www.praetorian.com Open in urlscan Pro
146.148.61.165 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Submission: On January 10 via manual (January 10th 2024, 9:28:06 pm UTC) from US — Scanned from DE

Summary HTTP 106 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 33 IPs in 6 countries across 27 domains to perform 106 HTTP transactions. The main IP is 146.148.61.165, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.praetorian.com.
TLS certificate: Issued by R3 on November 15th 2023. Valid for: 3 months.

This is the only time www.praetorian.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	146.148.61.165 146.148.61.165	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2606:4700::68... 2606:4700::6810:bb59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a02:26f0:350... 2a02:26f0:3500:16::215:1484	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
14	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
3	52.222.139.110 52.222.139.110	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:89ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:5a9a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:f7a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e4a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.227.219.120 13.227.219.120	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.72.72.111 54.72.72.111	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	216.24.57.253 216.24.57.253	397273 (RENDER) (RENDER)
1	2600:9000:214... 2600:9000:214f:ae00:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6812:b05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
106	33

23 146.148.61.165 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.61.148.146.bc.googleusercontent.com

www.praetorian.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:bb59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:3500:16::215:1484 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.139.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-110.ams50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:5a9a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f7a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e4a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.227.219.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-120.ams54.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.72.72.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-72-111.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.24.57.253 (Sweden)

ASN397273 (RENDER, US)

grow.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:ae00:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:b05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	praetorian.com www.praetorian.com	433 KB
14	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	468 KB
11	typekit.net use.typekit.net — Cisco Umbrella Rank: 1107 p.typekit.net — Cisco Umbrella Rank: 1464	291 KB
7	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 10046 app.hubspot.com — Cisco Umbrella Rank: 11296 track.hubspot.com — Cisco Umbrella Rank: 5095	25 KB
6	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1202 script.hotjar.com — Cisco Umbrella Rank: 1735	109 KB
5	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 13290	307 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101 region1.google-analytics.com — Cisco Umbrella Rank: 1695	21 KB
4	linkedin.com 2 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 778 px4.ads.linkedin.com — Cisco Umbrella Rank: 7294	2 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 9216 forms-na1.hsforms.com — Cisco Umbrella Rank: 17099	5 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 23867	3 KB
3	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 5454	3 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 12402	2 KB
2	google.de www.google.de — Cisco Umbrella Rank: 4002	562 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68	2 KB
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2014 www.google.com — Cisco Umbrella Rank: 6	711 B
2	ml314.com ml314.com — Cisco Umbrella Rank: 3210	11 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1877	16 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 9884 forms.hscollectedforms.net — Cisco Umbrella Rank: 9952	26 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 7790	1 KB
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 39449
1	clearbitjs.com grow.clearbitjs.com — Cisco Umbrella Rank: 129622	460 B
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 8577	161 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7517	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5159	21 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 11386	24 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5122	20 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 15786	152 KB
106	27

	Domain	Requested by
23	www.praetorian.com	www.praetorian.com
14	www.googletagmanager.com	www.praetorian.com www.googletagmanager.com js.hsadspixel.net
10	use.typekit.net	www.praetorian.com use.typekit.net
5	static.hsappstatic.net	app.hubspot.com static.hsappstatic.net
3	track.hubspot.com
3	js.zi-scripts.com	www.praetorian.com js.zi-scripts.com
3	px.ads.linkedin.com	2 redirects snap.licdn.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.praetorian.com
3	script.hotjar.com	static.hotjar.com script.hotjar.com www.praetorian.com
3	forms.hsforms.com	js.hsforms.net www.praetorian.com
3	static.hotjar.com	www.praetorian.com www.googletagmanager.com
3	js.hs-scripts.com	www.praetorian.com
2	ws.zoominfo.com	js.zi-scripts.com
2	app.hubspot.com	js.usemessages.com static.hsappstatic.net
2	www.google.de	www.praetorian.com
2	region1.google-analytics.com	www.googletagmanager.com
2	ml314.com	www.praetorian.com ml314.com
2	api.hubspot.com	js.usemessages.com
2	snap.licdn.com	www.praetorian.com snap.licdn.com
1	www.google.com	www.praetorian.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.praetorian.com
1	api.hubapi.com	js.hsadspixel.net
1	tag.clearbitscripts.com	www.googletagmanager.com
1	grow.clearbitjs.com	www.praetorian.com
1	content.hotjar.io	script.hotjar.com
1	forms-na1.hsforms.com	www.praetorian.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	p.typekit.net	use.typekit.net
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hsforms.net	www.praetorian.com
106	37

This site contains links to these domains. Also see Links.

Domain
www.github.com
www.linkedin.com
twitter.com
www.facebook.com
github.com
attack.mitre.org
blogs.technet.microsoft.com
docs.microsoft.com
linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
www.praetorian.com R3	`2023-11-15` - `2024-02-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-10-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh
grow.clearbitjs.com E1	`2023-11-22` - `2024-02-20`	3 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M01	`2023-06-11` - `2024-07-09`	a year	crt.sh
event-horizon.gcp.bomm.in GTS CA 1D4	`2024-01-01` - `2024-03-31`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Frame ID: EB5FDD73E4689CCDBEBB449E662C7410
Requests: 96 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/c8eeae3181384b85a58d2e0723a446d9?uuid=bbe74e5795304f1a8e6d0d621d6f2c39&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=c8eeae3181384b85a58d2e0723a446d9&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 70037431756FCFEE0BF1F2F8F377725C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Active Directory Visualization for Blue Teams and Threat Hunters -

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

106
Requests

99 %
HTTPS

76 %
IPv6

27
Domains

37
Subdomains

33
IPs

6
Countries

1947 kB
Transfer

4990 kB
Size

27
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.github.com/praetorian-inc/
Title: Explore Development Projects

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://github.com/JohnLaTwC/Shared/blob/master/Defenders%20think%20in%20lists.%20Attackers%20think%20in%20graphs.%20As%20long%20as%20this%20is%20true%2C%20attackers%20win.md
Title: Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/BloodHound
Title: Bloodhound

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/andrew-cook-58b12a78/
Title: Andrew Cook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/joshua-abraham-152a00/
Title: Josh Abraham

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1134/
Title: token stealing

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/poshchap/2015/05/01/security-focus-analysing-account-is-sensitive-and-cannot-be-delegated-for-privileged-accounts/
Title: Account is sensitive and cannot be delegated

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material
Title: tiered administration

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/praetorian
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/praetorianlabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/praetorianlabs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://github.com/praetorian-inc
Title: Github

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/PraetorianLabs
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&cookiesTest=true&e_ipv6=AQI8uCsV8bp0qQAAAYz1RmN_7fgpfxar7lOCtYSB49e5fldHzTc3ChP0QBJihQzyO-kIVWXo

106 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/ 128 KB
27 KB 756ms
182ms Document
text/html 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

c080a43fe491d4727b39b4d2d2d50e34ca3dd432d673791d4b8b5cc0d119dbdf

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-type: text/html; charset=UTF-8
date: Wed, 10 Jan 2024 21:27:58 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.praetorian.com/wp-json/>; rel="https://api.w.org/" <https://www.praetorian.com/wp-json/wp/v2/posts/440>; rel="alternate"; type="application/json" <https://www.praetorian.com/?p=440>; rel=shortlink
pragma: no-cache
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 3
x-cache-group: normal
x-cacheable: SHORT
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
1 KB 289ms
223ms Script
application/javascript 2606:4700::6810:bb59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65247baf92ea959e21c30ff8e75b6870ee7e108d2c9a0104bff4ac1a845d3125

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 083be9f0-37a5-414e-acd4-b38f2052a9c0
x-envoy-upstream-service-time: 66
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 083be9f0-37a5-414e-acd4-b38f2052a9c0
last-modified: Wed, 10 Jan 2024 19:32:04 GMT
server: cloudflare
x-trace: 2BA6419670EF841C8A28FA3ADF2AEF3A6841789A21000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-pk569
cf-ray: 843801ce6b90bf7e-WAW
expires: Wed, 10 Jan 2024 21:29:28 GMT

GET
H2 200 magnific.css
www.praetorian.com/wp-content/themes/studio-simpatico/css/ 7 KB
2 KB 143ms
142ms Stylesheet
text/css 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/css/magnific.css?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 19:25:12 GMT
server: nginx
etag: W/"650c9898-1b27"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 yng4pbv.css
use.typekit.net/ 8 KB
1 KB 574ms
443ms Stylesheet
text/css 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/yng4pbv.css?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

0807b878f24471a2d944a0e72277d54540945bca44fa884aeb8cb70468806430

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Wed, 10 Jan 2024 21:27:58 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1083

GET
H2 200 style.css
www.praetorian.com/wp-content/themes/studio-simpatico/ 338 KB
60 KB 189ms
189ms Stylesheet
text/css 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

adaef5107a926385b86fe49b479ed955d7b8784cc6f2e743ec04d0f4a8355e16

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Fri, 10 Nov 2023 17:08:39 GMT
server: nginx
etag: W/"654e6397-5493e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/ 87 KB
32 KB 303ms
302ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/jquery.min.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:54 GMT
server: nginx
etag: W/"650c84d6-15d94"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 175 KB
64 KB 246ms
89ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-261532489-1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7103b15d265580032b852be67c2de533cf32beb69d66c3ae892563e5600e5be4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65210
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 10 Jan 2024 21:27:59 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 231 KB
82 KB 356ms
199ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

10ba9e82535f29c46d745f1e68891fede16b6c076376018e163f5df930400d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83382
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 10 Jan 2024 21:27:59 GMT

GET
H2 404 gtm.js
www.googletagmanager.com/ 0
0 241ms
84ms Script
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.googletagmanager.com/gtm.js?id=GTM-54H7Q6G
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H2 200 hotjar-2851712.js Show response
static.hotjar.com/c/ 10 KB
4 KB 223ms
66ms Script
application/javascript 52.222.139.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2851712.js?sv=6

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.110 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-110.ams50.r.cloudfront.net

Software

Resource Hash

066e40f11a1ec0ee04513db5baf482b1c35b8b1393bba95f14b131025b728f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 10 Jan 2024 21:27:59 GMT
via: 1.1 631cbe67f42dc4b925732ef1044517ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
etag: W/5529642f3fde7e7323935e3271c71a08
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Cp0xsZ9NYZwtlDBEU-7LExPiV-EY1v7m7WPv5fSVkjM03fzgXpKMXA==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/embed/ 475 KB
152 KB 109ms
43ms Script
application/javascript 2606:4700::6810:89ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:89ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6775b730ce8dd652dc5dae943de88763d14ea4bc93306b4e6054fe5fd55ac85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-encoding: br
age: 495
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4455/bundles/project-v2.js&cfRay=8437f5bab84e5048-WAW
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b85f6565308a8c1b03a0aa2376f43336"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4455/bundles/project-v2.js
date: Wed, 10 Jan 2024 21:27:58 GMT
x-amz-version-id: 7otTdkEUvttlel_asoQJk1tJeq4Yr2Gw
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: f5ce6f2f-b330-429c-9696-06d7133b897b
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f5ce6f2f-b330-429c-9696-06d7133b897b
last-modified: Wed, 10 Jan 2024 10:26:20 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Njs9c8WpB0u3P94WfmGM48hbudGByRPOGxCjs7If51DsIkRaGTqXHEPTa7YjxTvT%2FVerAuijrJW4DWuHQaiIEhGEUVEr0x7T17OqKXo2IEuTOTcQGR9an%2Fo5oVM%2BXCzmCl76jk996XI1g3%2BK"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-wksnw
cf-ray: 843801cf0a4135d5-WAW
x-amz-cf-id: wnSDSXVB1thlk4DeUkhEwir7W4QPnv7Vwb-2EAQrtkIHM-vsQ91uEg==

GET
H2 200 5cdde5f668317bed1cee694e_20190403-ad-visulization-thumb.jpg.webp
www.praetorian.com/wp-content/uploads/2021/01/ 12 KB
12 KB 265ms
264ms Image
image/webp 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2021/01/5cdde5f668317bed1cee694e_20190403-ad-visulization-thumb.jpg.webp

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

861cfdd02133f97c4474a3670d80c545076bbf187bab1c3517cd0e25ee200063

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
last-modified: Thu, 21 Sep 2023 18:00:34 GMT
server: nginx
etag: "650c84c2-2e00"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 11776

GET
H2 200 5cdae07b798bb297f5784f35_201904_active_directory_visualization01.png.webp
www.praetorian.com/wp-content/uploads/2021/02/ 14 KB
14 KB 265ms
265ms Image
image/webp 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2021/02/5cdae07b798bb297f5784f35_201904_active_directory_visualization01.png.webp

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

b6b436d621cc8ac3a8ec70a6df8ec12b136cde45b3abdf08d3ec05c18b8afd50

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
last-modified: Thu, 21 Sep 2023 18:00:29 GMT
server: nginx
etag: "650c84bd-3734"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 14132

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
785 B 176ms
176ms Script
application/javascript 2606:4700::6810:bb59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js?integration=WordPress&ver=10.2.17

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc6ea525a578a5fe85bfe3ae116c8a08c3520d198f07e025d871fb08eb3bac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 78f8d29b-5ec3-4ce3-a61b-0eb03693b538
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 78f8d29b-5ec3-4ce3-a61b-0eb03693b538
last-modified: Wed, 10 Jan 2024 19:32:04 GMT
server: cloudflare
x-trace: 2B0488251CD5ACD89811EAC9A1FEC1B606282873C0000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-jxlsd
cf-ray: 843801d07e1bbf7e-WAW
expires: Wed, 10 Jan 2024 21:29:28 GMT

GET
H2 200 gtm4wp-form-move-tracker.js Show response
www.praetorian.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/ 1 KB
771 B 131ms
131ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/gtm4wp-form-move-tracker.js?ver=1.19.1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

8b851243dfb01d421b9ad1b062622a23f230c32184a70c07b6e75908bf682961

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:58 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Tue, 02 Jan 2024 16:29:55 GMT
server: nginx
etag: W/"65943a03-472"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
843 B 216ms
216ms Script
application/javascript 2606:4700::6810:bb59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7868791cba5daa1f1cf7f5526d861095ebf6ab941c23edbb3908c7b9e648436

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4c281520-3fa1-4b6d-84c5-c5be4b1b855c
x-envoy-upstream-service-time: 56
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4c281520-3fa1-4b6d-84c5-c5be4b1b855c
last-modified: Wed, 10 Jan 2024 19:32:04 GMT
server: cloudflare
x-trace: 2B3E6584BC91CFC7CB1F9F9698351A79AC9D84AA7F000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-sxwnq
cf-ray: 843801d14f67bf7e-WAW
expires: Wed, 10 Jan 2024 21:29:29 GMT

GET
H2 200 jazzyscroll.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/ 16 KB
4 KB 132ms
132ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/jazzyscroll.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

71f19df3aba2328790c3e99bc8d953e9c4f6458d5b6912a6331470e9312dbf87

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 19:25:12 GMT
server: nginx
etag: W/"650c9898-403a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js.cookie.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/ 2 KB
1 KB 137ms
135ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/js.cookie.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

99ec625496b7f34e052ddcc9d5e3643c5bd183e946b055e850f65a0879a4836f

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:53 GMT
server: nginx
etag: W/"650c84d5-9cd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 magnific.min.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/library/ 20 KB
8 KB 141ms
139ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/library/magnific.min.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

fc7109dd6428c821842660a87bda6494e52c0f4ecad22105a1aed87e440ee0b1

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 19:13:12 GMT
server: nginx
etag: W/"650c95c8-4f29"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 blog-popup.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/ 441 B
738 B 142ms
140ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/blog-popup.js?ver=1695319253

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

f1a0d0694a41fb7dd9990aa51d8980b09d95fa89b0ddd913e30522bc88ccb442

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:53 GMT
server: nginx
etag: W/"650c84d5-1b9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 slick.min.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/ 42 KB
11 KB 148ms
146ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/slick.min.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:53 GMT
server: nginx
etag: W/"650c84d5-a76f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 script.js Show response
www.praetorian.com/wp-content/themes/studio-simpatico/js/ 18 KB
6 KB 176ms
174ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/js/script.js?ver=6.4.2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

f356132e6b9867717ed63d631f7fd44dbb95abd7f2dcbb9775fb93e69e40550f

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Tue, 21 Nov 2023 16:13:28 GMT
server: nginx
etag: W/"655cd728-4840"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 311ms
155ms Script
application/javascript 2606:4700::6811:5a9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5a9a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.praetorian.com/
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.451/bundles/project.js&cfRay=843801d36d3334d6-WAW
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"dc52d8d37d1323196ca91b50795df6c4"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.451/bundles/project.js
date: Wed, 10 Jan 2024 21:27:59 GMT
x-amz-version-id: JAkD5shSwdxe4gNEROP8R.wQbdFvcCSE
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 1b6af17e-8b34-42f9-b430-66da08212688
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1b6af17e-8b34-42f9-b430-66da08212688
last-modified: Wed, 03 Jan 2024 09:59:36 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-bw7pg
cf-ray: 843801d36d3334d6-WAW
x-amz-cf-id: JH4BLOthOCCfNG_hKRPx3vczAhdcvMBbd21oXvuMz_3PMX2IKsGSXQ==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/22265125/ 66 KB
20 KB 530ms
377ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/22265125/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d6e641bcf8ec0bdc6b1498256de99141f97b065f67c6dd94e0fb26766ad53f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
x-amz-version-id: 5HKSgG6tCeqiTtWiWkg6bciJYdDs6f95
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 2CMWN5Z3MSRP9P7X
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: b20d2fff-7310-4c50-a6b1-34ac02b3efa2
x-envoy-upstream-service-time: 41
x-amz-id-2: Y9vo7IYcLVBulqaZweL39e9XBbIKVU8R9OhBeYzedyLKkkl6aHyeXv/VBEd6Ssx/livFTkpy4Yw=
x-evy-trace-listener: listener_https
x-request-id: b20d2fff-7310-4c50-a6b1-34ac02b3efa2
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 18 Oct 2023 19:20:13 GMT
server: cloudflare
etag: W/"6a05f6633cc7860c82acd6ba9bc03e03"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6849bc8697-28qjm
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 843801d358b12685-TXL
expires: Wed, 10 Jan 2024 21:32:59 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 84 KB
24 KB 198ms
41ms Script
application/javascript 2606:4700::6811:f7a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f7a8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
x-amz-version-id: KYDl9V0le_8eNyhqu8y2yzPaUoKjKmsM
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 238
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.15030/bundles/project.js&cfRay=8437fc02b80734b0-WAW
x-cache: Hit from cloudfront
x-hubspot-correlation-id: c8a4f0e0-5040-46c9-a3c6-10bb67214e4d
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 9
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c8a4f0e0-5040-46c9-a3c6-10bb67214e4d
last-modified: Wed, 20 Dec 2023 17:16:05 UTC
server: cloudflare
etag: W/"64e2daa01b1349fee44794df69e776a8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-962bg
cf-ray: 843801d36d7ffc63-WAW
x-amz-cf-id: aBG5PDw91MgWilt63tR5CSXC8kRixbX8dT1ma1WtdfzHdnJ4ppoqdw==
x-hs-target-asset: conversations-embed/static-1.15030/bundles/project.js

GET
H2 200 22265125.js Show response
js.hs-analytics.net/analytics/1704921900000/ 66 KB
21 KB 340ms
184ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1704921900000/22265125.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69a0d01bc23be63dc8c11d606633052b5c1a444ecb626a9a6b49669d7570ebe7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: DWCWTQEXJ96Q04D8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: eee202a1-64ed-4913-94a1-ed5579e472a3
x-envoy-upstream-service-time: 23
x-amz-id-2: fpJYQR3kdFhFb3tfeXmmAxmjXOwWnRrQ885qBgtd1V/FB6MOq6I0hEAqYE27AS5jUbf4VJq2YE8=
x-evy-trace-listener: listener_https
x-request-id: eee202a1-64ed-4913-94a1-ed5579e472a3
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Jan 2024 17:04:32 GMT
server: cloudflare
etag: W/"f65867d2b3ded9d6f0cdaf965a9c99ea"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-kff6g
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 843801d36e4e3563-WAW
expires: Wed, 10 Jan 2024 21:32:59 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 205ms
49ms Script
application/javascript 2606:4700::6811:e4a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e4a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9092cb4fb3eafe925fa67a4dc6b62b7c769cbcb9a1420ecaf4b5d80edeae726

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
x-amz-version-id: 5iFzgPv7W58VCAVxkHMx4QTA.7HcSoUh
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 8
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.510/bundles/pixels-release.js&cfRay=843801a04f5934f4-WAW
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 0928949e-8809-40a1-8f1b-025acc86f60f
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0928949e-8809-40a1-8f1b-025acc86f60f
last-modified: Mon, 08 Jan 2024 15:41:50 UTC
server: cloudflare
etag: W/"ef358d7718df65ca620b75c779a3c331"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-qcldl
cf-ray: 843801d36b103545-WAW
x-amz-cf-id: nrUjXpdljYcYMFtNTY-YvIMIw1dL_QmibSyrpB3_m8U1LPpHmcU06g==
x-hs-target-asset: adsscriptloaderstatic/static-1.510/bundles/pixels-release.js

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 117ms
35ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=yng4pbv&ht=tk&f=26911.26913.34691.34692.34693.34697.34701.36466.36470.36471.36473&a=23300812&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
last-modified: Fri, 23 Jun 2023 17:09:47 GMT
server: nginx
etag: "6495d1db-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 hotjar-2358062.js Show response
static.hotjar.com/c/ 0
429 B 223ms
67ms Script
application/javascript 52.222.139.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2358062.js?sv=5

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.110 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-110.ams50.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
date: Wed, 10 Jan 2024 21:27:59 GMT
x-content-type-options: nosniff
via: 1.1 631cbe67f42dc4b925732ef1044517ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
etag: W/d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
content-length: 0
x-amz-cf-id: GFo7oeChLitYs3ba5uBQtUsVsRGmlye_gOh3TILMoeu6kRM5ChFaxw==

GET
H2 200 nav-active.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 1 KB
1023 B 152ms
151ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/nav-active.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

6a980933b39409d97cd947dd6dc1837de2e49e87c7d9903122adb293cc8404cf

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-41e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 l
use.typekit.net/af/e40556/00000000000000007735adbc/30/ 44 KB
45 KB 246ms
133ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e40556/00000000000000007735adbc/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a60e4a6f8b89cbd1debcd7f90a0e60099a7caa9490a3c5305b18cb094c53dd4b

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "f3cafd088bc07c2d3ded8cc91e0729be713189cf"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45396

GET
H2 200 l
use.typekit.net/af/5a2c6f/00000000000000003b9ad13c/27/ 21 KB
21 KB 282ms
169ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5a2c6f/00000000000000003b9ad13c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 878130b86e81304bd9d8afd8a8c5bc6c2d03194a3917e5bab3ddfa9eb3a07cb3

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "22cae4f69d39ee6531cf5c3445fc374f7c7869cc"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 21636

GET
H2 200 l
use.typekit.net/af/3f03c1/00000000000000003b9ad13e/27/ 21 KB
21 KB 294ms
182ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3f03c1/00000000000000003b9ad13e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b475b2648fbcf6b9f1535198a5f52c11dc0bb9ed88bbf93d39eb1be9a391edc4

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "1a48bcc440a68538029c6482155125eab9fb73c6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 21352

GET
H2 200 l
use.typekit.net/af/7c9acc/00000000000000007735adc8/30/ 44 KB
44 KB 260ms
147ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/7c9acc/00000000000000007735adc8/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b084305ba75c61a6309a9dec021937b5d7674640f9017527dda68bf72312e882

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "16adcf7e4da5d53f928f7fcda315b413887cac41"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45284

GET
H2 200 l
use.typekit.net/af/09940c/00000000000000007735a996/30/ 26 KB
26 KB 290ms
178ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/09940c/00000000000000007735a996/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 417debb36c2433e8aac621b9b88cef9aee936879ee30051b8724b606bcc84fd9

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "accde79d00f44e34fcec986689bcda82817c4a98"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26132

GET
H2 200 l
use.typekit.net/af/3f8415/00000000000000007735a9bb/30/ 25 KB
26 KB 214ms
102ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3f8415/00000000000000007735a9bb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 97c93526e3f8fe46ecf144bbe83442d7e0d6458021d47039b7db77b32918f530

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "8cb803a20ad97d966652b2c079d44eb6f5146fdd"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25940

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/22265125/5e57e01a-cf69-4eaa-85b5-696d7fc41105/ 7 KB
3 KB 288ms
174ms XHR
application/json 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/22265125/5e57e01a-cf69-4eaa-85b5-696d7fc41105/json?hs_static_app=forms-embed&hs_static_app_version=1.4455&X-HubSpot-Static-App-Info=forms-embed-1.4455

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

762c0ee16bd8eeb11cc293eed5775e14b920698d503c204b1c5597c718575da6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Wed, 10 Jan 2024 21:27:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: b907fe08-3f97-413b-9d70-938879396bc3
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 17
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b907fe08-3f97-413b-9d70-938879396bc3
Server: cloudflare
X-Trace: 2BC0F76C3B007F899178278EAE12145D87F31A979A000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 843801d36899352e-WAW
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-67nh8

GET
H2 200 5f31affc4017af4b218684c9_Cook-Headshot-P3-scaled.jpg
www.praetorian.com/wp-content/uploads/2021/01/ 230 KB
231 KB 133ms
132ms Image
image/jpeg 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2021/01/5f31affc4017af4b218684c9_Cook-Headshot-P3-scaled.jpg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

f979d02c178a46672a94b3ef9e22a27c2723c5a8df79080d17a28572ccd95cfe

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
last-modified: Thu, 21 Sep 2023 18:00:35 GMT
server: nginx
etag: "650c84c3-398c4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 235716

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
785 B 276ms
151ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a544124f98add2e2d508d975d9f14d21c2721681010ff33006518d8a2a2123c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 10 Jan 2024 10:26:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=46714
accept-ranges: bytes
content-length: 575

GET
H2 200 quotes.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 2 KB
1 KB 227ms
226ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/quotes.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

9a38d85808a7028e13ccacbcc5cc311429aeec1bce3b04f25604be978ce7ffe0

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-826"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 btn-arrow.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 2 KB
1 KB 226ms
226ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-arrow.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

1b52c6a2e51fe8d9a185649b9b7cffb2c1862ec60cf612070432c1ac4109c06e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-7f2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watermark-logo-thin.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 10 KB
5 KB 277ms
276ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/watermark-logo-thin.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

1f23f74bd4bda9fc5092ba34675f43d4acf2e635010a21effeaca79d7ea5d458

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 19:28:51 GMT
server: nginx
etag: W/"650c9973-2691"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 hexagon-plain.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 902 B
957 B 276ms
276ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/hexagon-plain.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

f7085b8cb031174e44bfff6d7a12f931bf5948b9cb9d6997814dc7812464fce7

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-386"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watermark-footer.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 6 KB
3 KB 275ms
275ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/watermark-footer.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

202f0d4e1127ce8b1a3029ac6724c6c081d5b7936b0c81ea3f42862618fc22c6

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-16ff"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 l
use.typekit.net/af/5b7b91/00000000000000007735a9b4/30/ 27 KB
28 KB 312ms
222ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5b7b91/00000000000000007735a9b4/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e4565f88528cba5ba656f0d606a288aa196ec32e5f6124e9c037cf6419ded528

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "40c168528a64df7584ca7bc94c92dce5312224ee"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 28040

GET
H2 200 l
use.typekit.net/af/83c732/00000000000000007735adb0/30/ 38 KB
39 KB 276ms
186ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/83c732/00000000000000007735adb0/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i2&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9612e8740a4bc6cc15b7c4ed79ab3085a17461a38b0288bf4d24d5c06126f9ce

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "92403c600bd3d234e57963b131aa34e69af3322a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 39360

GET
H2 200 l
use.typekit.net/af/8c6bd4/00000000000000007735add4/30/ 41 KB
41 KB 287ms
198ms Font
application/font-woff2 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8c6bd4/00000000000000007735add4/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 002e2233a375926192bdceada5c2ee2deee23ad3b7a8610622807a383fa3a2b9

Request headers

Referer: https://use.typekit.net/yng4pbv.css?ver=6.4.2
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: nginx
etag: "19a8e44e9a79f0d1a802216078014a3a985d3ce8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 41840

GET
H2 200 5cdae07b136d1885c9d12b18_201904_active_directory_visualization02.png.webp
www.praetorian.com/wp-content/uploads/2021/02/ 10 KB
10 KB 260ms
259ms Image
image/webp 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2021/02/5cdae07b136d1885c9d12b18_201904_active_directory_visualization02.png.webp

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

a878f7a093e216cded9f69ea22a4d0c6c4bc658248677e04d4fdffef25481c12

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
last-modified: Thu, 21 Sep 2023 18:00:29 GMT
server: nginx
etag: "650c84bd-2776"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 10102

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 291ms
226ms Preflight
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=22265125&conversations-embed=static-1.15030&mobile=false&messagesUtk=c8eeae3181384b85a58d2e0723a446d9&traceId=c8eeae3181384b85a58d2e0723a446d9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.praetorian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.praetorian.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 843801d41a2b34c4-WAW
content-length: 18
content-type: text/plain; charset=utf-8
date: Wed, 10 Jan 2024 21:27:59 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aujHrndJ33F0jJpn4y1JxsOCSO2u8UKrRAaxU6gOdPqhAiryQxVC2EibmsFBfa2SpjwW%2BgIZfLbPC%2By3xmMaNBfOmAFQO%2Feq3TE9bfLOukDpkYwnmyqrbvxrsIMSIxBkbd1VeU%2BB1Ed9zggXnA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 53
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-djc9c
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: a829d4b7-e1b6-40a7-90d3-489161892586
x-request-id: a829d4b7-e1b6-40a7-90d3-489161892586
x-trace: 2BFD7CFD758073974F77D8F454811C3E20DBD88227000000000000000000

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 275ms
275ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f9201c571c2817e4a09428538778556d10e5757840e87ac3c067577debb02b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8dfc194b-8d80-420e-9013-84f4bf29ea8e
x-envoy-upstream-service-time: 99
content-length: 1455
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8dfc194b-8d80-420e-9013-84f4bf29ea8e
server: cloudflare
x-trace: 2BFEC9DFF069A5633A919130979543968A9EB86C25000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-gfbdv
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t39O5hkk2m4F0LBs4fHknAXYwmFl6RAA73QYx4kzGFiaUXTkVkQclcMmwuOGssK%2F46gLbiKO1%2BL66kkMkaZCaIYD48dz1FxW7IK4GcUBQyEPDRu%2F8vfhUDQoHOzh6%2F2lgq7EoVtoRIKlGFSQnw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 843801d58c9934c4-WAW
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 modules.abdef350bc65bc59cb61.js Show response
script.hotjar.com/ 220 KB
55 KB 117ms
37ms Script
application/javascript 13.227.219.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.abdef350bc65bc59cb61.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2851712.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-120.ams54.r.cloudfront.net

Software

Resource Hash

5fc7c56821ed5ac0a40aecde186c558d6b846831cbd483f434ed862fd1b955c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:38:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 25fe70cc18ad9b2503949e3460083640.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 211793
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55659
last-modified: Mon, 08 Jan 2024 10:37:27 GMT
etag: "80c44d9c04a527e3fdaa01818eb305c1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: L5GwBvzb4SPSmYaXyqa_4FaXh7G3fhc96-JacadfySik4yux5iV7IQ==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
626 B 202ms
167ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3e129465-ad22-4b68-a3b4-d8a59a321a2e
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3e129465-ad22-4b68-a3b4-d8a59a321a2e
server: cloudflare
x-trace: 2BAFB137DDD87E15083DC0066B87EEC8E235350665000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-ckgmp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 843801d4d87a3486-WAW

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 116 B
412 B 170ms
156ms XHR
application/json 2606:4700::6811:5a9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=22265125&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5a9a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e0d70fc8d72adca6ac200b5c41dd5c4de7c928eb236734944ab1674aef2b7ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3390e1bb-a8a6-4f2b-a93f-7961ac463f1e
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3390e1bb-a8a6-4f2b-a93f-7961ac463f1e
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-qcldl
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 843801d4bf1b34d6-WAW

GET
H2 200 btn-fill-edge.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 475 B
773 B 136ms
130ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-fill-edge.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

1fb7c0840941cfb0c984be505c08b3adcf60131a957cce45f91726017c771fa5

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-1db"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 btn-fill-edge-rotated.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 480 B
781 B 178ms
174ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-fill-edge-rotated.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

3207a467556090b6d0107d8a636d62b8b65786050b543a71b11b95c2a46ccc59

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
content-encoding: br
last-modified: Thu, 21 Sep 2023 18:00:37 GMT
server: nginx
etag: W/"650c84c5-1e0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1017 B 244ms
179ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Wed, 10 Jan 2024 21:27:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 968f44a0-475e-4b61-a2dd-9a4d68e0a189
x-envoy-upstream-service-time: 12
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 968f44a0-475e-4b61-a2dd-9a4d68e0a189
Server: cloudflare
X-Trace: 2BBC107C5E45F019BF4971065A9B8D735883866DCA000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-6h5f4
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 843801d51e0534be-WAW

GET
H2 200 preact-incoming-feedback.8917ef65a56484395694.js Show response
script.hotjar.com/ 190 KB
42 KB 35ms
34ms Script
application/javascript 13.227.219.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/preact-incoming-feedback.8917ef65a56484395694.js

Requested by

Host: script.hotjar.com
URL: https://script.hotjar.com/modules.abdef350bc65bc59cb61.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-120.ams54.r.cloudfront.net

Software

Resource Hash

befb88556f8dc2582961f15d3191eaa748a9a5ec7db1dfcceb878e034f95ffcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 21 Dec 2023 13:39:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 25fe70cc18ad9b2503949e3460083640.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1756133
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 42838
last-modified: Thu, 21 Dec 2023 13:38:49 GMT
etag: "a407ad9b2ecd35a9a659c2b505ca872a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: vUxPP-7BBTGziGHa35XnbKaf9jRBaAqU220fQxKy1ImjNXJTCt10vQ==

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 246ms
136ms XHR
application/json 54.72.72.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.abdef350bc65bc59cb61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.72.72.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-72-111.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 43e05a615dd4ea775c2fc2f3bbee38dff7de25c1e60f47312aec3ab0b4780086

Request headers

Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 10 Jan 2024 21:27:59 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 246ms
73ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-261532489-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jan 2024 19:48:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5982
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 10 Jan 2024 21:48:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 276 KB
91 KB 89ms
89ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-261532489-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abf6687b54ad46ec51bbd18e0b302636bddc16ee354fde012a3e308e45e58e62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 10 Jan 2024 21:27:59 GMT

GET
H2 200 a
www.googletagmanager.com/ 0
59 B 80ms
79ms Image
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=www.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&tdp=UA-261532489-1;;0;0;0&z=0

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 204 td
www.googletagmanager.com/ 0
128 B 104ms
103ms Image
image/gif 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=www.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&tdp=UA-261532489-1;;0;0;0&z=0
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
server: Golfe2
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a
www.googletagmanager.com/ 0
49 B 80ms
80ms Image
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtm.init&eid=0&h=Ag&z=0

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 a
www.googletagmanager.com/ 0
49 B 81ms
80ms Image
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtm.js&eid=1&h=Ag&tr=1rep&ti=1rep&z=0

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 a
www.googletagmanager.com/ 0
49 B 81ms
80ms Image
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtag.config&eid=6&h=Ag&epr=1UA&z=0

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 a
www.googletagmanager.com/ 0
49 B 81ms
81ms Image
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtag.config&eid=7&h=Ag&z=0

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 246 KB
85 KB 92ms
92ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dff6274416808ec94c08c402c7955032a38fed46cec62ccd1cc6f21cf7fdc0b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86486
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 10 Jan 2024 21:27:59 GMT

GET
H2 200 hotjar-2851712.js Show response
static.hotjar.com/c/ 10 KB
4 KB 32ms
32ms Script
application/javascript 52.222.139.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2851712.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.110 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-110.ams50.r.cloudfront.net

Software

Resource Hash

066e40f11a1ec0ee04513db5baf482b1c35b8b1393bba95f14b131025b728f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 10 Jan 2024 21:27:59 GMT
via: 1.1 631cbe67f42dc4b925732ef1044517ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
etag: W/5529642f3fde7e7323935e3271c71a08
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: fUIun8fyiAHLzvfr7jSqqAnJWq9X_IJO6BqbaAswDT72aNBnQiqJPw==

GET
H2 200 pixel.js Show response
grow.clearbitjs.com/api/ 100 B
460 B 303ms
226ms Script
text/javascript 216.24.57.253
RENDER

General

Check archive.org

Show headers Download Go to

Full URL

https://grow.clearbitjs.com/api/pixel.js?v=1704922079564

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.253 , Sweden, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c4bdad53042e2bd6e5a231bfcd66d19dc33f507edc2b847ff3c58aca74ff138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
rndr-id: 448e73fd-c7c1-42a5
x-render-origin-server: Render
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 843801d5ca9a6a73-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 403 tags.js
tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/ 0
0 306ms
228ms Script
application/javascript 2600:9000:214f:ae00:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:ae00:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: Pkk6RMOm4dIL56CLJnP2xCJYEAY3OWpAUBd7y8T5yBobCcrlwqmgtQ==

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
10 KB 105ms
33ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?100
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b2fe03efc1e879c2c5bd27bf86f71ad3790b0d6765498480f4c8071fa7f59051

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 20:36:24 GMT
via: 1.1 google
content-encoding: br
age: 3095
x-guploader-uploadid: ABPtcPoxoxJsfasHrIveoVuc6gYtvE628_Hun2dhm78JX4NcxIZB9BP36mQdbdYfKotBw8c8SBU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10218
last-modified: Mon, 18 Dec 2023 20:13:43 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-hash: crc32c=P2fgBQ==, md5=IwpC9BBrIFbFRmT73giztw==
x-goog-generation: 1702930423872068
content-language: en
content-type: application/javascript
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 32241
accept-ranges: bytes
cache-id: AMS-cba56054

GET
H2 200 font-hotjar_5.65042d.woff2
script.hotjar.com/ 2 KB
3 KB 91ms
30ms Font
font/woff2 13.227.219.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/font-hotjar_5.65042d.woff2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-120.ams54.r.cloudfront.net

Software

Resource Hash

fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.praetorian.com/
Origin: https://www.praetorian.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 23:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 de31699a6e25448909328bb7c6028f6a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 11309919
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 01 Sep 2023 09:38:54 GMT
etag: "c9fb9163f8b7be37023ebe649688bebf"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
x-robots-tag: none
x-amz-cf-id: 2qgkdfn-TUZGtdzW-sMwwZcJXAGcr0AXmHYNJYuNCjDunVze3exrnQ==

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 72ms
71ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f0822081c33dc4a9cabd9255d574f89280925c4e1f833eefb49a966243014572

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 10 Jan 2024 10:26:44 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=46731
accept-ranges: bytes
content-length: 15605

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
591 B 161ms
161ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2fc29d26-25c6-4d79-929c-8b6339db202f
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2fc29d26-25c6-4d79-929c-8b6339db202f
server: cloudflare
x-trace: 2B990D5BACA16BCCE7ADDFD82813DE8989F2FBCC28000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-gwtjq
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 843801d5b9b73486-WAW

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
1 KB 248ms
174ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=22265125

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb017b11346c44f8c491900723c7095f74223487be55b56751064e8cc0034654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b36a8314-7961-4e27-8d93-9ad47af6a30e
content-encoding: br
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b36a8314-7961-4e27-8d93-9ad47af6a30e
server: cloudflare
x-trace: 2B16D05EE84F5D8440648C401E0378A3C2AA104450000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-4f4rj
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muCZ7I5EubQtv%2BRDQfz%2FWcUYHyt2tst1%2F7TDTI8%2BTtaIDKg27Nv2syk2nT2WDxuu4%2BWsmG14khk57QjBDBSqmBvVIId%2BSHnSHKmVnTXqMICwxc86w60rkCrx%2Ft%2BuybC7DniM50SjB37pxevD"}],"group":"cf-nel","max_age":604800}
cf-ray: 843801d63e14bfab-WAW
access-control-allow-headers: *

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 164ms
58ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FCP1DZPL64&gtm=45je4180v9105375649&_p=1704922078402&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1694683211.1704922080&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704922079&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&dt=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2047
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&cooki...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&cook...

0
264 B

246ms
181ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&cookiesTest=true&e_ipv6=AQI8uCsV8bp0qQAAAYz1RmN_7fgpfxar7lOCtYSB49e5fldHzTc3ChP0QBJihQzyO-kIVWXo
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 078A14493C4A4ABAB0DD3EDD8935F1B2 Ref B: FRAEDGE1211 Ref C: 2024-01-10T21:28:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOnhr4QwJaQ9In2J6TDA==

Redirect headers

date: Wed, 10 Jan 2024 21:27:59 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B990F6642F1E48709DF0C48D8A2A4FEA Ref B: FRAEDGE1707 Ref C: 2024-01-10T21:28:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1704922079679&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&cookiesTest=true&e_ipv6=AQI8uCsV8bp0qQAAAYz1RmN_7fgpfxar7lOCtYSB49e5fldHzTc3ChP0QBJihQzyO-kIVWXo
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOnhr0kWfS0nsUyR7YnA==

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
254 B 45ms
45ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=89211&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&pv=1704922079680_2gcf3ssh6&bl=en-us&cb=6412124&return=&ht=&d=&dc=&si=1704922079680_2gcf3ssh6&cid=&s=1600x1200&rp=&v=2.5.5.72
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?100
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 168ms
58ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-WG4YYDQ1NH&gtm=45je4180v888757690z8859579073&_p=1704922078402&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1694683211.1704922080&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704922079&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&dt=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&en=page_view&_fv=1&_ss=1&up.ClearbitTrafficType=Non-Company&up.ClearbitCompanyName=Non-Company&up.ClearbitCompanyDomain=Non-Company&up.ClearbitIndustry=Non-Company&up.ClearbitHQCountry=Non-Company&up.ClearbitHQState=Non-Company&up.ClearbitHQCity=Non-Company&up.ClearbitEmployeeRange=Non-Company&up.ClearbitEstimatedRevenueRange=Non-Company&tfd=2080
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 223ms
75ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WG4YYDQ1NH&cid=1694683211.1704922080&gtm=45je4180v888757690z8859579073&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 234ms
84ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WG4YYDQ1NH&cid=1694683211.1704922080&gtm=45je4180v888757690z8859579073&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1826712306

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
146 B 80ms
80ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1493140353&t=pageview&_s=1&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&ul=en-us&de=UTF-8&dt=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAACAAI~&jid=1411176980&gjid=1293650307&cid=1694683211.1704922080&tid=UA-261532489-1&_gid=143414273.1704922080&_r=1&gtm=457e4180&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=943000121

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:27:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 73ms
73ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1493140353&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&ul=en-us&de=UTF-8&dt=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Hotjar&ea=detect_user&el=ac2b2b6a&_u=YCDACUABBAAAACAAI~&jid=&gjid=&cid=1694683211.1704922080&tid=UA-261532489-1&_gid=143414273.1704922080&gtm=457e4180&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=1359582149

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 15:52:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20144
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c8eeae3181384b85a58d2e0723a446d9 Show response
app.hubspot.com/conversations-visitor/22265125/threads/utk/ Frame 7003 53 KB
20 KB 263ms
199ms Document
text/html 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/22265125/threads/utk/c8eeae3181384b85a58d2e0723a446d9?uuid=bbe74e5795304f1a8e6d0d621d6f2c39&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=c8eeae3181384b85a58d2e0723a446d9&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e84303d826aeaf19df684387b7aafffca15ce11a914bb55c13fb08d904850a51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://www.praetorian.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 2568
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 843801d7ab27fc6f-WAW
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.17482/html/index.html&cfRay=843801d7ab27fc6f&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F22265125%2Fthreads%2Futk%2Fc8eeae3181384b85a58d2e0723a446d9%3Fuuid%3Dbbe74e5795304f1a8e6d0d621d6f2c39%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dpraetorian.com%26inApp53%3Dfalse%26messagesUtk%3Dc8eeae3181384b85a58d2e0723a446d9%26url%3Dhttps%253A%252F%252Fwww.praetorian.com%252Fblog%252Factive-directory-visualization-for-blue-teams-and-threat-hunters%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fwww.praetorian.com%2F&cfenv=prod&pdt=2024-01-10&csp=ro
content-type: text/html; charset=utf-8
date: Wed, 10 Jan 2024 21:28:00 GMT
etag: W/"42d71e3fc861480ce15360e948ef69a9"
last-modified: Wed, 20 Dec 2023 17:16:05 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=843801d7ab27fc6f&resource=conversations-visitor-ui/static-1.17482/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-amz-cf-id: N0DEHXs8Sn2eUnZgVhzgfT3TGxO-ZeTIyYA8b3iFv1YCZAlqopTNaw==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: nQaexJYQXOeUe4sT1jrbLst5Q2XR68Ui
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 8
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-j6gsk
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.17482/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: 99ddd847-60b9-49e4-bc25-08df9be26892
x-request-id: 99ddd847-60b9-49e4-bc25-08df9be26892

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 204 KB
73 KB 89ms
88ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-973478582

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

737b956c0a5553c12bfb3549ec2e767c92ba66eb9ad0ba43f5cb200c1da8ac81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74897
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 10 Jan 2024 21:27:59 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 204 KB
73 KB 91ms
91ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-973478582&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-261532489-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82862d9308e35c359b9ec6d17752e38d281d22538142dd32b25eecb3926e2c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74882
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 10 Jan 2024 21:27:59 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
702 B 127ms
127ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 10 Jan 2024 21:27:59 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3C6C50E122764760834A5BB8C2C9B3FA Ref B: FRAEDGE1707 Ref C: 2024-01-10T21:27:59Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.praetorian.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYOnhrxzcQ+qSsYAIEcyg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973478582/ 3 KB
2 KB 264ms
112ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973478582/?random=1704922080132&cv=11&fst=1704922080132&bg=ffffff&guid=ON&async=1&gtm=45be4180v879006520&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&hn=www.googleadservices.com&frm=0&tiba=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&did=dZTNiMT%2CdZTQ1Zm&gdid=dZTNiMT.dZTQ1Zm&auid=563299455.1704922080&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-973478582

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

641706618a9f7d7bf90403730d759d73c10094bab61504d662cba72547d4ce04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:28:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.368/ Frame 7003 44 KB
17 KB 115ms
43ms Script
application/javascript 2606:4700::6812:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/c8eeae3181384b85a58d2e0723a446d9?uuid=bbe74e5795304f1a8e6d0d621d6f2c39&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=c8eeae3181384b85a58d2e0723a446d9&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-amz-version-id: wWLMJ6qW0lXJfco2m026CzodYMop32jV
via: 1.1 7135e74802b850169bf88eb66663d5a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: WAW51-P3
age: 1302138
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=843801d96d73bf1f-WAW
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Jul 2023 18:31:41 GMT
server: cloudflare
etag: W/"63ec2a77119dfb2ddcae56ab3a029230"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hfqZs2JZpM9xGT5CNMI6ec4mZtja%2FFebFkkuX%2BSdJbzEtzNH1Ludgw%2BSprrpa%2BXoKhMDz6ptWhO6vXNL%2FXfDgq3Jj3OPuGNR7TJTUe2PxhdbknngnCZutPiuCDLYE0yUBHJvm70dbln3jkau3ZDFIn%2FmKsQ%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 843801d96d73bf1f-WAW
x-amz-cf-id: Y0cvUE5amjmBTbUGTfb9QX8kddpdJyBx9I9iWxk--V22cFHPQ_npGQ==
expires: Thu, 09 Jan 2025 21:28:00 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/ Frame 7003 19 KB
4 KB 113ms
40ms Stylesheet
text/css 2606:4700::6812:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-amz-version-id: 8JK3Qs8SBE2zTXCiSEFRAiP414rxQpaa
via: 1.1 193687a1494164e896692c48d6b989c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: WAW51-P3
age: 574028
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=843801d96b5170b8-WAW
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 02 Nov 2023 14:28:10 GMT
server: cloudflare
etag: W/"686ebda4c47b0bdb5d9460221c8036d1"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7mdbchKA5dJi3IT9zPSOvUHIFp6bDEPPJV4uGGFLnneXI3Z3%2F3ns7cJlZMpYCHP%2FVBZU73woFNutyOkXESdXt86UfTRusrPusvc7gB1aygvV%2BCq7PSrPWv%2B9XvdtRLFykcESrityn68jYqs13KXxu%2FX0Mc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 843801d96b5170b8-WAW
x-amz-cf-id: RgC189SizQaH8kDRUVqIqy5oVjy4ZNwT85luHtn0uSewyBHGwGF6wQ==
expires: Thu, 09 Jan 2025 21:28:00 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.504/ Frame 7003 295 KB
94 KB 120ms
47ms Script
application/javascript 2606:4700::6812:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.504/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b61f5538c3fee3652999b99f2585d0183cc471f66baf66e4ad27a5988b71fd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-amz-version-id: pLRM47oWyQvFPXnQqB0Xnrdsef_7CtJj
via: 1.1 e94bd6405e7651c50e73077af1691486.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: TXL50-P4
age: 681730
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=843801d96d71bf1f-WAW
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 05 Dec 2023 22:46:47 GMT
server: cloudflare
etag: W/"a8668c0a3c3eb63a5f8c9c602c061d7c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gt1Am6qPcujEsjmwiOw9meKIw7f2fOWeS9jl9CyKiBwhfGTM9q7m2w2%2FeFP4TAvK6TCXnwIc6h4LDb48s%2BVYKSim%2F5fWX1yaoDKidUMXF7Cos0Vn63sTh8g6bv9B%2B5FFBBJjBv7CbivuX0DLVF%2B39Zymokc%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 843801d96d71bf1f-WAW
x-amz-cf-id: IXZSFuy_YCdXt6Z1QwGVj0sWLT8TBWYqKgY5LJia5AfWg0GWMHnozQ==
expires: Thu, 09 Jan 2025 21:28:00 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/ Frame 7003 643 KB
190 KB 116ms
43ms Script
application/javascript 2606:4700::6812:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe23081bb10b4f88ebb5371f5ddeff574f12fe65f181b261a06fbd0f1f6fec6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-amz-version-id: E8dY39a7B9kplJwC1wmTljlvnk_7cexN
via: 1.1 49039a44484a184312d8f608c205b640.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: ZRH55-P1
age: 1829507
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=843801d96d6fbf1f-WAW
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Dec 2023 16:57:14 GMT
server: cloudflare
etag: W/"7d3caf7a6d963525695abb1e99e347e0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsPyjhN3uC4AdeZ0CnGEE%2Bm%2B%2FswHthsjSDmqGH9hLCHPE%2FxFCH8EmjuCjZIzmXH%2Bs2WUfWR0%2B36tXBKidHdKQlGPuBG6zXAH7xhyRAs2eqMx%2Bv%2FHD9AoCRVJOltGDzbWM8hYPH5l0zJRVIcvF%2Ffdk7S%2Fy7w%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 843801d96d6fbf1f-WAW
x-amz-cf-id: nAAk28uHfmo8pXLI56n-RMvbsE1qBbn2x89EC3lRVp96z93y3SpxBQ==
expires: Thu, 09 Jan 2025 21:28:00 GMT

GET
H2 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.17463/ Frame 7003 841 B
1 KB 45ms
45ms Script
application/javascript 2606:4700::6812:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.17463/i18n-data-data-locales-en-us.js

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b750bbe95d0c93af7e1f68971809f76b6ad8da24ede33819de25f73499d22c5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-amz-version-id: 2PedFzTpXHkp2bsRaGaTobXs2AtcZbb.
via: 1.1 851e38aedb5b3b86127fd1094bcebf70.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: WAW51-P3
age: 1994347
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
server-timing: cfr;desc=843801dacea5bf1f-WAW
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 18 Dec 2023 18:01:14 GMT
server: cloudflare
etag: W/"7784b0f7a03801645cf88a9f389d710c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5UYerjujp0Q8Qyhw47YsrEhBiRhrFBHrmx3sIBrGM9SSw7%2Bez%2Frolr3jg%2BYh%2FicUKzwvATuI6HoOuJaco%2BUqgTwStzbp%2FEM3kEtOskTMTLo4qB29K%2BqrBc%2BcH51PqF7yDENUABPOcwR2xoNsTtWnGkf4W9k%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 843801dacea5bf1f-WAW
x-amz-cf-id: wzUxt4VQQkTzIWLlVf2FKnZlehJDbTAKcXZqZtYFa8uVSDqPU6zPjg==
expires: Thu, 09 Jan 2025 21:28:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973478582/ 42 B
455 B 256ms
103ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973478582/?random=1704922080132&cv=11&fst=1704920400000&bg=ffffff&guid=ON&async=1&gtm=45be4180v879006520&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&frm=0&tiba=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_ol33oGiP1WncgVLx0vJbqr7fabGErA&random=1939911031&rmt_tld=0&ipr=y

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:28:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973478582/ 42 B
154 B 83ms
83ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973478582/?random=1704922080132&cv=11&fst=1704920400000&bg=ffffff&guid=ON&async=1&gtm=45be4180v879006520&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&frm=0&tiba=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_ol33oGiP1WncgVLx0vJbqr7fabGErA&random=1939911031&rmt_tld=1&ipr=y

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:28:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 rhumb
app.hubspot.com/api/cartographer/v1/ Frame 7003 0
1 KB 166ms
166ms Ping
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.17482

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/c8eeae3181384b85a58d2e0723a446d9?uuid=bbe74e5795304f1a8e6d0d621d6f2c39&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=c8eeae3181384b85a58d2e0723a446d9&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b1077464-0a3c-41d4-8fe4-db35bc14280c
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b1077464-0a3c-41d4-8fe4-db35bc14280c
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a02ZXkxxD7TcVk4vqIId%2FH7%2Fgarr8i73opT5q1Igc56WMuNrbh1i5%2FFrNhnAFXwNs2CIDqUrkWV3O%2BtthvQahk2oKA7q%2Bavbs5Uf1hHip1NoSeTdCKNbeLFHcF6HZ9%2BcfUXGdKPRT7ZKsrGFSg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-bb2t9
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure
access-control-max-age: 604800
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 843801db4809fc6f-WAW
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Dpl-Correlation-Group-Id, X-HubSpot-Dpl-Parent-Log-Id
timing-allow-origin: *

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 147ms
101ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
x-amz-version-id: lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 11 Dec 2023 12:17:02 GMT
server: cloudflare
via: 1.1 642ac9646ca474c1d78254f0a36a8c5e.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P5
etag: W/"15c02cdee0df6c26ba3d8c62d912c66c"
age: 32306
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cf-ray: 843801dcbefc4480-TXL
x-amz-cf-id: N3bG-8UTL9HW5njvaoLdPzGdZnSIJ7gmNwxm6sSMndYDLy5C1cJQCg==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
649 B 172ms
165ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2818260241&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&t=Active+Directory+Visualization+for+Blue+Teams+and+Threat+Hunters+-&cts=1704922080710&vi=d9691443f48f55c08cc1c9762ed89d61&nc=true&u=185921974.d9691443f48f55c08cc1c9762ed89d61.1704922080708.1704922080708.1704922080708.1&b=185921974.1.1704922080708&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 488c0684-41e7-42d2-92d7-cfacc4f6bb64
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 488c0684-41e7-42d2-92d7-cfacc4f6bb64
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqbN9Z6Yk8Y2gb8lONRB42bf64aEKw72tPTrnZ6YSHyaez23r7TE0sKn5gQ3Tybp%2Fqti%2BdqV0cd7i2OemahKcQWeitS72YjOUb2BP4zz44J5tFVHb1CC8PEJxTj%2BO%2F9qPyb6%2Bd2fxMfMVVD%2B6hCm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-865d96945d-2fsvr
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 843801dc99eafc6f-WAW
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
528 B 173ms
170ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=5e57e01a-cf69-4eaa-85b5-696d7fc41105&fci=28d1e135-385b-464f-b9d1-178daef99abe&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2818260241&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&t=Active+Directory+Visualization+for+Blue+Teams+and+Threat+Hunters+-&cts=1704922080711&vi=d9691443f48f55c08cc1c9762ed89d61&nc=true&u=185921974.d9691443f48f55c08cc1c9762ed89d61.1704922080708.1704922080708.1704922080708.1&b=185921974.1.1704922080708&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fb044f7b-fce2-43f1-80ea-c9976e21ce4f
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fb044f7b-fce2-43f1-80ea-c9976e21ce4f
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dAk25MJbWdMWhEOPtdTlbQ84TsChjRiwEud716GxfKRUg8e8lCiFuUEzm%2F%2BlN7XehFd46ALorIihDAs387xIDqEkm3wMtfLvELWdYWI%2FU1rMwVKex7Pa1aLXHQ9uyud3T9l6zuMrF6Cj2e873o2J"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-865d96945d-k44zc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 843801dc99e7fc6f-WAW
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
448 B 170ms
167ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=5e57e01a-cf69-4eaa-85b5-696d7fc41105&fci=28d1e135-385b-464f-b9d1-178daef99abe&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2818260241&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&t=Active+Directory+Visualization+for+Blue+Teams+and+Threat+Hunters+-&cts=1704922080713&vi=d9691443f48f55c08cc1c9762ed89d61&nc=true&u=185921974.d9691443f48f55c08cc1c9762ed89d61.1704922080708.1704922080708.1704922080708.1&b=185921974.1.1704922080708&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 89f61f68-58ec-4986-9457-54236cd24476
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 89f61f68-58ec-4986-9457-54236cd24476
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVJZBEM8Jx2hIk2fe6yLFFOfW5caW4E3C8XbF4kXjtF4RDLl5XrhCHOTQsMrjFLRHyDzVoNalgtawjGD%2FWWmycj5XiiogSZNr2GZwSkMn4Io%2FvBEa1nvhZp1iol%2Bof1gqpwrkzrnPPcKVkN9yYPV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-865d96945d-fdp9m
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 843801dc99e8fc6f-WAW
x-robots-tag: none

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 150 B
359 B 512ms
512ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: bf6af81014ec38a03240a8b8fddd15bdc95eae62f28962693a5623c96d34650a

Request headers

visited_url: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Referer: https://www.praetorian.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer d2849480311681745459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 10 Jan 2024 21:28:01 GMT
via: 1.1 4066580ab3ec717b57597f204d9bb30e.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-amz-cf-pop: MRS52-P5
x-powered-by: Express
etag: W/"96-7m0XrLt/6Pc0AFgqZEXg3LtsjO8"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 843801e14c625902-TXL
x-amz-cf-id: hjRheB1JGp7BaICJyDaIBu_GGV4Dfe9kF1lgAGWZBh4NeT1orNjotw==
apigw-requestid: RV7LVgoaPHcEMWA=

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 619ms
580ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.praetorian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: RV7LPjvfvHcEMEg=
cf-cache-status: DYNAMIC
cf-ray: 843801ddac955902-TXL
date: Wed, 10 Jan 2024 21:28:01 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 4066580ab3ec717b57597f204d9bb30e.cloudfront.net (CloudFront)
x-amz-cf-id: PatY825M3Oee_5JWkXeGYuqC9mfwXm_KFF_1NYE65tk6loGWZ4ZEnA==
x-amz-cf-pop: MRS52-P5
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 a
www.googletagmanager.com/ 0
11 B 80ms
80ms Image
text/html 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=UA-261532489-1&v=3&t=t&pid=1120854409&cv=1&rv=4180&tc=1&es=1&e=gtm.load&eid=26&u=Ag&h=Ag&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 21:28:01 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/ Frame 0
0 275ms
206ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.praetorian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.praetorian.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 843801e4fb330028-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 10 Jan 2024 21:28:02 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 / Show response
ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/ 3 KB
2 KB 735ms
699ms Fetch
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

2b302fdf1684c87d3ba44185b186d8a1bd7465c8b2cbc5d6addd7a449b4d55ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
Referer: https://www.praetorian.com/blog/active-directory-visualization-for-blue-teams-and-threat-hunters/
_vtok: MTkzLjMyLjI0OC4yMjY=
_zitok: 78218c25497b04dab2531704922081
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/javascript

Response headers

date: Wed, 10 Jan 2024 21:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.praetorian.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 843801e67b021673-WAW

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 59ms
58ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FCP1DZPL64&gtm=45je4180v9105375649&_p=1704922078402&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1694683211.1704922080&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1704922079&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Factive-directory-visualization-for-blue-teams-and-threat-hunters%2F&dt=Active%20Directory%20Visualization%20for%20Blue%20Teams%20and%20Threat%20Hunters%20-&en=detect_user&_ee=1&ep.event_category=Hotjar&ep.event_label=ac2b2b6a&ep.non_interaction=true&_et=2&up.hjuid=ac2b2b6a&tfd=7049
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jan 2024 21:28:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.praetorian.com/	1970-01-20 17:35:23	Name: _hjFirstSeen Value: 1
.praetorian.com/	1970-01-20 17:35:23	Name: _hjIncludedInSessionSample_2851712 Value: 1
.praetorian.com/	1970-01-21 02:20:58	Name: _hjSessionUser_2851712 Value: eyJpZCI6ImFjMmIyYjZhLWFhYWUtNTc1MC1hMWU1LTBkNmQ0ZDc0NThiNiIsImNyZWF0ZWQiOjE3MDQ5MjIwNzk0ODksImV4aXN0aW5nIjp0cnVlfQ==
.praetorian.com/	1970-01-20 17:35:23	Name: _hjAbsoluteSessionInProgress Value: 0
.praetorian.com/	1970-01-20 17:35:23	Name: _hjSession_2851712 Value: eyJpZCI6ImExNmRlZDFlLWY5MzgtNDZhZC05YzkxLWIyZjUzYTg2NDc2OCIsImMiOjE3MDQ5MjIwNzk0ODksInMiOjEsInIiOjEsInNiIjowfQ==
.praetorian.com/	1970-01-20 19:44:58	Name: _gcl_au Value: 1.1.563299455.1704922080
.praetorian.com/	1970-01-21 03:11:22	Name: _ga_FCP1DZPL64 Value: GS1.1.1704922079.1.0.1704922079.0.0.0
.praetorian.com/	1970-01-21 03:11:22	Name: _ga_WG4YYDQ1NH Value: GS1.1.1704922079.1.0.1704922079.60.0.0
.praetorian.com/	1970-01-21 03:11:22	Name: _ga Value: GA1.2.1694683211.1704922080
.praetorian.com/	1970-01-20 17:36:48	Name: _gid Value: GA1.2.143414273.1704922080
.praetorian.com/	1970-01-20 17:35:22	Name: _gat_gtag_UA_261532489_1 Value: 1
.grow.clearbitjs.com/	1969-12-31 23:59:59	Name: _cfuvid Value: lbRG6QQBqqn7JEcpEGXOj.44Dh7bc9fbegGVAs6obIs-1704922079856-0-604800000
.linkedin.com/	1970-01-20 19:44:58	Name: li_sugr Value: 8f73d640-263d-4d41-a92a-2622ced35fcf
.linkedin.com/	1970-01-21 02:20:58	Name: bcookie Value: "v=2&6d3ff806-0070-47b5-8d75-e41e42ba0bf0"
.linkedin.com/	1970-01-20 17:36:48	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3132:u=1:x=1:i=1704922079:t=1705008479:v=2:sig=AQGIvtzUB8I1lNvZrXN2spuEZApp1eWX"
.hubspot.com/	1970-01-20 17:35:23	Name: __cf_bm Value: x6cA2c4FH2XQNFWx7qwEDP_MkL7s4efLX.or4Uwm7ac-1704922080-1-AZDV9gQbJwIFL7PLvTX483Xg4VB3e+kLXXc8C4DiwL+ww1rHPjLfgrLz4cpmPT54ShXjjfQYlF0mMp4P+8K3I70=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: jIlBdJaIBYorGmgr7QD3yDoxQ_lAUJxDSSTj9fjN6y4-1704922080115-0-604800000
.linkedin.com/	1970-01-20 21:54:34	Name: li_gc Value: MTswOzE3MDQ5MjIwODA7MjswMjHRQPzjwnTG5D5/Iwo9B78Q/hxvTzby6HJTepJ6xCMrRA==
.doubleclick.net/	1970-01-20 17:35:22	Name: test_cookie Value: CheckForPermission
.praetorian.com/	1970-01-20 21:54:34	Name: messagesUtk Value: c8eeae3181384b85a58d2e0723a446d9
.praetorian.com/	1970-01-20 21:54:34	Name: __hstc Value: 185921974.d9691443f48f55c08cc1c9762ed89d61.1704922080708.1704922080708.1704922080708.1
.praetorian.com/	1970-01-20 21:54:34	Name: hubspotutk Value: d9691443f48f55c08cc1c9762ed89d61
.praetorian.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.praetorian.com/	1970-01-20 17:35:23	Name: __hssc Value: 185921974.1.1704922080708
.www.praetorian.com/	1970-01-21 02:20:58	Name: _zitok Value: 78218c25497b04dab2531704922081
.zoominfo.com/	1970-01-20 17:35:23	Name: __cf_bm Value: BHwcRocW.o_mIQqU8QBP6ehC1cfonMDxz7V.1UB6H44-1704922082-1-Ack2IC0o7qNJMY2Rw977LwVpl8cs3L3/s8CGU5oT/VoXcYCt2lyFCasGRqq3fxcgOXemPgogVs2hXdJQzjNFt00=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: T4qnwct3zM7uTalN_5GnfM28aKW3Q9pwO9yzmBEbvks-1704922082980-0-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-54H7Q6G Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/tags.js Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
api.hubspot.com
app.hubspot.com
content.hotjar.io
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
googleads.g.doubleclick.net
grow.clearbitjs.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.usemessages.com
js.zi-scripts.com
ml314.com
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
tag.clearbitscripts.com
track.hubspot.com
use.typekit.net
ws.zoominfo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.praetorian.com
104.18.37.212
13.107.42.14
13.227.219.120
146.148.61.165
2001:4860:4802:34::36
216.24.57.253
2600:9000:214f:ae00:7:d7d6:3c40:93a1
2606:4700:4400::6812:22e5
2606:4700::6810:50ba
2606:4700::6810:890f
2606:4700::6810:89ce
2606:4700::6810:bb59
2606:4700::6811:5a9a
2606:4700::6811:cbcc
2606:4700::6811:e4a3
2606:4700::6811:f7a8
2606:4700::6812:a07d
2606:4700::6812:b05d
2606:4700::6812:c07d
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:803::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:813::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2002
2a00:1450:400c:c00::9a
2a02:26f0:3500:16::215:1484
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:149b
34.117.77.79
52.222.139.110
54.72.72.111
002e2233a375926192bdceada5c2ee2deee23ad3b7a8610622807a383fa3a2b9
066e40f11a1ec0ee04513db5baf482b1c35b8b1393bba95f14b131025b728f28
0807b878f24471a2d944a0e72277d54540945bca44fa884aeb8cb70468806430
08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
10ba9e82535f29c46d745f1e68891fede16b6c076376018e163f5df930400d74
15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b
1b52c6a2e51fe8d9a185649b9b7cffb2c1862ec60cf612070432c1ac4109c06e
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d6e641bcf8ec0bdc6b1498256de99141f97b065f67c6dd94e0fb26766ad53f6
1f23f74bd4bda9fc5092ba34675f43d4acf2e635010a21effeaca79d7ea5d458
1fb7c0840941cfb0c984be505c08b3adcf60131a957cce45f91726017c771fa5
202f0d4e1127ce8b1a3029ac6724c6c081d5b7936b0c81ea3f42862618fc22c6
2b302fdf1684c87d3ba44185b186d8a1bd7465c8b2cbc5d6addd7a449b4d55ba
3207a467556090b6d0107d8a636d62b8b65786050b543a71b11b95c2a46ccc59
36f9201c571c2817e4a09428538778556d10e5757840e87ac3c067577debb02b
405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8
417debb36c2433e8aac621b9b88cef9aee936879ee30051b8724b606bcc84fd9
43e05a615dd4ea775c2fc2f3bbee38dff7de25c1e60f47312aec3ab0b4780086
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5b61f5538c3fee3652999b99f2585d0183cc471f66baf66e4ad27a5988b71fd7
5e0d70fc8d72adca6ac200b5c41dd5c4de7c928eb236734944ab1674aef2b7ce
5fc7c56821ed5ac0a40aecde186c558d6b846831cbd483f434ed862fd1b955c7
641706618a9f7d7bf90403730d759d73c10094bab61504d662cba72547d4ce04
65247baf92ea959e21c30ff8e75b6870ee7e108d2c9a0104bff4ac1a845d3125
69a0d01bc23be63dc8c11d606633052b5c1a444ecb626a9a6b49669d7570ebe7
6a980933b39409d97cd947dd6dc1837de2e49e87c7d9903122adb293cc8404cf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c4bdad53042e2bd6e5a231bfcd66d19dc33f507edc2b847ff3c58aca74ff138
7103b15d265580032b852be67c2de533cf32beb69d66c3ae892563e5600e5be4
71f19df3aba2328790c3e99bc8d953e9c4f6458d5b6912a6331470e9312dbf87
737b956c0a5553c12bfb3549ec2e767c92ba66eb9ad0ba43f5cb200c1da8ac81
762c0ee16bd8eeb11cc293eed5775e14b920698d503c204b1c5597c718575da6
7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d
82862d9308e35c359b9ec6d17752e38d281d22538142dd32b25eecb3926e2c1a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
861cfdd02133f97c4474a3670d80c545076bbf187bab1c3517cd0e25ee200063
878130b86e81304bd9d8afd8a8c5bc6c2d03194a3917e5bab3ddfa9eb3a07cb3
8b851243dfb01d421b9ad1b062622a23f230c32184a70c07b6e75908bf682961
9612e8740a4bc6cc15b7c4ed79ab3085a17461a38b0288bf4d24d5c06126f9ce
97c93526e3f8fe46ecf144bbe83442d7e0d6458021d47039b7db77b32918f530
99ec625496b7f34e052ddcc9d5e3643c5bd183e946b055e850f65a0879a4836f
9a38d85808a7028e13ccacbcc5cc311429aeec1bce3b04f25604be978ce7ffe0
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
a544124f98add2e2d508d975d9f14d21c2721681010ff33006518d8a2a2123c4
a60e4a6f8b89cbd1debcd7f90a0e60099a7caa9490a3c5305b18cb094c53dd4b
a878f7a093e216cded9f69ea22a4d0c6c4bc658248677e04d4fdffef25481c12
abf6687b54ad46ec51bbd18e0b302636bddc16ee354fde012a3e308e45e58e62
adaef5107a926385b86fe49b479ed955d7b8784cc6f2e743ec04d0f4a8355e16
b084305ba75c61a6309a9dec021937b5d7674640f9017527dda68bf72312e882
b2fe03efc1e879c2c5bd27bf86f71ad3790b0d6765498480f4c8071fa7f59051
b475b2648fbcf6b9f1535198a5f52c11dc0bb9ed88bbf93d39eb1be9a391edc4
b6b436d621cc8ac3a8ec70a6df8ec12b136cde45b3abdf08d3ec05c18b8afd50
b750bbe95d0c93af7e1f68971809f76b6ad8da24ede33819de25f73499d22c5d
befb88556f8dc2582961f15d3191eaa748a9a5ec7db1dfcceb878e034f95ffcb
bf6af81014ec38a03240a8b8fddd15bdc95eae62f28962693a5623c96d34650a
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01
c080a43fe491d4727b39b4d2d2d50e34ca3dd432d673791d4b8b5cc0d119dbdf
c7868791cba5daa1f1cf7f5526d861095ebf6ab941c23edbb3908c7b9e648436
ccc6ea525a578a5fe85bfe3ae116c8a08c3520d198f07e025d871fb08eb3bac2
d6775b730ce8dd652dc5dae943de88763d14ea4bc93306b4e6054fe5fd55ac85
d9092cb4fb3eafe925fa67a4dc6b62b7c769cbcb9a1420ecaf4b5d80edeae726
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dff6274416808ec94c08c402c7955032a38fed46cec62ccd1cc6f21cf7fdc0b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4565f88528cba5ba656f0d606a288aa196ec32e5f6124e9c037cf6419ded528
e84303d826aeaf19df684387b7aafffca15ce11a914bb55c13fb08d904850a51
eb017b11346c44f8c491900723c7095f74223487be55b56751064e8cc0034654
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0822081c33dc4a9cabd9255d574f89280925c4e1f833eefb49a966243014572
f1a0d0694a41fb7dd9990aa51d8980b09d95fa89b0ddd913e30522bc88ccb442
f356132e6b9867717ed63d631f7fd44dbb95abd7f2dcbb9775fb93e69e40550f
f7085b8cb031174e44bfff6d7a12f931bf5948b9cb9d6997814dc7812464fce7
f979d02c178a46672a94b3ef9e22a27c2723c5a8df79080d17a28572ccd95cfe
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
fc7109dd6428c821842660a87bda6494e52c0f4ecad22105a1aed87e440ee0b1
fe23081bb10b4f88ebb5371f5ddeff574f12fe65f181b261a06fbd0f1f6fec6f

www.praetorian.com Open in urlscan Pro 146.148.61.165 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

106 Requests

99 %HTTPS

76 %IPv6

27 Domains

37 Subdomains

33 IPs

6 Countries

1947 kBTransfer

4990 kBSize

27 Cookies

16 Outgoing links

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.praetorian.com Open in urlscan Pro
146.148.61.165 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

99 %
HTTPS

76 %
IPv6

27
Domains

37
Subdomains

33
IPs

6
Countries

1947 kB
Transfer

4990 kB
Size

27
Cookies

106 HTTP transactions
0 data transactions