86400 content-length 30660 x-xss-protection 0
GET H3	200	shCore.css s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/	5 KB 1 KB	7ms 6ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 93111ec228b7cde5000f4062ac113d5c56c77b2a7ccc4ab3b6ceaf97fe340e37 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/6813-1684465200241.7236 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Sat, 09 Nov 2024 15:12:32 GMT
GET H3	200	shThemeDefault.css s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/	2 KB 716 B	7ms 7ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?m=1363304414i&amp;ver=3.0.9b Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 8f892de7bd3f42587028e9a8ddd9d01c6923f3947e657710ef40a2407e718de6 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache miss date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/2877-1684465200225.7236 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 20:22:45 GMT
GET H2	200	sdk.js Show response connect.facebook.net/en_US/	3 KB 3 KB	32ms 9ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/sdk.js Requested by Host: s0.wp.com URL: https://s0.wp.com/_static/??-eJydkNFqwzAMRX9ojjLyUPow9ilDsZVWiWV7lt3Sv6+7NmOQwsaejK6Ory4XzsnYGAqFAlJN8vXAQcHzQgqflSodMThPuZv1BZ7DM5WEdjFNOicb5bEArQFOFFzMgLVEwVLYbmjQbGGs7F2D81ilnRBpJxRQldrjLgGFrfER3TZIOZK0rCmTcJXbOMWaYVYIeOIDFo7h73/UZk5l5TlYX10j2+aRymRK/tIJb0yfNPKjiI/mBRNaGmNcDMlI7h8G954s5liV/De2Cr/EwoVVqJih6+92qzDlL/iW6F3eXnf9btj3/X6Yr/u4y/0= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 088f746924c1087b217cf33f54e0ad53e1375041ecef44c6ac675a3627dd9c6e Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers permissions-policy-report-only autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy" strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Thu, 08 Feb 2024 15:02:38 GMT content-md5 JxbNj7e73R/7wuvqz8y59Q== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1688 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-debug ZSrQgYyOQuKOvDh9ljxr/XJwOOcwqj3JNlpWld+q7r1+ORuf5OA2X7ppNrjIYs+mKpPcSdYiDjLXVOozdvh6iw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-content-md5 d6d70c77f06f4b20ee88ab8c28088ce9 cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" etag "8fc1945ea8ad2a5af58323d20a810843" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * origin-agent-cluster ?0 access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy" x-frame-options DENY timing-allow-origin * expires Thu, 08 Feb 2024 15:19:57 GMT
GET H3	200	sdk.js Show response connect.facebook.net/en_US/	297 KB 85 KB	19ms 9ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/sdk.js?hash=a8273f9b0353f6cbacf694979277689b Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/sdk.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e1d116c460927f272f88ce15f929ebb059a6542431b58d8feaa785a7665ca846 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://pentestlab.blog/ Origin https://pentestlab.blog accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers permissions-policy-report-only autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy" strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Thu, 08 Feb 2024 15:02:38 GMT content-md5 A1Tqz/FkuRpFu0uzKEh4MA== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 87005 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-debug lUwjzhaZo55BTcp6pjBaGxyIfj2kXg36c4kp4EzBvHvDNw4ItAPUcXLYwvgIDD9eWFpGFvS02l27id8LakJQgw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-content-md5 e5111f47cc1f0e8b68baa16457447a21 cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" etag "187383f90647bf4a692b62f3b10fea17" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * origin-agent-cluster ?0 access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy" x-frame-options DENY timing-allow-origin * priority u=3,i expires Fri, 07 Feb 2025 12:32:59 GMT
GET H2	200	/ www.facebook.com/login/ Frame 9CB1 Redirect Chain https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6ec74b3d0ed4d3f5%26domain%3Dpente... https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbit...	0 0	181ms 180ms	Document text/html	2a03:2880:f177:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df6ec74b3d0ed4d3f5%2526domain%253Dpentestlab.blog%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fpentestlab.blog%25252Ffd0b47c483c97f22b%2526relation%253Dparent.parent%26container_width%3D342%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpentestlaboratory%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D200 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/sdk.js?hash=a8273f9b0353f6cbacf694979277689b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://pentestlab.blog/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control private, no-cache, no-store, must-revalidate content-encoding br content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-type text/html; charset="utf-8" cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" date Thu, 08 Feb 2024 15:02:38 GMT expires Sat, 01 Jan 2000 00:00:00 GMT origin-agent-cluster ?0 pragma no-cache report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown" strict-transport-security max-age=15552000; preload vary Accept-Encoding x-content-type-options nosniff x-fb-debug GN9aQWQdFfJ786T6KAugscRBslAmtRL9iVCbF5cQuun8QDY1Rj0uVo+gzW/1HMQlci25ZstZANBO90PsXKFAkA== x-frame-options DENY x-xss-protection 0 Redirect headers alt-svc h3=":443"; ma=86400 cache-control private, no-cache, no-store, must-revalidate content-length 0 content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co media.tenor.com *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-type text/html; charset="utf-8" cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy unsafe-none;report-to="coop_report" cross-origin-resource-policy cross-origin date Thu, 08 Feb 2024 15:02:38 GMT document-policy force-load-at-top expires Sat, 01 Jan 2000 00:00:00 GMT facebook-api-version v12.0 location https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df6ec74b3d0ed4d3f5%2526domain%253Dpentestlab.blog%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fpentestlab.blog%25252Ffd0b47c483c97f22b%2526relation%253Dparent.parent%26container_width%3D342%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpentestlaboratory%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D200 origin-agent-cluster ?0 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" permissions-policy-report-only autoplay=(), clipboard-read=(), clipboard-write=();report-to="permissions_policy" pragma no-cache report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true} reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0" strict-transport-security max-age=15552000; preload x-content-type-options nosniff x-fb-debug 0o/iGNx4nty0EShb/BADqHr87G5Z1G1oL59IvQmkfM4M6OOC9cYqg/jZw/p+uU6O/FdXbQR0mPRQFduF/fslzQ== x-xss-protection 0
GET H2	200	rate.php Show response polldaddy.com/ratings/	1 KB 539 B	162ms 162ms	Script application/javascript	192.0.123.249 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://polldaddy.com/ratings/rate.php?cmd=get&id=5556500&uid=wp-post-6835&item_id=_post_6835 Requested by Host: polldaddy.com URL: https://polldaddy.com/js/rating/rating.js?ver=13.2-a.0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.123.249 Los Angeles, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS polldaddy.com Software nginx / Resource Hash 375cfbf8dbd3f05fecd0539f10d9ee411a187fe4e3361b3310ddb8639d3a655c Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers content-type application/javascript date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br server nginx alt-svc h3=":443"; ma=86400 vary Accept-Encoding content-language en
GET H2	200	master.html Show response widgets.wp.com/likes/ Frame BCF3	3 KB 1 KB	24ms 8ms	Document text/html	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://widgets.wp.com/likes/master.html?ver=202402081217 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash c21754110d328a886423cc2f20ec83de38c4f5dab11006198ec8c0d409152881 Request headers Referer https://pentestlab.blog/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-methods GET, HEAD access-control-allow-origin * alt-svc h3=":443"; ma=86400 content-encoding br content-type text/html date Thu, 08 Feb 2024 15:02:38 GMT etag W/"65c4ba71-b04" last-modified Thu, 08 Feb 2024 11:26:41 GMT server nginx timing-allow-origin * vary Accept-Encoding x-ac 2.hhn _dfw MISS x-nc HIT hhn 2
GET H2	200	g.gif pixel.wp.com/	50 B 177 B	13ms 7ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.49117795992061586 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers access-control-allow-origin * date Thu, 08 Feb 2024 15:02:38 GMT cache-control no-cache server nginx alt-svc h3=":443"; ma=86400 content-length 50 content-type image/gif
GET H2	200	g.gif pixel.wp.com/	50 B 177 B	13ms 7ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?blog=32637504&v=wpcom&tz=0&user_id=0&post=6835&subd=pentestlab&host=pentestlab.blog&ref=&rand=0.5845670860402059 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers access-control-allow-origin * date Thu, 08 Feb 2024 15:02:38 GMT cache-control no-cache server nginx alt-svc h3=":443"; ma=86400 content-length 50 content-type image/gif
GET H2	200	g.gif pixel.wp.com/	50 B 177 B	13ms 7ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD9VW01sb1FYb1BbWjdGRC9sb0pTaVhpPWZ2M2IyL2FELmhfdExDTGlOcXY3ZUF1THxaPS1YSUpSRGZRaS52P3RPa1dmVTdLS3FrZj85UUxrbEFnSy9mZDdTXzlwMmtWRHUwL3pWdVBLQ2VPSFt0bHFLZlovS1ZjUCVFYWxZL0FbeFZkM3pMLVs5LUVkUUtdaHFXNGs4a19nTU5WUmVnMkVwUjRdbWkzVmtldFZsTDhiVjZsY05pU2xaQXRPNSxsX1cyTGM9UWtXcyZYMCYuVS05ZVFyUklXNWxFRWtFZGVOR05WWV0mcltPMVk2VUdRYyxsRno5ZC1wRDI9NjI1UHhDeA%3D%3D&v=wpcom-no-pv&rand=0.24250863029483205 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers access-control-allow-origin * date Thu, 08 Feb 2024 15:02:38 GMT cache-control no-cache server nginx alt-svc h3=":443"; ma=86400 content-length 50 content-type image/gif
GET H3	200	wp-emoji-release.min.js Show response s0.wp.com/wp-includes/js/	18 KB 5 KB	7ms 7ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1677072837i&ver=6.5-alpha-57492 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS last-modified Fri, 19 May 2023 01:48:02 GMT server nginx etag W/"6466d552-4904" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Tue, 04 Feb 2025 12:37:47 GMT
GET H3	200	/ Show response pentestlab.blog/2017/05/29/applocker-bypass-msbuild/	4 KB 1 KB	377ms 377ms	XHR application/json	192.0.78.24 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/?relatedposts=1 Requested by Host: s0.wp.com URL: https://s0.wp.com/_static/??-eJx9j01OxDAMhS9ExsCiogvEUUZpYypnEjvYzsDcniAVNCBgZb0fvU+G1xZWYUd2yAZVFioYuqHGbXiB+FkO2W7gqld7aKVvxAYZvcX1tGuwznAkXmHpVBIoluiYQhNz+64Olfjn7uBr8dBU3i6f2RgrPaF9hPmlo172cz3wZylU2nRAf6P9/8VuHc/ISRRid6nRndav8pkSSlM0278ttIDLCTksSmnDAXyqj3fTPM8P0/10m98BNEWIiQ== Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 43e5988c34535bb6b5eef4d4836f832178d3310ccf62fdaa922d068b30e6f7d4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ x-requested-with XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-hacker Want root? Visit join.a8c.com/hacker and mention this header. date Thu, 08 Feb 2024 15:02:39 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding br server nginx x-ac 2.hhn _dfw EXPIRED vary Accept-Encoding, accept, content-type x-pingback https://pentestlab.blog/xmlrpc.php content-type application/json; charset=utf-8 host-header WordPress.com alt-svc h3=":443"; ma=86400
GET H2	200	hovercards.min.css 0.gravatar.com/js/hovercards/	3 KB 1 KB	7ms 6ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=202406131f6b765e798866d728f95661b78bbf269c86482ffff0fa8c08e18a1a65cc89 Requested by Host: 0.gravatar.com URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202406131f6b765e798866d728f95661b78bbf269c86482ffff0fa8c08e18a1a65cc89 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT strict-transport-security max-age=31536000; includeSubdomains; preload content-encoding br last-modified Wed, 11 Oct 2023 03:50:13 GMT server nginx etag W/"65261b75-d5d" content-type text/css cache-control max-age=604800 alt-svc h3=":443"; ma=86400 expires Thu, 15 Feb 2024 15:02:38 GMT
GET H2	200	count.json Show response api.pinterest.com/v1/urls/	117 B 423 B	145ms 105ms	Script application/javascript	23.212.88.188 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fpentestlab.blog%2F2017%2F05%2F29%2Fapplocker-bypass-msbuild%2F Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/build/sharedaddy/sharing.min.js?m=1685112397i Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.212.88.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-212-88-188.deploy.static.akamaitechnologies.com Software / Resource Hash bd87a00a399df2fef456d5174f67d93fe74efcfbbb21ef549f294e99f112e05c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT x-content-type-options nosniff x-cdn akamai akamai-grn 0.78632617.1707404558.2e6c2ee0 content-type application/javascript access-control-allow-origin * cache-control no-cache, no-store, must-revalidate x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=600 content-length 117 x-pinterest-rid 1500288567701389 expires Thu, 08 Feb 2024 15:17:38 GMT
GET H2	200	g.gif pixel.wp.com/	50 B 177 B	7ms 7ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.6809645918562821 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers access-control-allow-origin * date Thu, 08 Feb 2024 15:02:38 GMT cache-control no-cache server nginx alt-svc h3=":443"; ma=86400 content-length 50 content-type image/gif
GET H2	200	remote-login.php Show response r-login.wordpress.com/ Frame 2284	125 B 373 B	177ms 146ms	Document text/html	192.0.78.19 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9wZW50ZXN0bGFiLmJsb2c%3D&wpcomid=32637504&time=1707404557 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.19 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash abd210a1d68ca64fcf3b6de42a292f5d1f17a8e7856e4489389ca1c1e6ab05c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://pentestlab.blog/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, must-revalidate, max-age=0 content-encoding br content-type text/html; charset=utf-8 date Thu, 08 Feb 2024 15:02:38 GMT expires Wed, 11 Jan 1984 05:00:00 GMT server nginx strict-transport-security max-age=31536000 vary Accept-Encoding Cookie x-ac 1.hhn _dfw MISS
GET H3	200	rlt-proxy.js Show response s0.wp.com/wp-content/js/ Frame BCF3	3 KB 1 KB	7ms 6ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122 Requested by Host: widgets.wp.com URL: https://widgets.wp.com/likes/master.html?ver=202402081217 Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c Request headers accept-language de-DE,de;q=0.9 Referer https://widgets.wp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/7325-1684465206729.7068 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 14:44:30 GMT
GET H3	200	/ Show response s0.wp.com/_static/ Frame BCF3	90 KB 23 KB	7ms 7ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=202402081217 Requested by Host: widgets.wp.com URL: https://widgets.wp.com/likes/master.html?ver=202402081217 Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash b3f0a4d74055390ed4447bed3d22ac7a382770ff652002052683d9d165372714 Request headers accept-language de-DE,de;q=0.9 Referer https://widgets.wp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS last-modified Thu, 08 Feb 2024 11:01:40 GMT server nginx etag W/"65c4b494-169fd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * alt-svc h3=":443"; ma=86400 expires Fri, 07 Feb 2025 11:50:46 GMT
GET H2	200	/ Show response public-api.wordpress.com/wp-admin/rest-proxy/ Frame E654	9 KB 4 KB	166ms 141ms	Document text/html	192.0.78.23 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://public-api.wordpress.com/wp-admin/rest-proxy/ Requested by Host: s0.wp.com URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=202402081217 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash cb6af707ec628bb1798235eca73cdccb92608977e4680a4c60c308bf230e6032 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://widgets.wp.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 content-encoding br content-type text/html; charset=utf-8 date Thu, 08 Feb 2024 15:02:38 GMT p3p CP="CAO PSA OUR" server nginx strict-transport-security max-age=31536000 vary Accept-Encoding x-ac 1.hhn _dfw BYPASS
GET H2	200	star-yellow-sml.png polldaddy.com/images/ratings/	3 KB 3 KB	160ms 159ms	Image image/png	192.0.123.249 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://polldaddy.com/images/ratings/star-yellow-sml.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.123.249 Los Angeles, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS polldaddy.com Software nginx / Resource Hash 67f5e3a1fe926d54a765050fbdae81d08d4908c38c3a2340322ec7f5086df9e3 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT last-modified Fri, 12 Mar 2021 05:30:45 GMT server nginx etag "604afc85-c0d" content-type image/png cache-control max-age=2592000 accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 3085 expires Sat, 09 Mar 2024 15:02:38 GMT
GET H2	200	info.png polldaddy.com/images/ratings/	1 KB 1 KB	170ms 170ms	Image image/png	192.0.123.249 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://polldaddy.com/images/ratings/info.png Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.123.249 Los Angeles, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS polldaddy.com Software nginx / Resource Hash 8d1b51a6bcf97a173884161816c19b753e0088a0926148482d8a1f371706c774 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 15:02:38 GMT last-modified Wed, 08 Sep 2021 04:24:16 GMT server nginx etag "61383af0-4ca" content-type image/png cache-control max-age=2592000 accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 1226 expires Sat, 09 Mar 2024 15:02:38 GMT
GET H3	200	/ www.facebook.com/login/ Frame C4DD Redirect Chain https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1de2ae1fa4f29719%26domain%3Dpente... https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbit...	0 0	212ms 211ms	Document text/html	2a03:2880:f177:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1de2ae1fa4f29719%2526domain%253Dpentestlab.blog%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fpentestlab.blog%25252Ffd0b47c483c97f22b%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpentestlaboratory%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D200 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/sdk.js?hash=a8273f9b0353f6cbacf694979277689b Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://pentestlab.blog/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control private, no-cache, no-store, must-revalidate content-encoding br content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-type text/html; charset="utf-8" cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" date Thu, 08 Feb 2024 15:02:39 GMT expires Sat, 01 Jan 2000 00:00:00 GMT origin-agent-cluster ?0 pragma no-cache priority u=0,i report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown" strict-transport-security max-age=15552000; preload vary Accept-Encoding x-content-type-options nosniff x-fb-debug XZUM3SeJ4IW9f11qyJ+Qngi7SXrYPWhEbTMXEmbSW8541SNflOB7hW0aD27WFEFJ6/nDG9t6EccdKkg2ZS8j3g== x-frame-options DENY x-xss-protection 0 Redirect headers alt-svc h3=":443"; ma=86400 cache-control private, no-cache, no-store, must-revalidate content-length 0 content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co media.tenor.com *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-type text/html; charset="utf-8" cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy unsafe-none;report-to="coop_report" cross-origin-resource-policy cross-origin date Thu, 08 Feb 2024 15:02:39 GMT document-policy force-load-at-top expires Sat, 01 Jan 2000 00:00:00 GMT facebook-api-version v12.0 location https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df1de2ae1fa4f29719%2526domain%253Dpentestlab.blog%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fpentestlab.blog%25252Ffd0b47c483c97f22b%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fpentestlaboratory%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D200 origin-agent-cluster ?0 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" permissions-policy-report-only autoplay=(), clipboard-read=(), clipboard-write=();report-to="permissions_policy" pragma no-cache priority u=0,i report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true} reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0" strict-transport-security max-age=15552000; preload x-content-type-options nosniff x-fb-debug pvnswpnHag+A8jqvOM3SGXBw6KpAyM5g0yZpXEmWWVeKzThMeb2SZ6i2SSPMIem772BProHBuH4BIdYWpnQ5/Q== x-xss-protection 0
GET H3	200	rlt-proxy.js Show response s0.wp.com/wp-content/js/ Frame E654	3 KB 1 KB	6ms 6ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122 Requested by Host: public-api.wordpress.com URL: https://public-api.wordpress.com/wp-admin/rest-proxy/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c Request headers accept-language de-DE,de;q=0.9 Referer https://public-api.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:38 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/7325-1684465206729.7068 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 14:44:30 GMT
OPTIONS H2	200	results api.crowdsignal.com/v3/polls/null/ Frame	0 0	609ms 154ms	Preflight text/html	192.0.123.248 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://api.crowdsignal.com/v3/polls/null/results Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS polldaddy.com Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://pentestlab.blog Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers access-control-allow-headers X-HTTP-Method-Override,X-Requested-With,Content-Type,Accept,Origin,X-Ajax-Api-Token,X-Api-Partner-Guid,X-Api-User-Code,X-Partner-User-Id access-control-allow-methods OPTIONS access-control-allow-origin * alt-svc h3=":443"; ma=86400 content-encoding br content-language en content-type text/html; charset=utf-8 date Thu, 08 Feb 2024 15:02:39 GMT server nginx strict-transport-security max-age=31536000 vary Accept-Encoding
GET H3	200	actionbar.css s0.wp.com/wp-content/mu-plugins/actionbar/	15 KB 4 KB	7ms 7ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20240115 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash c1e62caa83381d8a3c58be2a17f28bff4176e8ddcd882bb923f3152852c06df9 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:39 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/18324-1705283925364.3767 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Tue, 14 Jan 2025 01:58:56 GMT
GET H3	200	actionbar.js Show response s0.wp.com/wp-content/mu-plugins/actionbar/	8 KB 3 KB	8ms 8ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122 Requested by Host: pentestlab.blog URL: https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a6dc271cbdaa05e97c5144483628df9e30b68326e5b04a5fef3322af1c0f22e0 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-minify-cache hit date Thu, 08 Feb 2024 15:02:39 GMT content-encoding br x-ac 2.hhn _dfw MISS x-minify t alt-svc h3=":443"; ma=86400 x-nc HIT hhn 2 server nginx etag W/15307-1700657605708.2092 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 21 Nov 2024 12:53:34 GMT
GET H2	200	results Show response api.crowdsignal.com/v3/polls/null/	83 B 436 B	154ms 154ms	Fetch application/json	192.0.123.248 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://api.crowdsignal.com/v3/polls/null/results Requested by Host: s0.wp.com URL: https://s0.wp.com/_static/??-eJydjkEKAjEMRS9kjTpIV+JRpM3UITNtE5p2en27cCWC4PLBf48PXQxyriFXSM1IbAtlBSzcZ6Ulu2ieXJKCbxRncCLRNQ3HVQ/wXV1DFYfbm0FbhgdlBB8ZNx3sFQtJJR7jnUL/v1WCBFfNTkqVy68YusLjejRdkNMHDu+ebmd7stN0sdN1fQE/7WnB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS polldaddy.com Software nginx / Resource Hash 0cb77f6bd1273cad08e067ffed9417a11c287310733ae531deda3d43fc4f2024 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://pentestlab.blog/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 content-type application/json Response headers date Thu, 08 Feb 2024 15:02:40 GMT content-encoding br strict-transport-security max-age=31536000 server nginx vary Accept-Encoding access-control-allow-methods OPTIONS content-language en access-control-allow-origin * content-type application/json access-control-allow-headers X-HTTP-Method-Override,X-Requested-With,Content-Type,Accept,Origin,X-Ajax-Api-Token,X-Api-Partner-Guid,X-Api-User-Code,X-Partner-User-Id alt-svc h3=":443"; ma=86400
POST H3	200	admin-ajax.php pentestlab.blog/wp-admin/	0 0	231ms 230ms	Fetch text/html	192.0.78.24 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://pentestlab.blog/wp-admin/admin-ajax.php Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122 Protocol H3 Security QUIC, , AES_128_GCM Server 192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Referer https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers x-hacker Want root? Visit join.a8c.com/hacker and mention this header. date Thu, 08 Feb 2024 15:02:39 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding br x-ac 2.hhn _dfw BYPASS host-header WordPress.com alt-svc h3=":443"; ma=86400 referrer-policy strict-origin-when-cross-origin server nginx vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/html; charset=UTF-8 access-control-allow-origin https://pentestlab.blog cache-control no-cache, must-revalidate, max-age=0 access-control-allow-credentials true x-robots-tag noindex expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	204	boom.gif pixel.wp.com/	0 105 B	7ms 6ms	Image text/plain	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.002&largest_contentful_paint=786&batcache_hit=0&provider=wordpress.com&service=simple&custom_properties=%7B%22enq_jquery%22%3A%221%22%2C%22enq_lodash%22%3A%221%22%2C%22enq_react%22%3A%221%22%2C%22logged_in%22%3A%220%22%2C%22wptheme%22%3A%22premium%2Fthefour%22%2C%22wptheme_is_block%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=10000&host_name=pentestlab.blog&url_path=%2F2017%2F05%2F29%2Fapplocker-bypass-msbuild%2F&nt_fetchStart=0&nt_domainLookupStart=44&nt_domainLookupEnd=44&nt_connectStart=44&nt_connectEnd=58&nt_secureConnectionStart=50&nt_requestStart=59&nt_responseStart=561&nt_responseEnd=576&nt_domLoading=563&nt_domInteractive=1175&nt_domContentLoadedEventStart=1177&nt_domContentLoadedEventEnd=1186&nt_domComplete=1699&nt_loadEventStart=1699&nt_loadEventEnd=1752&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=749&first_contentful_paint=749&resource_size=2084845&resource_transferred=834001&resource_cache_percent=0&js_size=1282818&js_transferred=431859&js_cache_percent=0&blocking_size=454995&blocking_transferred=103183&blocking_cache_percent=0&last_resource_end=2514 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://pentestlab.blog/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers access-control-allow-origin * date Thu, 08 Feb 2024 15:02:42 GMT cache-control no-cache server nginx alt-svc h3=":443"; ma=86400