offsec.red Open in urlscan Pro
167.99.162.66 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://offsec.red/mimikatz-cheat-sheet/
Effective URL:
https://offsec.red/mimikatz-cheat-sheet/
Submission: On August 04 via manual (August 4th 2020, 4:56:27 pm UTC) from US

Summary HTTP 9 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 167.99.162.66, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is offsec.red.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 24th 2020. Valid for: 3 months.

This is the only time offsec.red was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	167.99.162.66 167.99.162.66	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2

6 167.99.162.66 (Santa Clara, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

offsec.red	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	offsec.red 1 redirects offsec.red	399 KB
4	cloudflare.com cdnjs.cloudflare.com	9 KB
9	2

	Domain	Requested by
6	offsec.red	1 redirects offsec.red
4	cdnjs.cloudflare.com	offsec.red
9	2

This site contains links to these domains. Also see Links.

Domain
github.com

Subject Issuer	Validity	Valid
offsec.red Let's Encrypt Authority X3	`2020-04-24` - `2020-07-23`	3 months	crt.sh
cloudflare.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://offsec.red/mimikatz-cheat-sheet/
Frame ID: D9DCFFE628A71BC65CD0444C0BE0263E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://offsec.red/mimikatz-cheat-sheet/ HTTP 301
https://offsec.red/mimikatz-cheat-sheet/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

44 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

408 kB
Transfer

442 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/gentilkiwi/mimikatz
Title: https://github.com/gentilkiwi/mimikatz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://offsec.red/mimikatz-cheat-sheet/ HTTP 301
https://offsec.red/mimikatz-cheat-sheet/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
offsec.red/mimikatz-cheat-sheet/
Redirect Chain

http://offsec.red/mimikatz-cheat-sheet/
https://offsec.red/mimikatz-cheat-sheet/

9 KB
3 KB

507ms
179ms

Document
text/html

167.99.162.66
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://offsec.red/mimikatz-cheat-sheet/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.99.162.66 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 / Express
Resource Hash: 4d3c13e4b43cf5d4937a27a28a2acfe0eef1950238f2f7aad757e129e30dd837

Request headers

Host: offsec.red
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx/1.16.1
Date: Tue, 04 Aug 2020 16:56:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Cache-Control: public, max-age=0
ETag: W/"2511-gTIAtTBD2mpLpr4Sp0LkQ2o0/p8"
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx/1.16.1
Date: Tue, 04 Aug 2020 16:56:08 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://offsec.red/mimikatz-cheat-sheet/

GET
H/1.1 200
OK normalize.css
offsec.red/assets/css/ 7 KB
3 KB 176ms
175ms Stylesheet
text/css 167.99.162.66
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://offsec.red/assets/css/normalize.css?v=2ea1c226cd
Requested by: Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.99.162.66 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 / Express
Resource Hash: a674e5875baa1e5e816246f1151dd96cb24cbde094e0f3dbd5921e0d445a13c2

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 16:56:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Sat, 23 Nov 2019 22:39:21 GMT
Server: nginx/1.16.1
X-Powered-By: Express
ETag: W/"1d73-16e9a6b6cf7"
Transfer-Encoding: chunked
Content-Type: text/css; charset=UTF-8
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK screen.css
offsec.red/assets/css/ 16 KB
4 KB 343ms
167ms Stylesheet
text/css 167.99.162.66
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://offsec.red/assets/css/screen.css?v=2ea1c226cd
Requested by: Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.99.162.66 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 / Express
Resource Hash: bf341359fe5e4c839020ab8ae5b6a7f73a8c2b0eac6d4de4e6e0a21af86aa79b

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 16:56:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 25 Nov 2019 09:11:15 GMT
Server: nginx/1.16.1
X-Powered-By: Express
ETag: W/"418a-16ea1d44ddf"
Transfer-Encoding: chunked
Content-Type: text/css; charset=UTF-8
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes

GET
H2 200 prism-okaidia.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.16.0/themes/ 1 KB
1 KB 31ms
14ms Stylesheet
text/css 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.16.0/themes/prism-okaidia.min.css

Requested by

Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

624cf49cd58aef0e1058951847b3ab68de3bef768c07fd7568cb759d9cab86e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 04 Aug 2020 16:56:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 24054307
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 045bfff2010000bec4b58ff200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Wed, 03 Apr 2019 07:30:55 GMT
server: cloudflare
etag: W/"5ca4612f-590"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5bd9cf633c71bec4-FRA
expires: Sun, 25 Jul 2021 16:56:09 GMT

GET
H/1.1 200
OK cooltext342258963474130.png
offsec.red/content/images/2019/11/ 143 KB
143 KB 619ms
303ms Image
image/png 167.99.162.66
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offsec.red/content/images/2019/11/cooltext342258963474130.png
Requested by: Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.99.162.66 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 / Express
Resource Hash: 4239f1eef23a7fb35f6a8c80017dc6ac82e6b449f6ece70e0b2202a7fdd2fcc8

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 16:56:09 GMT
Last-Modified: Sat, 23 Nov 2019 08:41:08 GMT
Server: nginx/1.16.1
X-Powered-By: Express
ETag: W/"23c8c-16e976c02e1"
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 146572

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.15.0/ 12 KB
5 KB 32ms
16ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.15.0/prism.min.js

Requested by

Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8dceb2d6cfd8f85fbbf048024ff948da5c94ef2b3e3c562b45227aabcfd1f3ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 04 Aug 2020 16:56:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 15236531
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 045bfff2020000bec4b5900200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Sun, 17 Jun 2018 05:30:49 GMT
server: cloudflare
etag: W/"5b25f209-30c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5bd9cf633c73bec4-FRA
expires: Sun, 25 Jul 2021 16:56:09 GMT

GET
H2 200 prism-powershell.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.15.0/components/ 4 KB
2 KB 36ms
19ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.15.0/components/prism-powershell.min.js

Requested by

Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba826cabcd50cc586d0d42a6c6f67b7f8095518fa087e028fad2a13d7816bc45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 04 Aug 2020 16:56:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 8858684
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 045bfff2020000bec4b5901200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Sun, 17 Jun 2018 05:30:49 GMT
server: cloudflare
etag: W/"5b25f209-10ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5bd9cf633c74bec4-FRA
expires: Sun, 25 Jul 2021 16:56:09 GMT

GET
H2 200 prism-bash.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.15.0/components/ 3 KB
2 KB 33ms
16ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.15.0/components/prism-bash.min.js

Requested by

Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f760ceadaae4736b33fba2c19400ff9ff3d2001a5fcd3d8cc8c849099f9a835

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://offsec.red/mimikatz-cheat-sheet/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 04 Aug 2020 16:56:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17542950
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 045bfff2020000bec4b5902200000001
served-in-seconds: 0.016
timing-allow-origin: *
last-modified: Sun, 17 Jun 2018 05:27:05 GMT
server: cloudflare
etag: W/"5b25f129-b6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5bd9cf633c75bec4-FRA
expires: Sun, 25 Jul 2021 16:56:09 GMT

GET
H/1.1 200
OK kali-linux.png
offsec.red/assets/ 245 KB
245 KB 314ms
314ms Image
image/png 167.99.162.66
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offsec.red/assets/kali-linux.png
Requested by: Host: offsec.red
URL: https://offsec.red/mimikatz-cheat-sheet/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.99.162.66 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 / Express
Resource Hash: 928231e847f0dc35f141d2f0b674ec95dfe5e9d44a6ad281fd9212f8721e033f

Request headers

Referer: https://offsec.red/assets/css/screen.css?v=2ea1c226cd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 16:56:09 GMT
Last-Modified: Sun, 24 Nov 2019 21:19:53 GMT
Server: nginx/1.16.1
X-Powered-By: Express
ETag: W/"3d345-16e9f49058e"
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 250693

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _self object| Prism

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
offsec.red
167.99.162.66
2606:4700::6810:85e5
4239f1eef23a7fb35f6a8c80017dc6ac82e6b449f6ece70e0b2202a7fdd2fcc8
4d3c13e4b43cf5d4937a27a28a2acfe0eef1950238f2f7aad757e129e30dd837
5f760ceadaae4736b33fba2c19400ff9ff3d2001a5fcd3d8cc8c849099f9a835
624cf49cd58aef0e1058951847b3ab68de3bef768c07fd7568cb759d9cab86e4
8dceb2d6cfd8f85fbbf048024ff948da5c94ef2b3e3c562b45227aabcfd1f3ea
928231e847f0dc35f141d2f0b674ec95dfe5e9d44a6ad281fd9212f8721e033f
a674e5875baa1e5e816246f1151dd96cb24cbde094e0f3dbd5921e0d445a13c2
ba826cabcd50cc586d0d42a6c6f67b7f8095518fa087e028fad2a13d7816bc45
bf341359fe5e4c839020ab8ae5b6a7f73a8c2b0eac6d4de4e6e0a21af86aa79b

offsec.red Open in urlscan Pro 167.99.162.66 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

44 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

408 kBTransfer

442 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

offsec.red Open in urlscan Pro
167.99.162.66 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

44 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

408 kB
Transfer

442 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions